Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
13.1
-
Not for Release Notes
Description
CREATE DATABASE d1; |
CREATE TABLE d1.t1 (a INT, b INT); |
CREATE USER fuzzu@localhost; |
|
|
DENY SELECT ON d1.* TO fuzzu@localhost; |
DENY INSERT ON d1.* TO fuzzu@localhost; |
DENY SELECT (b) ON d1.t1 TO fuzzu@localhost; |
REVOKE DENY INSERT ON d1.* FROM fuzzu@localhost; |
REVOKE DENY SELECT ON d1.* FROM fuzzu@localhost; |
|
|
# Cleanup
|
DROP USER fuzzu@localhost; |
DROP DATABASE d1; |
Leads to
|
MDEV-14443 CS 13.1.0 8bd0360b2167588c001350903bbe344c6c0f1c5a (Optimized, UBASAN, Clang 18.1.3-11) Build 17/06/2026 |
Core was generated by `/test/mtest/MDEV-14443/UBASAN_MD170626-mariadb-13.1.0-linux-x86_64-opt/bin/mari'.
|
Program terminated with signal SIGABRT, Aborted.
|
#0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:44
|
|
|
[Current thread is 1 (LWP 2513789)]
|
(gdb) bt
|
#0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:44
|
#1 __pthread_kill_internal (signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:78
|
#2 __GI___pthread_kill (threadid=<optimized out>, signo=6)at ./nptl/pthread_kill.c:89
|
#3 0x00005ec4d5ba6203 in handle_fatal_signal (sig=<optimized out>)at /test/mtest/MDEV-14443/MDEV-14443_opt_san/sql/signal_handler.cc:298
|
#4 <signal handler called>
|
#5 __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:44
|
#6 __pthread_kill_internal (signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:78
|
#7 __GI___pthread_kill (threadid=<optimized out>, signo=signo@entry=6)at ./nptl/pthread_kill.c:89
|
#8 0x000074db3d04527e in __GI_raise (sig=sig@entry=6)at ../sysdeps/posix/raise.c:26
|
#9 0x000074db3d0288ff in __GI_abort () at ./stdlib/abort.c:79
|
#10 0x00005ec4d5261e8b in __sanitizer::Abort() ()
|
#11 0x00005ec4d525ff95 in __sanitizer::Die() ()
|
#12 0x00005ec4d52406bf in __asan::ScopedInErrorReport::~ScopedInErrorReport()()
|
#13 0x00005ec4d5243745 in __asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool) ()
|
#14 0x00005ec4d524486f in __asan_report_store8 ()
|
#15 0x00005ec4d5e98f1c in access_t::set_deny (this=<optimized out>, deny=<optimized out>, deny_subtree=<optimized out>)at /test/mtest/MDEV-14443/MDEV-14443_opt_san/sql/privilege.h:707
|
#16 clear_all_denies (combo=<optimized out>)at /test/mtest/MDEV-14443/MDEV-14443_opt_san/sql/sql_acl.cc:6870
|
#17 update_denies_in_user_table (user_table=<optimized out>, combo=<optimized out>, rights=SELECT_ACL, revoke_grant=<optimized out>, type=PRIV_TYPE_DB, db=<optimized out>, table_or_routine=<optimized out>, column=<optimized out>, out_denies=<optimized out>)at /test/mtest/MDEV-14443/MDEV-14443_opt_san/sql/sql_acl.cc:5978
|
#18 0x00005ec4d5e993d2 in replace_db_table (user_table=<optimized out>, table=<optimized out>, db=<optimized out>, combo=@0x52d0001685d0: {<AUTHID> = {user = {str = 0x52d0001685a0 "fuzzu", length = 5}, host = {str = 0x52d000168608 "localhost", length = 9}}, auth = 0x0}, rights=<optimized out>, revoke_grant=true, is_deny=<optimized out>)at /test/mtest/MDEV-14443/MDEV-14443_opt_san/sql/sql_acl.cc:6029
|
#19 0x00005ec4d5ea149e in mysql_grant (thd=<optimized out>, db={str = 0x52d000168560 "d1", length = 0}, list=<optimized out>, rights=<optimized out>, revoke_grant=<optimized out>, is_proxy=<optimized out>, is_deny=<optimized out>)at /test/mtest/MDEV-14443/MDEV-14443_opt_san/sql/sql_acl.cc:9475
|
#20 0x00005ec4d5ea45fa in Sql_cmd_grant_table::execute_table_mask (this=0x52d000168638, thd=0x52c0001c0220)at /test/mtest/MDEV-14443/MDEV-14443_opt_san/sql/sql_acl.cc:14405
|
#21 0x00005ec4d63d28bc in mysql_execute_command (thd=0x52c0001c0220, is_called_from_prepared_stmt=<optimized out>)at /test/mtest/MDEV-14443/MDEV-14443_opt_san/sql/sql_parse.cc:5905
|
#22 0x00005ec4d63b3c13 in mysql_parse (thd=0x52c0001c0220, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>)at /test/mtest/MDEV-14443/MDEV-14443_opt_san/sql/sql_parse.cc:7959
|
#23 0x00005ec4d63a9ee4 in dispatch_command (command=<optimized out>, thd=0x52c0001c0220, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>)at /test/mtest/MDEV-14443/MDEV-14443_opt_san/sql/sql_parse.cc:1903
|
#24 0x00005ec4d63b544d in do_command (thd=thd@entry=0x52c0001c0220, blocking=<optimized out>)at /test/mtest/MDEV-14443/MDEV-14443_opt_san/sql/sql_parse.cc:1437
|
#25 0x00005ec4d6b0361d in do_handle_one_connection (connect=<optimized out>, connect@entry=0x50b0000034a0, put_in_cache=true)at /test/mtest/MDEV-14443/MDEV-14443_opt_san/sql/sql_connect.cc:1503
|
#26 0x00005ec4d6b02d63 in handle_one_connection (arg=arg@entry=0x50b0000034a0)at /test/mtest/MDEV-14443/MDEV-14443_opt_san/sql/sql_connect.cc:1415
|
#27 0x00005ec4d73f8969 in pfs_spawn_thread (arg=0x517000007ea0)at /test/mtest/MDEV-14443/MDEV-14443_opt_san/storage/perfschema/pfs.cc:2198
|
#28 0x00005ec4d523935d in asan_thread_start(void*) ()
|
#29 0x000074db3d09caa4 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
|
#30 0x000074db3d129c6c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
MDEV-14443 CS 13.1.0 8bd0360b2167588c001350903bbe344c6c0f1c5a (Debug, Clang 18.1.3-11) Build 17/06/2026 |
Core was generated by `/test/mtest/MDEV-14443/MD170626-mariadb-13.1.0-linux-x86_64-dbg/bin/mariadbd --'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 0x00005b42ecd6834c in my_scan_weight_utf8mb3_general1400_as_ci (weight=0x70a9f655ef44, str=0x8f8f8f8f8f8f8f8f <error: Cannot access memory at address 0x8f8f8f8f8f8f8f8f>, end=0x8f8f8f901f1f1f1e <error: Cannot access memory at address 0x8f8f8f901f1f1f1e>) at /test/mtest/MDEV-14443/MDEV-14443_dbg/strings/strcoll.inl:149
|
|
|
[Current thread is 1 (LWP 2504229)]
|
(gdb) bt
|
#0 0x00005b42ecd6834c in my_scan_weight_utf8mb3_general1400_as_ci (weight=0x70a9f655ef44, str=0x8f8f8f8f8f8f8f8f <error: Cannot access memory at address 0x8f8f8f8f8f8f8f8f>, end=0x8f8f8f901f1f1f1e <error: Cannot access memory at address 0x8f8f8f901f1f1f1e>) at /test/mtest/MDEV-14443/MDEV-14443_dbg/strings/strcoll.inl:149
|
#1 0x00005b42ecd67b1e in my_strnncoll_utf8mb3_general1400_as_ci (cs=0x5b42edce04b0 <my_charset_utf8mb3_general1400_as_ci>, a=0x8f8f8f8f8f8f8f8f <error: Cannot access memory at address 0x8f8f8f8f8f8f8f8f>, a_length=2408550287, b=0x70a9f655f9f2 "b", b_length=1, b_is_prefix=0x0)at /test/mtest/MDEV-14443/MDEV-14443_dbg/strings/strcoll.inl:242
|
#2 0x00005b42eccb54c6 in hashcmp (hash=0x70a9c4008680, pos=0x70a9c41eabd0, key=0x70a9f655f9f2 "b", length=1)at /test/mtest/MDEV-14443/MDEV-14443_dbg/mysys/hash.c:381
|
#3 0x00005b42eccb5353 in my_hash_first_from_hash_value (hash=0x70a9c4008680, hash_value=149835, key=0x70a9f655f9f2 "b", length=1, current_record=0x70a9f655f094)at /test/mtest/MDEV-14443/MDEV-14443_dbg/mysys/hash.c:291
|
#4 0x00005b42eccb5268 in my_hash_first (hash=0x70a9c4008680, key=0x70a9f655f9f2 "b", length=1, current_record=0x70a9f655f094)at /test/mtest/MDEV-14443/MDEV-14443_dbg/mysys/hash.c:263
|
#5 0x00005b42eccb5149 in my_hash_search (hash=0x70a9c4008680, key=0x70a9f655f9f2 "b", length=1)at /test/mtest/MDEV-14443/MDEV-14443_dbg/mysys/hash.c:236
|
#6 0x00005b42ebdc821e in column_hash_search (t=0x70a9c40085f0, cname=@0x70a9f655f1a8: {str = 0x70a9f655f9f2 "b", length = 1})at /test/mtest/MDEV-14443/MDEV-14443_dbg/sql/sql_acl.cc:6785
|
#7 0x00005b42ebde7e5e in apply_deny_column (combo=@0x70a9c40170e0: {<AUTHID> = {user = {str = 0x70a9c40170c0 "fuzzu", length = 5}, host = {str = 0x70a9c4017110 "localhost", length = 9}}, auth = 0x0}, access=@0x70a9f655f2c8: {m_allow_bits = NO_ACL, m_deny_bits = SELECT_ACL, m_deny_subtree = NO_ACL}, db=0x70a9f655f870 "d1", table=0x70a9f655f931 "t1", column=0x70a9f655f9f2 "b")at /test/mtest/MDEV-14443/MDEV-14443_dbg/sql/sql_acl.cc:7030
|
#8 0x00005b42ebde77e3 in apply_deny_to_caches (user=@0x70a9c40170e0: {<AUTHID> = {user = {str = 0x70a9c40170c0 "fuzzu", length = 5}, host = {str = 0x70a9c4017110 "localhost", length = 9}}, auth = 0x0}, acc=@0x70a9f655f2c8: {m_allow_bits = NO_ACL, m_deny_bits = SELECT_ACL, m_deny_subtree = NO_ACL}, type=PRIV_TYPE_COLUMN, db=0x70a9f655f870 "d1", table=0x70a9f655f931 "t1", column=0x70a9f655f9f2 "b")at /test/mtest/MDEV-14443/MDEV-14443_dbg/sql/sql_acl.cc:7163
|
#9 0x00005b42ebde75da in apply_all_denies_to_caches (user_table=@0x70a9f6561f40: {<Grant_table_base> = {_vptr$Grant_table_base = 0x5b42ed91e000 <vtable for User_table_json+16>, min_columns = 3, start_priv_columns = 0, end_priv_columns = 3, pk_parts = 2, m_table = 0x5b432ddf4230}, <No data fields>}, combo=@0x70a9c40170e0: {<AUTHID> = {user = {str = 0x70a9c40170c0 "fuzzu", length = 5}, host = {str = 0x70a9c4017110 "localhost", length = 9}}, auth = 0x0})at /test/mtest/MDEV-14443/MDEV-14443_dbg/sql/sql_acl.cc:6911
|
#10 0x00005b42ebdd72f7 in update_denies_in_user_table (user_table=@0x70a9f6561f40: {<Grant_table_base> = {_vptr$Grant_table_base = 0x5b42ed91e000 <vtable for User_table_json+16>, min_columns = 3, start_priv_columns = 0, end_priv_columns = 3, pk_parts = 2, m_table = 0x5b432ddf4230}, <No data fields>}, combo=@0x70a9c40170e0: {<AUTHID> = {user = {str = 0x70a9c40170c0 "fuzzu", length = 5}, host = {str = 0x70a9c4017110 "localhost", length = 9}}, auth = 0x0}, rights=SELECT_ACL, revoke_grant=true, type=PRIV_TYPE_DB, db=0x70a9c4017090 "d1", table_or_routine=0x0, column=0x0, out_denies=@0x70a9f6561140: NO_ACL)at /test/mtest/MDEV-14443/MDEV-14443_dbg/sql/sql_acl.cc:5980
|
#11 0x00005b42ebdd7592 in replace_db_table (user_table=@0x70a9f6561f40: {<Grant_table_base> = {_vptr$Grant_table_base = 0x5b42ed91e000 <vtable for User_table_json+16>, min_columns = 3, start_priv_columns = 0, end_priv_columns = 3, pk_parts = 2, m_table = 0x5b432ddf4230}, <No data fields>}, table=0x5b432dd61d60, db=0x70a9c4017090 "d1", combo=@0x70a9c40170e0: {<AUTHID> = {user = {str = 0x70a9c40170c0 "fuzzu", length = 5}, host = {str = 0x70a9c4017110 "localhost", length = 9}}, auth = 0x0}, rights=SELECT_ACL, revoke_grant=true, is_deny=true)at /test/mtest/MDEV-14443/MDEV-14443_dbg/sql/sql_acl.cc:6029
|
#12 0x00005b42ebdd9aef in mysql_grant (thd=0x70a9c4000d60, db={str = 0x70a9c4017090 "d1", length = 2}, list=@0x70a9c4006268: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x70a9c4017120, last = 0x70a9c4017120, elements = 1}, <No data fields>}, rights=SELECT_ACL, revoke_grant=true, is_proxy=false, is_deny=true)at /test/mtest/MDEV-14443/MDEV-14443_dbg/sql/sql_acl.cc:9475
|
#13 0x00005b42ebdda628 in Sql_cmd_grant_table::execute_table_mask (this=0x70a9c4017130, thd=0x70a9c4000d60)at /test/mtest/MDEV-14443/MDEV-14443_dbg/sql/sql_acl.cc:14405
|
#14 0x00005b42ebdda701 in Sql_cmd_grant_table::execute (this=0x70a9c4017130, thd=0x70a9c4000d60)at /test/mtest/MDEV-14443/MDEV-14443_dbg/sql/sql_acl.cc:14422
|
#15 0x00005b42ebee3d07 in mysql_execute_command (thd=0x70a9c4000d60, is_called_from_prepared_stmt=false)at /test/mtest/MDEV-14443/MDEV-14443_dbg/sql/sql_parse.cc:5905
|
#16 0x00005b42ebed2e64 in mysql_parse (thd=0x70a9c4000d60, rawbuf=0x70a9c4016f90 "REVOKE DENY SELECT ON d1.* FROM fuzzu@localhost", length=47, parser_state=0x70a9f6563a80)at /test/mtest/MDEV-14443/MDEV-14443_dbg/sql/sql_parse.cc:7959
|
#17 0x00005b42ebed018d in dispatch_command (command=COM_QUERY, thd=0x70a9c4000d60, packet=0x70a9c41cb721 "REVOKE DENY SELECT ON d1.* FROM fuzzu@localhost", packet_length=47, blocking=true)at /test/mtest/MDEV-14443/MDEV-14443_dbg/sql/sql_parse.cc:1903
|
#18 0x00005b42ebed3a13 in do_command (thd=0x70a9c4000d60, blocking=true)at /test/mtest/MDEV-14443/MDEV-14443_dbg/sql/sql_parse.cc:1437
|
#19 0x00005b42ec0d25f9 in do_handle_one_connection (connect=0x5b432de51c40, put_in_cache=true)at /test/mtest/MDEV-14443/MDEV-14443_dbg/sql/sql_connect.cc:1503
|
#20 0x00005b42ec0d239e in handle_one_connection (arg=0x5b432dddb5b0)at /test/mtest/MDEV-14443/MDEV-14443_dbg/sql/sql_connect.cc:1415
|
#21 0x000070a9f7a9caa4 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
|
#22 0x000070a9f7b29c6c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
Attachments
Issue Links
- is caused by
-
MDEV-14443 DENY clause for access control a.k.a. "negative grants"
-
- In Testing
-
