[MDEV-17946] Assertion `strcmp(arr[i].get_username(), arr[i + 1].get_username()) <= 0' failed in find_first_user upon GRANT Created: 2018-12-09  Updated: 2018-12-10  Resolved: 2018-12-10

Status: Closed
Project: MariaDB Server
Component/s: Authentication and Privilege System
Affects Version/s: 10.4
Fix Version/s: 10.4.1

Type: Bug Priority: Major
Reporter: Elena Stepanova Assignee: Vladislav Vaintroub
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
Problem/Incident
is caused by MDEV-15649 optimize search for user/db privileges Closed

 Description    

CREATE USER foo IDENTIFIED BY PASSWORD '*A0F06B296F6B07AB058365C8BFB36409F09C2E1D';
 
CREATE USER bar;
 
GRANT SELECT ON test.* TO foo;
 
RENAME USER '' TO 'name';
 
GRANT UPDATE ON test.* TO foo;

10.4 fac997feef04

 
mysqld: /data/src/10.4-travis/sql/sql_acl.cc:2397: size_t find_first_user(T*, size_t, const char*) [with T = ACL_DB; size_t = long unsigned int]: Assertion `strcmp(arr[i].get_username(), arr[i + 1].get_username()) <= 0' failed.
 
181209  4:41:34 [ERROR] mysqld got signal 6 ;
 
 
 
#7  0x00007fce4201cee2 in __assert_fail () from /lib/x86_64-linux-gnu/libc.so.6
 
#8  0x000055fd210e69a0 in find_first_user<ACL_DB> (arr=0x7fce2c13de50, len=3, user=0x7fce2c014e50 "foo") at /data/src/10.4-travis/sql/sql_acl.cc:2397
 
#9  0x000055fd210bf0c4 in acl_find_db_by_username (user=0x7fce2c014e50 "foo") at /data/src/10.4-travis/sql/sql_acl.cc:2421
 
#10 0x000055fd210c0039 in acl_update_db (user=0x7fce2c014e50 "foo", host=0x55fd21d0d9de "%", db=0x7fce2c014e48 "test", privileges=5) at /data/src/10.4-travis/sql/sql_acl.cc:2757
 
#11 0x000055fd210c51fb in replace_db_table (table=0x55fd24ed6cb0, db=0x7fce2c014e48 "test", combo=..., rights=5, revoke_grant=false) at /data/src/10.4-travis/sql/sql_acl.cc:4204
 
#12 0x000055fd210ce89b in mysql_grant (thd=0x7fce2c000b00, db=0x7fce2c014e48 "test", list=..., rights=4, revoke_grant=false, is_proxy=false) at /data/src/10.4-travis/sql/sql_acl.cc:7025
 
#13 0x000055fd21188214 in mysql_execute_command (thd=0x7fce2c000b00) at /data/src/10.4-travis/sql/sql_parse.cc:5526
 
#14 0x000055fd2118f9b0 in mysql_parse (thd=0x7fce2c000b00, rawbuf=0x7fce2c014da8 "GRANT UPDATE ON test.* TO foo", length=29, parser_state=0x7fce3c1c3600, is_com_multi=false, is_next_command=false) at /data/src/10.4-travis/sql/sql_parse.cc:8092
 
#15 0x000055fd2117cc8e in dispatch_command (command=COM_QUERY, thd=0x7fce2c000b00, packet=0x7fce2c11d1f1 "GRANT UPDATE ON test.* TO foo", packet_length=29, is_com_multi=false, is_next_command=false) at /data/src/10.4-travis/sql/sql_parse.cc:1851
 
#16 0x000055fd2117b6b2 in do_command (thd=0x7fce2c000b00) at /data/src/10.4-travis/sql/sql_parse.cc:1396
 
#17 0x000055fd212e71a0 in do_handle_one_connection (connect=0x55fd24eb3a70) at /data/src/10.4-travis/sql/sql_connect.cc:1402
 
#18 0x000055fd212e6f24 in handle_one_connection (arg=0x55fd24eb3a70) at /data/src/10.4-travis/sql/sql_connect.cc:1308
 
#19 0x000055fd2179e41a in pfs_spawn_thread (arg=0x55fd24fac4b0) at /data/src/10.4-travis/storage/perfschema/pfs.cc:1862
 
#20 0x00007fce43ad8494 in start_thread (arg=0x7fce3c1c4700) at pthread_create.c:333
 
#21 0x00007fce420d993f in clone () from /lib/x86_64-linux-gnu/libc.so.6

Not reproducible on 10.3 or 10.4.0.

For explanation why RENAME in the scenario works, see MDEV-17945.
Generated at Thu Feb 08 08:40:20 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.