[MDEV-23009] SIGSEGV in get_field from acl_load (on optimized builds) Created: 2020-06-25  Updated: 2020-07-31  Resolved: 2020-07-31

Status: Closed
Project: MariaDB Server
Component/s: Authentication and Privilege System
Affects Version/s: 10.5.4, 10.4.14
Fix Version/s: 10.4.14, 10.5.5

Type: Bug Priority: Blocker
Reporter: Roel Van de Paar Assignee: Sergei Golubchik
Resolution: Fixed Votes: 0
Labels: not-10.1, not-10.2, not-10.3, regression


 Description   

10.5.4 4080e3acefd7e58d88c2f3539fb6a0fb359cf057

 
Core was generated by `/test/MD150620-mariadb-10.5.4-linux-x86_64-opt/bin/mysqld --no-defaults --core-'.
 
Program terminated with signal SIGSEGV, Segmentation fault.
 
#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
 
    at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
 
[Current thread is 1 (Thread 0x1545de40d700 (LWP 352005))]
 
(gdb) bt
 
#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
 
#1  0x000055baff4e50b7 in my_write_core (sig=sig@entry=11) at /test/10.5_opt/mysys/stacktrace.c:518
 
#2  0x000055bafeeaee4a in handle_fatal_signal (sig=11) at /test/10.5_opt/sql/signal_handler.cc:330
 
#3  <signal handler called>
 
#4  get_field (mem=mem@entry=0x55bb000544a0 <acl_memroot>, field=0x0, res=res@entry=0x1545de40b830) at /test/10.5_opt/sql/table.cc:4727
 
#5  0x000055bafed7486c in get_field (mem=mem@entry=0x55bb000544a0 <acl_memroot>, field=<optimized out>) at /test/10.5_opt/sql/table.cc:4758
 
#6  0x000055bafec35ffa in acl_load (tables=@0x1545de40bb50: {p_user_table = 0x1545de40bb58, m_user_table_json = {<User_table> = {<Grant_table_base> = {start_priv_columns = 0, end_priv_columns = 3, m_table = 0x1545c0b69418}, _vptr.User_table = 0x55baffe6c680 <vtable for User_table_json+16>}, static JSON_SIZE = 1024}, m_user_table_tabular = {<User_table> = {<Grant_table_base> = {start_priv_columns = 0, end_priv_columns = 0, m_table = 0x0}, _vptr.User_table = 0x55baffe6c540 <vtable for User_table_tabular+16>}, <No data fields>}, m_db_table = {<Grant_table_base> = {start_priv_columns = 3, end_priv_columns = 23, m_table = 0x1545c0b66a18}, <No data fields>}, m_tables_priv_table = {<Grant_table_base> = {start_priv_columns = 0, end_priv_columns = 0, m_table = 0x0}, <No data fields>}, m_columns_priv_table = {<Grant_table_base> = {start_priv_columns = 0, end_priv_columns = 0, m_table = 0x0}, <No data fields>}, m_host_table = {<Grant_table_base> = {start_priv_columns = 0, end_priv_columns = 1, m_table = 0x1545b9c7ce18}, <No data fields>}, m_procs_priv_table = {<Grant_table_base> = {start_priv_columns = 0, end_priv_columns = 0, m_table = 0x0}, <No data fields>}, m_proxies_priv_table = {<Grant_table_base> = {start_priv_columns = 0, end_priv_columns = 7, m_table = 0x1545c0b67818}, <No data fields>}, m_roles_mapping_table = {<Grant_table_base> = {start_priv_columns = 3, end_priv_columns = 4, m_table = 0x1545c0b68618}, <No data fields>}}, thd=0x1545b9c12018) at /test/10.5_opt/sql/sql_acl.cc:2454
 
#7  acl_reload (thd=thd@entry=0x1545b9c12018) at /test/10.5_opt/sql/sql_acl.cc:2819
 
#8  0x000055bafedc3eb2 in reload_acl_and_cache (thd=<optimized out>, thd@entry=0x1545b9c12018, options=1, tables=tables@entry=0x0, write_to_binlog=write_to_binlog@entry=0x1545de40c060) at /test/10.5_opt/sql/sql_reload.cc:86
 
#9  0x000055bafecb6ba4 in mysql_execute_command (thd=thd@entry=0x1545b9c12018) at /test/10.5_opt/sql/sql_parse.cc:5423
 
#10 0x000055bafecbe85c in mysql_parse (thd=0x1545b9c12018, rawbuf=<optimized out>, length=16, parser_state=0x1545de40c430, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /test/10.5_opt/sql/sql_parse.cc:7993
 
#11 0x000055bafecb3b65 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x1545b9c12018, packet=packet@entry=0x1545b9c3a019 "FLUSH PRIVILEGES", packet_length=packet_length@entry=16, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_opt/sql/sql_parse.cc:1874
 
#12 0x000055bafecb1f74 in do_command (thd=0x1545b9c12018) at /test/10.5_opt/sql/sql_parse.cc:1355
 
#13 0x000055bafeda7b51 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x1545db033958, put_in_cache=put_in_cache@entry=true) at /test/10.5_opt/sql/sql_connect.cc:1411
 
#14 0x000055bafeda7eb4 in handle_one_connection (arg=arg@entry=0x1545db033958) at /test/10.5_opt/sql/sql_connect.cc:1313
 
#15 0x000055baff116bca in pfs_spawn_thread (arg=0x1545db04f218) at /test/10.5_opt/storage/perfschema/pfs.cc:2201
 
#16 0x00001545dd3866db in start_thread (arg=0x1545de40d700) at pthread_create.c:463
 
#17 0x00001545dc78488f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.4.14 (dbg), 10.4.14 (opt), 10.5.4 (dbg), 10.5.4 (opt)

Bug confirmed not present in:
MariaDB: 10.1.46 (dbg), 10.1.46 (opt), 10.2.33 (dbg), 10.2.33 (opt), 10.3.24 (dbg), 10.3.24 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.47 (dbg), 5.6.47 (opt), 5.7.29 (dbg), 5.7.29 (opt), 8.0.19 (dbg), 8.0.19 (opt)
Generated at Thu Feb 08 09:19:09 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.