List:Commits« Previous MessageNext Message »
From:Sergey Glukhov Date:June 4 2009 6:28am
Subject:bzr commit into mysql-6.0-bugteam branch (Sergey.Glukhov:3341)
Bug#44798
View as plain text  
#At file:///home/gluh/MySQL/mysql-6.0-bugteam/ based on revid:alik@stripped

 3341 Sergey Glukhov	2009-06-04 [merge]
      Bug#44798 MySQL engine crashes when creating stored procedures with execute_priv=N(for 6.0 only)
      The crash happens because of uninitialized
      lex->ssl_cipher, lex->x509_subject, lex->x509_issuer variables.
      The fix is to move initialization code for grant related variables
      into lex_start() and get rid of the 'clear_privileges' rule in sql_yacc.yy.
     @ mysql-test/r/sp_notembedded.result
        test result
     @ mysql-test/t/sp_notembedded.test
        test case
     @ sql/sql_acl.cc
        removed initialization code for grant related variables
     @ sql/sql_lex.cc
        added initialization code for grant related variables
     @ sql/sql_yacc.yy
        removed 'clear_privileges' rule

    modified:
      mysql-test/r/sp_notembedded.result
      mysql-test/t/sp_notembedded.test
      sql/sql_acl.cc
      sql/sql_lex.cc
      sql/sql_yacc.yy
=== modified file 'mysql-test/r/sp_notembedded.result'
--- a/mysql-test/r/sp_notembedded.result	2008-12-10 21:53:59 +0000
+++ b/mysql-test/r/sp_notembedded.result	2009-06-04 06:27:44 +0000
@@ -235,4 +235,19 @@ rl_acquirer	old
 drop procedure p1;
 drop table t1;
 set session low_priority_updates=default;
+INSERT INTO mysql.user (Host, User, Password, Select_priv, Insert_priv, Update_priv,
+Delete_priv, Create_priv, Drop_priv, Reload_priv, Shutdown_priv, Process_priv, File_priv,
+Grant_priv, References_priv, Index_priv, Alter_priv, Show_db_priv, Super_priv,
+Create_tmp_table_priv, Lock_tables_priv, Execute_priv, Repl_slave_priv, Repl_client_priv,
+Create_view_priv, Show_view_priv, Create_routine_priv, Alter_routine_priv,
+Create_user_priv, ssl_type, ssl_cipher, x509_issuer, x509_subject, max_questions,
+max_updates, max_connections, max_user_connections) 
+VALUES('%', 'mysqltest_1', password(''), 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'N', 'N', 'N',
+'N', 'N', 'N', 'Y', 'Y', 'N', 'N', 'Y', 'Y', 'N', 'N', 'N', 'N', 'N', 'Y', 'Y', 'N', '',
+'', '', '', '0', '0', '0', '0');
+FLUSH PRIVILEGES;
+CREATE PROCEDURE p1(i INT) BEGIN END;
+DROP PROCEDURE p1;
+DELETE FROM mysql.user WHERE User='mysqltest_1';
+FLUSH PRIVILEGES;
 set @@global.concurrent_insert= @old_concurrent_insert;

=== modified file 'mysql-test/t/sp_notembedded.test'
--- a/mysql-test/t/sp_notembedded.test	2009-03-06 20:33:52 +0000
+++ b/mysql-test/t/sp_notembedded.test	2009-06-04 06:27:44 +0000
@@ -346,6 +346,31 @@ drop table t1;
 set session low_priority_updates=default;
 
 #
+# Bug#44798 MySQL engine crashes when creating stored procedures with execute_priv=N
+#
+INSERT INTO mysql.user (Host, User, Password, Select_priv, Insert_priv, Update_priv,
+Delete_priv, Create_priv, Drop_priv, Reload_priv, Shutdown_priv, Process_priv, File_priv,
+Grant_priv, References_priv, Index_priv, Alter_priv, Show_db_priv, Super_priv,
+Create_tmp_table_priv, Lock_tables_priv, Execute_priv, Repl_slave_priv, Repl_client_priv,
+Create_view_priv, Show_view_priv, Create_routine_priv, Alter_routine_priv,
+Create_user_priv, ssl_type, ssl_cipher, x509_issuer, x509_subject, max_questions,
+max_updates, max_connections, max_user_connections) 
+VALUES('%', 'mysqltest_1', password(''), 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'N', 'N', 'N',
+'N', 'N', 'N', 'Y', 'Y', 'N', 'N', 'Y', 'Y', 'N', 'N', 'N', 'N', 'N', 'Y', 'Y', 'N', '',
+'', '', '', '0', '0', '0', '0');
+FLUSH PRIVILEGES;
+
+connect (con1, localhost, mysqltest_1,,);
+connection con1;
+CREATE PROCEDURE p1(i INT) BEGIN END;
+disconnect con1;
+connection default;
+DROP PROCEDURE p1;
+
+DELETE FROM mysql.user WHERE User='mysqltest_1';
+FLUSH PRIVILEGES;
+
+#
 # Restore global concurrent_insert value. Keep in the end of the test file.
 #
 

=== modified file 'sql/sql_acl.cc'
--- a/sql/sql_acl.cc	2009-05-31 12:05:01 +0000
+++ b/sql/sql_acl.cc	2009-06-04 06:27:44 +0000
@@ -6385,9 +6385,6 @@ bool sp_grant_privileges(THD *thd, const
   if (user_list.push_back(combo))
     DBUG_RETURN(TRUE);
 
-  thd->lex->ssl_type= SSL_TYPE_NOT_SPECIFIED;
-  bzero((char*) &thd->lex->mqh, sizeof(thd->lex->mqh));
-
   /*
     Only care about whether the operation failed or succeeded
     as all errors will be handled later.

=== modified file 'sql/sql_lex.cc'
--- a/sql/sql_lex.cc	2009-05-29 08:09:00 +0000
+++ b/sql/sql_lex.cc	2009-06-04 06:27:44 +0000
@@ -377,6 +377,15 @@ void lex_start(THD *thd)
   lex->server_options.owner= 0;
   lex->server_options.port= -1;
 
+  lex->users_list.empty();
+  lex->columns.empty();
+  lex->grant= lex->grant_tot_col= 0;
+  lex->all_privileges= 0;
+  lex->select_lex.db= 0;
+  lex->ssl_type= SSL_TYPE_NOT_SPECIFIED;
+  lex->ssl_cipher= lex->x509_subject= lex->x509_issuer= 0;
+  bzero((char *)&(lex->mqh),sizeof(lex->mqh));
+
   lex->is_lex_started= TRUE;
   DBUG_VOID_RETURN;
 }

=== modified file 'sql/sql_yacc.yy'
--- a/sql/sql_yacc.yy	2009-06-01 12:46:36 +0000
+++ b/sql/sql_yacc.yy	2009-06-04 06:27:44 +0000
@@ -1414,7 +1414,7 @@ bool my_yyoverflow(short **a, YYSTYPE **
         opt_attribute opt_attribute_list attribute column_list column_list_id
         opt_column_list grant_privileges grant_ident grant_list grant_option
         object_privilege object_privilege_list user_list rename_list
-        clear_privileges flush_options flush_option
+        flush_options flush_option
         equal optional_braces
         opt_mi_check_type opt_to mi_check_types normal_join
         table_to_table_list table_to_table opt_table_list opt_as
@@ -1952,7 +1952,7 @@ create:
           }
           view_or_trigger_or_sp_or_event
           {}
-        | CREATE USER clear_privileges grant_list
+        | CREATE USER grant_list
           {
             Lex->sql_command = SQLCOM_CREATE_USER;
           }
@@ -2207,21 +2207,6 @@ ev_sql_stmt_inner:
         | sp_proc_stmt_close
         ;
 
-clear_privileges:
-          /* Nothing */
-          {
-           LEX *lex=Lex;
-           lex->users_list.empty();
-           lex->columns.empty();
-           lex->grant= lex->grant_tot_col= 0;
-           lex->all_privileges= 0;
-           lex->select_lex.db= 0;
-           lex->ssl_type= SSL_TYPE_NOT_SPECIFIED;
-           lex->ssl_cipher= lex->x509_subject= lex->x509_issuer= 0;
-           bzero((char *)&(lex->mqh),sizeof(lex->mqh));
-         }
-        ;
-
 sp_name:
           ident '.' ident
           {
@@ -6933,7 +6918,7 @@ rename:
           }
           table_to_table_list
           {}
-        | RENAME USER clear_privileges rename_list
+        | RENAME USER rename_list
           {
             Lex->sql_command = SQLCOM_RENAME_USER;
           }
@@ -10139,7 +10124,7 @@ drop:
             lex->drop_if_exists= $3;
             lex->spname= $4;
           }
-        | DROP USER clear_privileges user_list
+        | DROP USER user_list
           {
             Lex->sql_command = SQLCOM_DROP_USER;
           }
@@ -13208,7 +13193,7 @@ handler_rkey_mode:
 /* GRANT / REVOKE */
 
 revoke:
-          REVOKE clear_privileges revoke_command
+          REVOKE revoke_command
           {}
         ;
 
@@ -13248,7 +13233,7 @@ revoke_command:
         ;
 
 grant:
-          GRANT clear_privileges grant_command
+          GRANT grant_command
           {}
         ;
 


Attachment: [text/bzr-bundle] bzr/sergey.glukhov@sun.com-20090604062744-m6bfj8f0o3vqyfze.bundle
Thread
bzr commit into mysql-6.0-bugteam branch (Sergey.Glukhov:3341)Bug#44798Sergey Glukhov4 Jun