Bug #15598 Server crashes in specific case during setting new password
Submitted: 8 Dec 2005 18:37 Modified: 18 Jan 2006 18:46
Reporter: Alexey Stroganov Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S1 (Critical)
Version:5.0.16/BK source OS:Any (Any)
Assigned to: Magnus Blåudd CPU Architecture:Any

[8 Dec 2005 18:37] Alexey Stroganov
Description:
Server crashes in specific case during setting new password:

Passing two following statements lead to server crash:

create user systuser@;
set password for systuser@ = password('systpass');

Backtrace:

Version: '5.0.16-pro-gpl'  socket: '/tmp/mysql.sock'  port: 3306  MySQL Pro (GPL)
[New Thread 163851 (LWP 14508)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 163851 (LWP 14508)]
0x0836f314 in my_strcasecmp_8bit ()
(gdb) bt
#0  0x0836f314 in my_strcasecmp_8bit ()
#1  0x081d24f9 in fill_effective_table_privileges ()
#2  0x081caef0 in change_password ()
#3  0x0815ef87 in set_var_password::update ()
#4  0x0815eb0e in sql_set_variables ()
#5  0x08165821 in mysql_execute_command ()
#6  0x0816ae7a in mysql_parse ()
#7  0x08162aa2 in dispatch_command ()
#8  0x081625cd in do_command ()
#9  0x08161aad in handle_one_connection ()
#10 0x4004ff1b in pthread_start_thread () from /lib/libpthread.so.0
#11 0x4004ff9f in pthread_start_thread_event () from /lib/libpthread.so.0
#12 0x401c5c0a in clone () from /lib/libc.so.6

How to repeat:
mysql -uroot

create user systuser@;
set password for systuser@ = password('systpass');
[8 Dec 2005 19:57] MySQL Verification Team
051208 17:57:46 [Note] /home/miguel/dbs/5.0/libexec/mysqld: ready for connections.
Version: '5.0.17-debug'  socket: '/tmp/mysql.sock'  port: 3306  Source distribution
[New Thread 1131862960 (LWP 11697)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1131862960 (LWP 11697)]
0x085bde08 in my_strcasecmp_8bit (cs=0x87d5ca0, s=0x8e750d0 "", t=0x0) at ctype-simple.c:231
231       while (map[(uchar) *s] == map[(uchar) *t++])
Current language:  auto; currently c
[4 Jan 2006 16:02] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/620
[9 Jan 2006 9:31] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/784
[9 Jan 2006 16:12] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/810
[10 Jan 2006 9:00] Magnus Blåudd
Pushed to 4.1.17, 5.0.19 and 5.1.6
[18 Jan 2006 18:46] Mike Hillyer
Added to 4.1.17, 5.0.19, 5.1.6 changelogs:

  <listitem>
        <para>
          Certain permission management statements could create a
          <literal>NULL</literal> hostname for a user, resulting in a
          server crash. (Bug #15598)
        </para>
      </listitem>
[19 Jan 2006 15:30] MySQL Verification Team
Bug: http://bugs.mysql.com/bug.php?id=16629 marked as duplicate of this.