Bug #9996 Crash in VIEW's due to privilege problems
Submitted: 19 Apr 2005 11:44 Modified: 31 May 2005 11:18
Reporter: SINISA MILIVOJEVIC Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S1 (Critical)
Version:5.0.4 OS:Any (any)
Assigned to: Oleksandr Byelkin CPU Architecture:Any

[19 Apr 2005 11:44] SINISA MILIVOJEVIC 
Description:
A crash happens in the preparation of derived table for the VIEW.

It crashes in privilege cache-ing.

Here is a backtrace:

1647          tbl->table->grant= grant;
(gdb) p tbl
$1 = (TABLE_LIST *) 0x868f308
(gdb) p tbl->table
$2 = (TABLE *) 0x0
(gdb) bt full
#0  0x081b9def in st_table_list::set_ancestor() (this=0x868e0b0) at table.cc:1647
        tbl = (TABLE_LIST *) 0x868f308
#1  0x0828b82b in mysql_derived_prepare(THD*, st_lex*, st_table_list*) (thd=0x8692e90, lex=0x8692ed0, 
    orig_table_list=0x868e0b0) at sql_derived.cc:200
        unit = (SELECT_LEX_UNIT *) 0x0
        res = 0
        _db_func_ = 0xbefff0fc "\220.i\bÐ.i\b°àh\b°àh\b´0i\b"
        _db_file_ = 0xbefff100 "Ð.i\b°àh\b°àh\b´0i\b"
        _db_level_ = 3204444420
        _db_framep_ = (char **) 0xbefff100
#2  0x0828b448 in mysql_handle_derived(st_lex*, int (*)(THD*, st_lex*, st_table_list*)) (lex=0x8692ed0, 
    processor=0x828b4b6 <mysql_derived_prepare(THD*, st_lex*, st_table_list*)>) at sql_derived.cc:58
        cursor = (TABLE_LIST *) 0x868e0b0
        sl = (SELECT_LEX *) 0x86930b4
        res = 0
#3  0x081b0c1c in open_and_lock_tables(THD*, st_table_list*) (thd=0x8692e90, tables=0x868e0b0) at sql_base.cc:2081
        counter = 3
        _db_func_ = 0x0
        _db_file_ = 0x0
        _db_level_ = 141090992
        _db_framep_ = (char **) 0x0
#4  0x08188537 in mysql_execute_command(THD*) (thd=0x8692e90) at sql_parse.cc:2364
        result = (class select_result *) 0x0
        res = false
        result = 0
        lex = (LEX *) 0x8692ed0
        select_lex = (SELECT_LEX *) 0x86930b4
        slave_fake_lock = false
        fake_prev_lock = (MYSQL_LOCK *) 0x0
        first_table = (TABLE_LIST *) 0x868e0b0
        all_tables = (TABLE_LIST *) 0x868e0b0
        unit = (SELECT_LEX_UNIT *) 0x8692ee0
        _db_func_ = 0x0
        _db_file_ = 0x0
        _db_level_ = 0
        _db_framep_ = (char **) 0x8692ed0
#5  0x08190981 in mysql_parse(THD*, char*, unsigned) (thd=0x8692e90, inBuf=0x868dfc0 "SELECT * FROM EX1_VIE", length=21)
    at sql_parse.cc:5176
        lex = (LEX *) 0x8692ed0
        _db_func_ = 0x8689e86 ""
        _db_file_ = 0x0
        _db_level_ = 3204445984
        _db_framep_ = (char **) 0x0
#6  0x08186861 in dispatch_command(enum_server_command, THD*, char*, unsigned) (command=COM_QUERY, thd=0x8692e90, 
    packet=0x8689e71 "SELECT * FROM EX1_VIE", packet_length=22) at sql_parse.cc:1651
        packet_end = 0x868dfd5 ""
        net = (NET *) 0x86935e8
        error = false
        _db_func_ = 0x0
        _db_file_ = 0x0
        _db_level_ = 0
        _db_framep_ = (char **) 0x0
#7  0x081860a7 in do_command(THD*) (thd=0x8692e90) at sql_parse.cc:1457
        packet = 0x8689e70 "\003SELECT * FROM EX1_VIE"
        old_timeout = 30
        packet_length = 22
        net = (NET *) 0x86935e8
        command = COM_QUERY
        _db_func_ = 0x86945fc "ÿÿÿÿ"
        _db_file_ = 0x81631d2 "ÉÃU\211å\203ì(\213E\b\211\004$è¡"
        _db_level_ = 3204446724
        _db_framep_ = (char **) 0x1010
#8  0x08185236 in handle_one_connection (arg=0x8692e90) at sql_parse.cc:1114

How to repeat:
CREATE TABLE BAS_TAB (BAS_KEY VARCHAR(20),COM_KEY VARCHAR(32));
CREATE TABLE COM_TAB (COM_KEY VARCHAR(20),COM_COM_KEY VARCHAR(32));
CREATE VIEW CX1_VIE (COM_KEY_1, COM_COM_KEY_1, COM_COM_KEY_2) AS SELECT
A.COM_KEY, A.COM_COM_KEY, A.COM_COM_KEY FROM COM_TAB A,
COM_TAB B WHERE A.COM_COM_KEY=B.COM_COM_KEY;
CREATE VIEW EX1_VIE (BAS_KEY_1, COM_KEY_1, COM_KEY_3, COM_COM_KEY_3,
COM_COM_KEY_4) AS SELECT BAS_TAB.BAS_KEY, BAS_TAB.COM_KEY,
CX1_VIE.COM_KEY_1, CX1_VIE.COM_COM_KEY_1,
CX1_VIE.COM_COM_KEY_2 FROM BAS_TAB, CX1_VIE WHERE
BAS_TAB.COM_KEY=CX1_VIE.COM_KEY_1;
SELECT * FROM EX1_VIE;
[15 May 2005 23:38] Oleksandr Byelkin 
Thank you for bugreport!
Fix for this bug was pushed recently in bk repository.