MySQL Bugs: #37782: Program defensively in sql

Bug #37782	Program defensively in sql_acl.cc
Submitted:	1 Jul 2008 17:58	Modified:	7 Jul 2009 6:30
Reporter:	Mark Callaghan	Email Updates:
Status:	Verified	Impact on me:	None
Category:	MySQL Server: Security: Privileges	Severity:	S3 (Non-critical)
Version:	5.0.62, 5.1, 4.1, 6.0 bzr	OS:	Any
Assigned to:		CPU Architecture:	Any
Tags:	access, authentication, sql_acl

View
Add Comment
Files
Developer
Edit Submission
View Progress Log
Contributions

Description:
Code in sql_acl is very casual about error handling. Given that this code does authentication and access control, it should do better.

Examples of the problems include:
* function calls that ignore error results (grep for VOID)
  VOID(my_init_dynamic_array(&acl_dbs,sizeof(ACL_DB),50,100));
* functions that return void but should be able to return an error
  acl_insert* functions

Who knows what will happen when malloc fails?

How to repeat:
Read the code

Thank you for the report.

Verified as described.