MySQL Bugs: #47938: "grant update on view" does not initialize the table_list lock

Bug #47938	"grant update on view" does not initialize the table_list lock_type.
Submitted:	9 Oct 2009 9:13	Modified:	11 Mar 2010 6:39
Reporter:	Lars-Erik BjÃ¸rk	Email Updates:
Status:	Verified	Impact on me:	None
Category:	MySQL Server: Locking	Severity:	S3 (Non-critical)
Version:	6.0.14-alpha	OS:	Any
Assigned to:		CPU Architecture:	Any
Tags:	assertion

Description:
When following the description provided below, we get the following call stack:

#0  0x00007f0590d211f6 in pthread_kill () from /lib/libpthread.so.0
#1  0x0000000000a66ff0 in my_write_core (sig=6) at stacktrace.c:309
#2  0x000000000069a096 in handle_segfault (sig=6) at mysqld.cc:2754
#3  <signal handler called>
#4  0x00007f058fbd5fb5 in raise () from /lib/libc.so.6
#5  0x00007f058fbd7bc3 in abort () from /lib/libc.so.6
#6  0x00007f058fbcef09 in __assert_fail () from /lib/libc.so.6
#7  0x000000000080c2e0 in handler::start_stmt (this=0x2f29418, thd=0x2ec1c60, 
    lock_type=TL_UNLOCK) at ../../sql/handler.h:1896
#8  0x00000000006fb7ae in check_lock_and_start_stmt (thd=0x2ec1c60, table=0x2f5b030, 
    lock_type=TL_UNLOCK) at sql_base.cc:4532
#9  0x0000000000703e57 in lock_tables (thd=0x2ec1c60, tables=0x2f29958, count=1, 
    flags=0, need_reopen=0x7f05911f233f) at sql_base.cc:5106
#10 0x000000000070b940 in open_and_lock_tables_derived (thd=0x2ec1c60, 
    tables=0x2f29958, derived=true, flags=0, prelocking_strategy=0x7f05911f2370)
    at sql_base.cc:4767
#11 0x00000000006b8bba in open_and_lock_tables_derived (thd=0x2ec1c60, 
    tables=0x2f29958, derived=true, flags=0) at ../mysql_priv.h:1518
#12 0x00000000006b8bf5 in open_and_lock_tables (thd=0x2ec1c60, tables=0x2f29958)
    at ../../sql/mysql_priv.h:1528
#13 0x00000000007aad8d in mysql_table_grant (thd=0x2ec1c60, table_list=0x2f29958, 
    user_list=@0x2ec4198, columns=@0x2ec41b8, rights=0, revoke_grant=false)
    at sql_acl.cc:3037
#14 0x00000000006b2e3b in mysql_execute_command (thd=0x2ec1c60) at sql_parse.cc:4046
#15 0x00000000006b5b0b in mysql_parse (thd=0x2ec1c60, 
    inBuf=0x2f29878 "grant update (c1) on v1 to 'u1'@'localhost'", length=43, 
    found_semicolon=0x7f05911f5900) at sql_parse.cc:5991
#16 0x00000000006b671f in dispatch_command (command=COM_QUERY, thd=0x2ec1c60, 
    packet=0x2efa3a1 "grant update (c1) on v1 to 'u1'@'localhost'", packet_length=43)
    at sql_parse.cc:1074
#17 0x00000000006b7c03 in do_command (thd=0x2ec1c60) at sql_parse.cc:756
#18 0x00000000006a4714 in handle_one_connection (arg=0x2ec1c60) at sql_connect.cc:1164
#19 0x00007f0590d1c3ba in start_thread () from /lib/libpthread.so.0
#20 0x00007f058fc88fcd in clone () from /lib/libc.so.6
#21 0x0000000000000000 in ?? ()

How to repeat:
Add the following assertion:                                                                
                                                                                            
=== modified file 'sql/handler.h'                                                           
--- sql/handler.h 2009-09-21 09:04:22 +0000                                                 
+++ sql/handler.h 2009-10-08 07:47:11 +0000                                                 
@@ -1891,7 +1891,11 @@ public:                                                              
   */                                                                                       
   virtual void try_semi_consistent_read(bool) {}                                           
   virtual void unlock_row() {}                                                             
-  virtual int start_stmt(THD *thd, thr_lock_type lock_type) {return                        
0;}                                                                                         
+  virtual int start_stmt(THD *thd, thr_lock_type lock_type)                                
+  {                                                                                        
+    DBUG_ASSERT(lock_type != TL_UNLOCK);                                                   
+    return 0;                                                                              
+  }

Execute the following test case:                                                            
                                                                                            
create table t1 (c1 varchar(30));                                                           
delimiter |;                                                                                
create function test_function() returns varchar(30)                                         
begin                                                                                       
return '1';                                                                                 
end|                                                                                        
delimiter ;|                                                                                
create view v1 as select t1.* from t1 where                                                 
t1.c1=test_function();                                                                      
create user u1;                                                                             
grant update (c1) on v1 to 'u1'@'localhost';

Pushed into 6.0.14-alpha (revid:alik@sun.com-20091031081410-qkxmjsdzjmj840aq) (version source revid:lars-erik.bjork@sun.com-20091023144155-4s5ywv0rmy1e307u) (merge vers: 6.0.14-alpha) (pib:13)

No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

It's a violation of the pluggable storage engine API.

It has no effect on execution whatsoever. May show up when we decide to store grants in InnoDB or a storage engine other than MyISAM.

Pushed into 6.0.14-alpha (revid:alik@sun.com-20100520100225-oe4iuu5kuzsx0knq) (version source revid:alik@sun.com-20100520100057-rmn5y3o3ij726bm7) (merge vers: 6.0.14-alpha) (pib:16)

Pushed into mysql-next-mr (revid:alik@sun.com-20100520100140-5bzrtadw4w419i3m) (version source revid:alik@sun.com-20100520100049-1njm09rkvnhmysnr) (pib:16)

Pushed into mysql-trunk 5.6.1-m4 (revid:alik@ibmvm-20100804080001-bny5271e65xo34ig) (version source revid:alik@sun.com-20100520123900-5kadc9fvcxz30s75) (merge vers: 5.6.99-m4) (pib:18)

Pushed into mysql-trunk 5.6.1-m4 (revid:alik@ibmvm-20100804080001-bny5271e65xo34ig) (version source revid:alik@sun.com-20100520123900-5kadc9fvcxz30s75) (merge vers: 5.6.99-m4) (pib:18)

Pushed into mysql-trunk 5.6.1-m4 (revid:alik@ibmvm-20100804080001-bny5271e65xo34ig) (version source revid:alik@sun.com-20100520123900-5kadc9fvcxz30s75) (merge vers: 5.6.99-m4) (pib:18)

Pushed into mysql-trunk 5.6.1-m4 (revid:alik@ibmvm-20100804080001-bny5271e65xo34ig) (version source revid:alik@sun.com-20100520123900-5kadc9fvcxz30s75) (merge vers: 5.6.99-m4) (pib:18)

Pushed into mysql-trunk 5.6.1-m4 (revid:alik@ibmvm-20100804080001-bny5271e65xo34ig) (version source revid:alik@sun.com-20100520123900-5kadc9fvcxz30s75) (merge vers: 5.6.99-m4) (pib:18)

Pushed into mysql-trunk 5.6.1-m4 (revid:alik@ibmvm-20100804080001-bny5271e65xo34ig) (version source revid:alik@sun.com-20100520123900-5kadc9fvcxz30s75) (merge vers: 5.6.99-m4) (pib:18)

Pushed into mysql-trunk 5.6.1-m4 (revid:alik@ibmvm-20100804081533-c1d3rbipo9e8rt1s) (version source revid:alik@sun.com-20100520123900-5kadc9fvcxz30s75) (merge vers: 5.6.99-m4) (pib:18)

Pushed into mysql-trunk 5.6.1-m4 (revid:alik@ibmvm-20100804081533-c1d3rbipo9e8rt1s) (version source revid:alik@sun.com-20100520123900-5kadc9fvcxz30s75) (merge vers: 5.6.99-m4) (pib:20)