diff --git a/mysql-test/main/sp-security.result b/mysql-test/main/sp-security.result index 8a1f46c7c35..5c62a95b34a 100644 --- a/mysql-test/main/sp-security.result +++ b/mysql-test/main/sp-security.result @@ -659,7 +659,9 @@ USE test; DROP USER 'tester'; DROP USER 'Tester'; DROP DATABASE B48872; -End of 5.0 tests. +# +# End of 5.0 tests. +# # # Test for bug#57061 "User without privilege on routine can discover # its existence." @@ -804,7 +806,7 @@ DROP DATABASE u1; DROP USER u1@localhost; set @@global.character_set_server=@save_character_set_server; # -# Start of 10.5 tests +# End of 10.2 tests # # # MDEV-20366 Server crashes in get_current_user upon SET PASSWORD via SP @@ -821,3 +823,17 @@ DROP USER foo@localhost; # # End of 10.5 tests # +# +# MDEV-29852 SIGSEGV in mysql_create_routine or is_acl_user on 2nd execution, ASAN use-after-poison in get_current_user (sql_acl.cc) +# +set @cmd:="create definer=u function f(i int) returns char binary reads sql data return concat (1,i)"; +prepare s from @cmd; +execute s; +Warnings: +Note 1449 The user specified as a definer ('u'@'%') does not exist +execute s; +ERROR 42000: FUNCTION f already exists +drop function f; +# +# End of 10.6 tests +# diff --git a/mysql-test/main/sp-security.test b/mysql-test/main/sp-security.test index e11e8911b60..13fdbd68a55 100644 --- a/mysql-test/main/sp-security.test +++ b/mysql-test/main/sp-security.test @@ -911,8 +911,9 @@ DROP USER 'tester'; DROP USER 'Tester'; DROP DATABASE B48872; ---echo End of 5.0 tests. - +--echo # +--echo # End of 5.0 tests. +--echo # --echo # --echo # Test for bug#57061 "User without privilege on routine can discover @@ -1080,9 +1081,8 @@ DROP USER u1@localhost; set @@global.character_set_server=@save_character_set_server; - --echo # ---echo # Start of 10.5 tests +--echo # End of 10.2 tests --echo # --echo # @@ -1102,7 +1102,20 @@ CALL p1(); DROP PROCEDURE p1; DROP USER foo@localhost; - --echo # --echo # End of 10.5 tests --echo # + +--echo # +--echo # MDEV-29852 SIGSEGV in mysql_create_routine or is_acl_user on 2nd execution, ASAN use-after-poison in get_current_user (sql_acl.cc) +--echo # +set @cmd:="create definer=u function f(i int) returns char binary reads sql data return concat (1,i)"; +prepare s from @cmd; +execute s; +--error ER_SP_ALREADY_EXISTS +execute s; +drop function f; + +--echo # +--echo # End of 10.6 tests +--echo # diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 39b364e475d..6e99eca2eb1 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -2800,9 +2800,10 @@ bool sp_process_definer(THD *thd) } else { - LEX_USER *d= lex->definer= get_current_user(thd, lex->definer); + LEX_USER *d= get_current_user(thd, lex->definer); if (!d) DBUG_RETURN(TRUE); + thd->change_item_tree((Item**)&lex->definer, (Item*)d); /* If the specified definer differs from the current user or role, we