MDEV-24019 Assertion is hit for query using recursive CTE with no default DB

When the query using a recursive CTE whose definition contained wildcard symbols in the recursive part was processed at the prepare stage an assertion was hit if the query was executed without any default database set. The failure happened when the function insert_fields() tried to check column privileges for the temporary table created for a recursive reference to the CTE. No acl checks are needed for any CTE. That's why this check should be blocked as well. The patch formulates a stricter condition at which this check is to be blocked that covers the case when a query using recursive CTEs is executed with no default database set. Approved by Oleksandr Byelkin <sanja@mariadb.com>
2025-07-29 05:21:33 +03:00 · 2020-12-08 11:13:36 -08:00
parent 2db6eb1429
commit a3f7f2334a
3 changed files with 90 additions and 24 deletions
--- a/sql/sql_base.cc
+++ b/sql/sql_base.cc
@ -7648,36 +7648,23 @@ insert_fields(THD *thd, Name_resolution_context *context, const char *db_name,

 #ifndef NO_EMBEDDED_ACCESS_CHECKS
    /* 
-       Ensure that we have access rights to all fields to be inserted. Under
-       some circumstances, this check may be skipped.
+       Ensure that we have access rights to all fields to be inserted
+       the table 'tables'. Under some circumstances, this check may be skipped.

-       - If any_privileges is true, skip the check.
+       The check is skipped in the following cases:

-       - If the SELECT privilege has been found as fulfilled already for both
-         the TABLE and TABLE_LIST objects (and both of these exist, of
-         course), the check is skipped.
+       - any_privileges is true

-       - If the SELECT privilege has been found fulfilled for the TABLE object
-         and the TABLE_LIST represents a derived table other than a view (see
-         below), the check is skipped.
+       - the table is a derived table

-       - If the TABLE_LIST object represents a view, we may skip checking if
-         the SELECT privilege has been found fulfilled for it, regardless of
-         the TABLE object.
+       - the table is a view with SELECT privilege

-       - If there is no TABLE object, the test is skipped if either 
-         * the TABLE_LIST does not represent a view, or
-         * the SELECT privilege has been found fulfilled.         
-
-       A TABLE_LIST that is not a view may be a subquery, an
-       information_schema table, or a nested table reference. See the comment
-       for TABLE_LIST.
+       - the table is a base table with SELECT privilege
    */
-    if (!((table && tables->is_non_derived() &&
-          (table->grant.privilege & SELECT_ACL)) ||
-	  ((!tables->is_non_derived() && 
-	    (tables->grant.privilege & SELECT_ACL)))) &&
-        !any_privileges)
+    if (!any_privileges &&
+        !tables->is_derived() &&
+        !(tables->is_view() && (tables->grant.privilege & SELECT_ACL)) &&
+        !(table && (table->grant.privilege & SELECT_ACL)))
    {
      field_iterator.set(tables);
      if (check_grant_all_columns(thd, SELECT_ACL, &field_iterator))