From f2d549d8dbda1906b3e5ae0c2fa5589f2b9de662 Mon Sep 17 00:00:00 2001 From: Sujatha Sivakumar Date: Wed, 27 Mar 2019 12:34:03 +0530 Subject: MDEV-14784: Slave crashes in show_status_array upon running a trigger with select from I_S Problem: ======== When applier thread tries to access 'variable_name' of INFORMATION_SCHEMA.SESSION_VARIABLES table through triggers, it results in an abnormal exit of slave server. Analysis: ======== At the time of replication of stored routines and triggers, their associated security context will be sent by the master. The applier thread on the slave server will use this information to set the required security context for the execution of stored routines and triggers. This is achieved as follows. ->The stored routine object has a member named 'm_security_ctx' which holds the security context received from master. ->The applier thread's security_ctx is stored into a 'backup' object. ->Set the applier thread's security_ctx to 'm_security_ctx'. ->Upon the completion of stored routine execution restore the original security context of applier thread from the backup. During the above process the 'm_security_ctx' object is not initialized properly. Hence the 'external_user' of 'm_security_ctx' has invalid value for this variable and accessing this variable results in abnormal exit of server. Fix: === Invoke the Security_context::init() call from the constructor of stored routine so that 'm_security_ctx' gets initialized properly. --- sql/sp_head.cc | 1 + 1 file changed, 1 insertion(+) (limited to 'sql/sp_head.cc') diff --git a/sql/sp_head.cc b/sql/sp_head.cc index 14a57914560..fec7f51eaf0 100644 --- a/sql/sp_head.cc +++ b/sql/sp_head.cc @@ -563,6 +563,7 @@ sp_head::sp_head() DBUG_ENTER("sp_head::sp_head"); + m_security_ctx.init(); m_backpatch.empty(); m_cont_backpatch.empty(); m_lex.empty(); -- cgit v1.2.1