From 65d758aa891bdafca6c881d3e7075979de3395e9 Mon Sep 17 00:00:00 2001
From: Sergei Golubchik <serg@mariadb.org>
Date: Sat, 30 Mar 2019 12:52:23 +0100
Subject: MDEV-18298 Crashes server with segfault during role grants

it was supposed to be `*(p-1)` not `*p-1`
(the crash happens if `*p==0`)
---
 sql/sql_acl.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'sql')

diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index ff18c1d4c10..c2e5bfd8c11 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -5311,7 +5311,7 @@ static bool merge_role_db_privileges(ACL_ROLE *grantee, const char *dbname,
   ulong UNINIT_VAR(access), update_flags= 0;
   for (int *p= dbs.front(); p <= dbs.back(); p++)
   {
-    if (first<0 || (!dbname && strcmp(acl_dbs.at(*p).db, acl_dbs.at(*p-1).db)))
+    if (first<0 || (!dbname && strcmp(acl_dbs.at(p[0]).db, acl_dbs.at(p[-1]).db)))
     { // new db name series
       update_flags|= update_role_db(merged, first, access, grantee->user.str);
       merged= -1;
-- 
cgit v1.2.1