Bug#24447966 SEGMENTATION FAULT IN MY_ATOMIC_ADD64 IN ATOMIC/GCC_SYNC.H

If acl_load() fails unexpectedly (example by using a KILL) the acl cache
is deleted and not reinitialzied. This later causes a null pointer to be
dereferenced when the acl cache version number should be increased.
The fix is to not delete the acl cache.

Author: Kristofer Pettersson

mysql-test/r/grant_debug.result

@@ -30,3 +30,43 @@ DROP USER user_name_robert_golebiowski1234@oh_my_gosh_this_is_a_long_hostname_lo
 DROP USER user_name_robert_golebiowski1234@localhost;
 DROP USER some_user@localhost;
 DROP DATABASE db_1;
+#
+# If acl_load() fails unexpectedly we shouldn't delete the acl cache
+#
+use test;
+CREATE ROLE r1,r2;
+CREATE USER u1@localhost IDENTIFIED BY 'foo';
+GRANT all on *.* to u1@localhost;
+GRANT r1,r2 TO u1@localhost;
+GRANT ALL ON *.* TO r1;
+SHOW GRANTS FOR u1@localhost USING r1;
+Grants for u1@localhost
+GRANT ALL PRIVILEGES ON *.* TO `u1`@`localhost`
+GRANT `r1`@`%`,`r2`@`%` TO `u1`@`localhost`
+ALTER USER u1@localhost DEFAULT ROLE r1;
+SET DEBUG='+d,induce_acl_load_failure';
+GRANT r1 TO r2;
+FLUSH PRIVILEGES;
+ERROR HY000: Unknown error
+SHOW GRANTS;
+Grants for u1@localhost
+GRANT ALL PRIVILEGES ON *.* TO `u1`@`localhost`
+GRANT `r1`@`%`,`r2`@`%` TO `u1`@`localhost`
+REVOKE r1 FROM r2;
+SET DEBUG='+d,induce_acl_load_failure';
+FLUSH PRIVILEGES;
+ERROR HY000: Unknown error
+# Grant should not have changed
+SHOW GRANTS FOR u1@localhost USING r1;
+Grants for u1@localhost
+GRANT ALL PRIVILEGES ON *.* TO `u1`@`localhost`
+GRANT `r1`@`%`,`r2`@`%` TO `u1`@`localhost`
+# Grant should not have changed
+SHOW GRANTS;
+Grants for u1@localhost
+GRANT ALL PRIVILEGES ON *.* TO `u1`@`localhost`
+GRANT `r1`@`%`,`r2`@`%` TO `u1`@`localhost`
+SET DEBUG='-d,induce_acl_load_failure';
+FLUSH PRIVILEGES;
+DROP USER u1@localhost;
+DROP ROLE r1,r2;

mysql-test/t/grant_debug.test

@@ -49,3 +49,37 @@ DROP DATABASE db_1;
 --connection default
 --disconnect con_1
 
+--echo #
+--echo # If acl_load() fails unexpectedly we shouldn't delete the acl cache
+--echo #
+use test;
+CREATE ROLE r1,r2;
+CREATE USER u1@localhost IDENTIFIED BY 'foo';
+GRANT all on *.* to u1@localhost;
+GRANT r1,r2 TO u1@localhost;
+GRANT ALL ON *.* TO r1;
+SHOW GRANTS FOR u1@localhost USING r1;
+ALTER USER u1@localhost DEFAULT ROLE r1;
+SET DEBUG='+d,induce_acl_load_failure';
+GRANT r1 TO r2;
+--error ER_UNKNOWN_ERROR
+FLUSH PRIVILEGES;
+connect (con1,localhost,u1,foo,);
+SHOW GRANTS;
+connection default;
+REVOKE r1 FROM r2;
+SET DEBUG='+d,induce_acl_load_failure';
+--error ER_UNKNOWN_ERROR
+FLUSH PRIVILEGES;
+--echo # Grant should not have changed
+SHOW GRANTS FOR u1@localhost USING r1;
+connection con1;
+--echo # Grant should not have changed
+SHOW GRANTS;
+connection default;
+disconnect con1;
+SET DEBUG='-d,induce_acl_load_failure';
+FLUSH PRIVILEGES;
+DROP USER u1@localhost;
+DROP ROLE r1,r2;
+

sql/auth/sql_auth_cache.cc

@@ -2172,6 +2172,8 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
   thd->variables.sql_mode= old_sql_mode;
   if (table_schema)
     delete table_schema;
+  DBUG_EXECUTE_IF("induce_acl_load_failure",
+                  return_val= TRUE;);
   DBUG_RETURN(return_val);
 }
 
@@ -2180,7 +2182,6 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
 
 void acl_free(bool end)
 {
-  shutdown_acl_cache();
   free_root(&global_acl_memory,MYF(0));
   delete acl_users;
   acl_users= NULL;
@@ -2195,6 +2196,7 @@ void acl_free(bool end)
     clear_and_init_db_cache();
   else
   {
+    shutdown_acl_cache();
     if (acl_cache_initialized == true)
     {
       my_hash_free(&db_cache);