From 323e9a4c53613ed229759422068ef1822a8d1d63 Mon Sep 17 00:00:00 2001
From: "thek@adventure.(none)" <>
Date: Fri, 1 Feb 2008 14:10:46 +0100
Subject: [PATCH] Bug#33201 Crash occurs when granting update privilege on one
 column of a view

When issuing a column level grant on a table which require pre-locking the
server crashed.

The reason behind the crash was that data structures used by the lock api
wasn't properly reinitialized in the case of a column level grant.
---
 mysql-test/r/grant.result | 22 ++++++++++++++++++++++
 mysql-test/t/grant.test   | 22 ++++++++++++++++++++++
 sql/sql_acl.cc            |  7 +++++++
 3 files changed, 51 insertions(+)

diff --git a/mysql-test/r/grant.result b/mysql-test/r/grant.result
index e27ef64af43..98a21b14585 100644
--- a/mysql-test/r/grant.result
+++ b/mysql-test/r/grant.result
@@ -1129,4 +1129,26 @@ DROP USER mysqltest_1@localhost;
 DROP DATABASE db27878;
 use test;
 DROP TABLE t1;
+drop table if exists test;
+Warnings:
+Note	1051	Unknown table 'test'
+drop function if exists test_function;
+Warnings:
+Note	1305	FUNCTION test_function does not exist
+drop view if exists v1;
+Warnings:
+Note	1051	Unknown table 'test.v1'
+create table test (col1 varchar(30));
+create function test_function() returns varchar(30)
+begin
+declare tmp varchar(30);
+select col1 from test limit 1 into tmp;
+return '1';
+end|
+create view v1 as select test.* from test where test.col1=test_function();
+grant update (col1) on v1 to 'greg';
+revoke all privileges on v1 from 'greg';
+drop view v1;
+drop table test;
+drop function test_function;
 End of 5.0 tests
diff --git a/mysql-test/t/grant.test b/mysql-test/t/grant.test
index ed95d90c8f8..43548094a33 100644
--- a/mysql-test/t/grant.test
+++ b/mysql-test/t/grant.test
@@ -1153,4 +1153,26 @@ DROP DATABASE db27878;
 use test;
 DROP TABLE t1;
 
+#
+# Bug #33201 Crash occurs when granting update privilege on one column of a view
+#
+drop table if exists test;
+drop function if exists test_function;
+drop view if exists v1;
+create table test (col1 varchar(30));
+delimiter |;
+create function test_function() returns varchar(30)
+begin
+        declare tmp varchar(30);
+        select col1 from test limit 1 into tmp;
+        return '1';
+end|
+delimiter ;|
+create view v1 as select test.* from test where test.col1=test_function();
+grant update (col1) on v1 to 'greg';
+revoke all privileges on v1 from 'greg';
+drop view v1;
+drop table test;
+drop function test_function;
+
 --echo End of 5.0 tests
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index 134541368e9..703918329c2 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -2878,6 +2878,12 @@ bool mysql_table_grant(THD *thd, TABLE_LIST *table_list,
   }
 #endif
 
+  /* 
+    The lock api is depending on the thd->lex variable which needs to be
+    re-initialized.
+  */
+  Query_tables_list backup;
+  thd->lex->reset_n_backup_query_tables_list(&backup);
   if (simple_open_n_lock_tables(thd,tables))
   {						// Should never happen
     close_thread_tables(thd);			/* purecov: deadcode */
@@ -3016,6 +3022,7 @@ bool mysql_table_grant(THD *thd, TABLE_LIST *table_list,
     send_ok(thd);
 
   /* Tables are automatically closed */
+  thd->lex->restore_backup_query_tables_list(&backup);
   DBUG_RETURN(result);
 }