MDEV-29852 SIGSEGV in mysql_create_routine or is_acl_user on 2nd execution, ASAN use-after-poison in get_current_user (sql_acl.cc)

if lex->definer is replaced, take care to restore it at the end of PS EXECUTE

Author: vuvova

mysql-test/main/sp-security.result

@@ -659,7 +659,9 @@ USE test;
 DROP USER 'tester';
 DROP USER 'Tester';
 DROP DATABASE B48872;
-End of 5.0 tests.
+#
+# End of 5.0 tests.
+#
 #
 # Test for bug#57061 "User without privilege on routine can discover
 # its existence."
@@ -804,7 +806,7 @@ DROP DATABASE u1;
 DROP USER u1@localhost;
 set @@global.character_set_server=@save_character_set_server;
 #
-# Start of 10.5 tests
+# End of 10.2 tests
 #
 #
 # MDEV-20366 Server crashes in get_current_user upon SET PASSWORD via SP
@@ -821,3 +823,17 @@ DROP USER foo@localhost;
 #
 # End of 10.5 tests
 #
+#
+# MDEV-29852 SIGSEGV in mysql_create_routine or is_acl_user on 2nd execution, ASAN use-after-poison in get_current_user (sql_acl.cc)
+#
+set @cmd:="create definer=u function f(i int) returns char binary reads sql data return concat (1,i)";
+prepare s from @cmd;
+execute s;
+Warnings:
+Note	1449	The user specified as a definer ('u'@'%') does not exist
+execute s;
+ERROR 42000: FUNCTION f already exists
+drop function f;
+#
+# End of 10.6 tests
+#

mysql-test/main/sp-security.test

@@ -911,8 +911,9 @@ DROP USER 'tester';
 DROP USER 'Tester';
 DROP DATABASE B48872;
 
---echo End of 5.0 tests.
-
+--echo #
+--echo # End of 5.0 tests.
+--echo #
 
 --echo #
 --echo # Test for bug#57061 "User without privilege on routine can discover
@@ -1080,9 +1081,8 @@ DROP USER u1@localhost;
 
 set @@global.character_set_server=@save_character_set_server;
 
-
 --echo #
---echo # Start of 10.5 tests
+--echo # End of 10.2 tests
 --echo #
 
 --echo #
@@ -1102,7 +1102,20 @@ CALL p1();
 DROP PROCEDURE p1;
 DROP USER foo@localhost;
 
-
 --echo #
 --echo # End of 10.5 tests
 --echo #
+
+--echo #
+--echo # MDEV-29852 SIGSEGV in mysql_create_routine or is_acl_user on 2nd execution, ASAN use-after-poison in get_current_user (sql_acl.cc)
+--echo #
+set @cmd:="create definer=u function f(i int) returns char binary reads sql data return concat (1,i)";
+prepare s from @cmd;
+execute s;
+--error ER_SP_ALREADY_EXISTS
+execute s;
+drop function f;
+
+--echo #
+--echo # End of 10.6 tests
+--echo #

sql/sql_parse.cc

@@ -2800,9 +2800,10 @@ bool sp_process_definer(THD *thd)
  }
  else
  {
- LEX_USER *d= lex->definer= get_current_user(thd, lex->definer);
+ LEX_USER *d= get_current_user(thd, lex->definer);
  if (!d)
  DBUG_RETURN(TRUE);
+ thd->change_item_tree((Item**)&lex->definer, (Item*)d);
 
  /*
  If the specified definer differs from the current user or role, we