MDEV-15907 ASAN heap-use-after-free

This patch fixes an invalid read in fill_effective_table_privileges
triggered by a grant_version increase between a PREPARE for a
statement creating a view from I_S and EXECUTE.
A tmp table was created and free'd while preparing the statement,
TABLE_LIST::table_name was set to point to the tmp table
TABLE_SHARE::table_name which no longer existed after preparing was
done.
The grant version increase made fill_effective_table_privileges
called during EXECUTE to try fetch the updated grant info and
this is where the dangling table name was used.

Author: robertbindar

mysql-test/r/mdev15907.result

@@ -0,0 +1,4 @@
+PREPARE stmt2 FROM "CREATE VIEW v AS SELECT * FROM INFORMATION_SCHEMA.TABLES";
+FLUSH PRIVILEGES;
+EXECUTE stmt2;
+DROP VIEW v;

mysql-test/t/mdev15907.test

@@ -0,0 +1,4 @@
+PREPARE stmt2 FROM "CREATE VIEW v AS SELECT * FROM INFORMATION_SCHEMA.TABLES";
+FLUSH PRIVILEGES;
+EXECUTE stmt2;
+DROP VIEW v;

sql/sql_show.cc

@@ -7620,8 +7620,6 @@ int mysql_schema_table(THD *thd, LEX *lex, TABLE_LIST *table_list)
     table->alias_name_used= my_strcasecmp(table_alias_charset,
                                           table_list->schema_table_name,
                                           table_list->alias);
-  table_list->table_name= table->s->table_name.str;
-  table_list->table_name_length= table->s->table_name.length;
   table_list->table= table;
   table->next= thd->derived_tables;
   thd->derived_tables= table;

sql/table.cc

@@ -5373,7 +5373,8 @@ const char *Field_iterator_table_ref::get_table_name()
     return natural_join_it.column_ref()->table_name();
 
   DBUG_ASSERT(!strcmp(table_ref->table_name,
-                      table_ref->table->s->table_name.str));
+                      table_ref->table->s->table_name.str) ||
+              table_ref->schema_table);
   return table_ref->table_name;
 }