Bug#38883 thd_security_context is not thread safe, crashes?
Innodb monitor could cause a server crash because of invalid access to a
shared variable in a concurrent environment.
This patch adds a guard to protect against crashes but not against
inconsistent values because of performance reasons.
sql/sql_class.cc:
* Attempt snapshot of static memory pointer proc_info to avoid null pointers.
This commit is contained in:
Kristofer Pettersson
parent
8b1f501c70
commit
e88487cc27
@ -306,20 +306,25 @@ void thd_inc_row_count(THD *thd)
|
|||||||
thd->row_count++;
|
thd->row_count++;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
|
||||||
|
/**
|
||||||
Dumps a text description of a thread, its security context
|
Dumps a text description of a thread, its security context
|
||||||
(user, host) and the current query.
|
(user, host) and the current query.
|
||||||
|
|
||||||
SYNOPSIS
|
@param thd current thread context
|
||||||
thd_security_context()
|
@param buffer pointer to preferred result buffer
|
||||||
thd current thread context
|
@param length length of buffer
|
||||||
buffer pointer to preferred result buffer
|
@param max_query_len how many chars of query to copy (0 for all)
|
||||||
length length of buffer
|
|
||||||
max_query_len how many chars of query to copy (0 for all)
|
|
||||||
|
|
||||||
RETURN VALUES
|
@req LOCK_thread_count
|
||||||
pointer to string
|
|
||||||
|
@note LOCK_thread_count mutex is not necessary when the function is invoked on
|
||||||
|
the currently running thread (current_thd) or if the caller in some other
|
||||||
|
way guarantees that access to thd->query is serialized.
|
||||||
|
|
||||||
|
@return Pointer to string
|
||||||
*/
|
*/
|
||||||
|
|
||||||
extern "C"
|
extern "C"
|
||||||
char *thd_security_context(THD *thd, char *buffer, unsigned int length,
|
char *thd_security_context(THD *thd, char *buffer, unsigned int length,
|
||||||
unsigned int max_query_len)
|
unsigned int max_query_len)
|
||||||
@ -328,6 +333,16 @@ char *thd_security_context(THD *thd, char *buffer, unsigned int length,
|
|||||||
const Security_context *sctx= &thd->main_security_ctx;
|
const Security_context *sctx= &thd->main_security_ctx;
|
||||||
char header[64];
|
char header[64];
|
||||||
int len;
|
int len;
|
||||||
|
/*
|
||||||
|
The pointers thd->query and thd->proc_info might change since they are
|
||||||
|
being modified concurrently. This is acceptable for proc_info since its
|
||||||
|
values doesn't have to very accurate and the memory it points to is static,
|
||||||
|
but we need to attempt a snapshot on the pointer values to avoid using NULL
|
||||||
|
values. The pointer to thd->query however, doesn't point to static memory
|
||||||
|
and has to be protected by LOCK_thread_count or risk pointing to
|
||||||
|
uninitialized memory.
|
||||||
|
*/
|
||||||
|
const char *proc_info= thd->proc_info;
|
||||||
|
|
||||||
len= my_snprintf(header, sizeof(header),
|
len= my_snprintf(header, sizeof(header),
|
||||||
"MySQL thread id %lu, query id %lu",
|
"MySQL thread id %lu, query id %lu",
|
||||||
@ -353,10 +368,10 @@ char *thd_security_context(THD *thd, char *buffer, unsigned int length,
|
|||||||
str.append(sctx->user);
|
str.append(sctx->user);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (thd->proc_info)
|
if (proc_info)
|
||||||
{
|
{
|
||||||
str.append(' ');
|
str.append(' ');
|
||||||
str.append(thd->proc_info);
|
str.append(proc_info);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (thd->query)
|
if (thd->query)
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user