Commit 95007f5e authored by Kristofer Pettersson's avatar Kristofer Pettersson

Bug#38883 thd_security_context is not thread safe, crashes?

            
Innodb monitor could cause a server crash because of invalid access to a
shared variable in a concurrent environment.
                  
This patch adds a guard to protect against crashes but not against
inconsistent values because of performance reasons.
parent 3e85defa
......@@ -306,20 +306,25 @@ void thd_inc_row_count(THD *thd)
thd->row_count++;
}
/*
/**
Dumps a text description of a thread, its security context
(user, host) and the current query.
SYNOPSIS
thd_security_context()
thd current thread context
buffer pointer to preferred result buffer
length length of buffer
max_query_len how many chars of query to copy (0 for all)
RETURN VALUES
pointer to string
@param thd current thread context
@param buffer pointer to preferred result buffer
@param length length of buffer
@param max_query_len how many chars of query to copy (0 for all)
@req LOCK_thread_count
@note LOCK_thread_count mutex is not necessary when the function is invoked on
the currently running thread (current_thd) or if the caller in some other
way guarantees that access to thd->query is serialized.
@return Pointer to string
*/
extern "C"
char *thd_security_context(THD *thd, char *buffer, unsigned int length,
unsigned int max_query_len)
......@@ -328,6 +333,16 @@ char *thd_security_context(THD *thd, char *buffer, unsigned int length,
const Security_context *sctx= &thd->main_security_ctx;
char header[64];
int len;
/*
The pointers thd->query and thd->proc_info might change since they are
being modified concurrently. This is acceptable for proc_info since its
values doesn't have to very accurate and the memory it points to is static,
but we need to attempt a snapshot on the pointer values to avoid using NULL
values. The pointer to thd->query however, doesn't point to static memory
and has to be protected by LOCK_thread_count or risk pointing to
uninitialized memory.
*/
const char *proc_info= thd->proc_info;
len= my_snprintf(header, sizeof(header),
"MySQL thread id %lu, query id %lu",
......@@ -353,10 +368,10 @@ char *thd_security_context(THD *thd, char *buffer, unsigned int length,
str.append(sctx->user);
}
if (thd->proc_info)
if (proc_info)
{
str.append(' ');
str.append(thd->proc_info);
str.append(proc_info);
}
if (thd->query)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment