Bug#11765252 - READ OF FREED MEMORY WHEN "USE DB" AND

"SHOW PROCESSLIST" Analysis: ---------- The problem here is, if one connection changes its default db and at the same time another connection executes "SHOW PROCESSLIST", when it wants to read db of the another connection then there is a chance of accessing the invalid memory. The db name stored in THD is not guarded while changing user DB and while reading the user DB in "SHOW PROCESSLIST". So, if THD.db is freed by thd "owner" thread and if another thread executing "SHOW PROCESSLIST" statement tries to read and copy THD.db at the same time then we may endup in the issue reported here. Fix: ---------- Used mutex "LOCK_thd_data" to guard THD.db while freeing it and while copying it to processlist.
2025-07-29 05:21:33 +03:00 · 2013-08-21 10:39:40 +05:30
parent 55129f676a
commit 10a6aa256e
5 changed files with 41 additions and 16 deletions
--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@ -1231,7 +1231,9 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
      if (save_user_connect)
 	decrease_user_connections(save_user_connect);
 #endif /* NO_EMBEDDED_ACCESS_CHECKS */
+      pthread_mutex_lock(&thd->LOCK_thd_data);
      x_free(save_db);
+      pthread_mutex_unlock(&thd->LOCK_thd_data);
      x_free(save_security_ctx.user);
    }
    break;