Percona Server moved to https://jira.percona.com/projects/PS

SHOW PROCESSLIST reference to THD::db not protected against simultaneous updates

  1. Series 5.5
  2. Bug #1173282
Bug #1173282 reported by Laurynas Biveinis
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Percona Server moved to https://jira.percona.com/projects/PS
Status tracked in 5.7
5.1
Won't Fix
Medium
Unassigned
5.5
Triaged
Medium
Unassigned
5.6
Triaged
Medium
Unassigned
5.7
Triaged
Medium
Unassigned

Bug Description

Original report at https://mariadb.atlassian.net/browse/MDEV-4422. Our code is the same.

SHOW PROCESSLIST accesses the current db (THD::db) of each thread without
any protection against simultaneous update (by THD::set_db()).

        if ((thd_info->db=tmp->db)) // Safe test
          thd_info->db=thd->strdup(thd_info->db);

This can result in reading free()d memory, in theory returning sensitive data
or even crashing (if free() decided to munmap() the memory).

A possible solution is to protect THD::set_db() calls, as well as reading of
THD::db from SHOW PROCESSLIST, by the LOCK_thd_data mutex.

Tags: processlist
Laurynas Biveinis (laurynas-biveinis)
tags: added: processlist
Revision history for this message
Shahriyar Rzayev (rzayev-sehriyar) wrote :

Percona now uses JIRA for bug reports so this bug report is migrated to: https://jira.percona.com/browse/PS-1359

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.