diff options
| author | Praveenkumar Hulakund <praveenkumar.hulakund@oracle.com> | 2013-08-21 10:39:40 +0530 |
|---|---|---|
| committer | Praveenkumar Hulakund <praveenkumar.hulakund@oracle.com> | 2013-08-21 10:39:40 +0530 |
| commit | 10a6aa256e965874b3a307f7d81393078a991544 (patch) | |
| tree | 6c403dc88c8ca5b75a5384ae957f26dc42b865f8 /sql/sql_parse.cc | |
| parent | 55129f676accff001fcd7b60b049cdd0932442e8 (diff) | |
| download | mariadb-git-10a6aa256e965874b3a307f7d81393078a991544.tar.gz | |
Bug#11765252 - READ OF FREED MEMORY WHEN "USE DB" AND
"SHOW PROCESSLIST"
Analysis:
----------
The problem here is, if one connection changes its
default db and at the same time another connection executes
"SHOW PROCESSLIST", when it wants to read db of the another
connection then there is a chance of accessing the invalid
memory.
The db name stored in THD is not guarded while changing user
DB and while reading the user DB in "SHOW PROCESSLIST".
So, if THD.db is freed by thd "owner" thread and if another
thread executing "SHOW PROCESSLIST" statement tries to read
and copy THD.db at the same time then we may endup in the issue
reported here.
Fix:
----------
Used mutex "LOCK_thd_data" to guard THD.db while freeing it
and while copying it to processlist.
Diffstat (limited to 'sql/sql_parse.cc')
| -rw-r--r-- | sql/sql_parse.cc | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 457be355f81..d9d9a603869 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -1231,7 +1231,9 @@ bool dispatch_command(enum enum_server_command command, THD *thd, if (save_user_connect) decrease_user_connections(save_user_connect); #endif /* NO_EMBEDDED_ACCESS_CHECKS */ + pthread_mutex_lock(&thd->LOCK_thd_data); x_free(save_db); + pthread_mutex_unlock(&thd->LOCK_thd_data); x_free(save_security_ctx.user); } break; |