Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
10.0.1, 5.5.30, 5.1.67, 5.2.14, 5.3.12
-
None
-
None
Description
SHOW PROCESSLIST accesses the current db (THD::db) of each thread without
any protection against simultaneous update (by THD::set_db()).
if ((thd_info->db=tmp->db)) // Safe test
|
thd_info->db=thd->strdup(thd_info->db);
|
This can result in reading free()d memory, in theory returning sensitive data
or even crashing (if free() decided to munmap() the memory).
A possible solution is to protect THD::set_db() calls, as well as reading of
THD::db from SHOW PROCESSLIST, by the LOCK_thd_data mutex.