SHOW PROCESSLIST accesses the current db (THD::db) of each thread without
any protection against simultaneous update (by THD::set_db()).
This can result in reading free()d memory, in theory returning sensitive data
or even crashing (if free() decided to munmap() the memory).
A possible solution is to protect THD::set_db() calls, as well as reading of
THD::db from SHOW PROCESSLIST, by the LOCK_thd_data mutex.