Bug #104447 Contribution by Facebook: Fix freed memory access in performance schema tab ...
Submitted: 28 Jul 2021 16:51 Modified: 2 May 2022 8:02
Reporter: FBContrib Admin Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Performance Schema Severity:S3 (Non-critical)
Version:8.0.20 OS:Any
Assigned to: Marc ALFF CPU Architecture:Any

[28 Jul 2021 16:51] FBContrib Admin 
Description:
Background innformation provided by Facebook:
Abstract:

https://bugs.mysql.com/bug.php?id=99180

There is a race in performance schema between checking if a THD is valid, and
then reading status variables off of it for aggregation. If the THD exits and
is freed between these two operations, then the reading of status variables
becomes invalid.

The fix is to use the `Find_thd_with_id` class to find and lock a THD, and then
execute the aggregation while under the THD data lock.

Use case:
Fixes a crash bug found in the server.

Repo: https://github.com/mysql/mysql-server
Patch on top of 8.0.20: https://github.com/mysql/mysql-server/commit/7d10c82196c

How to repeat:
See description

Suggested fix:
See contribution code attached
[28 Jul 2021 16:51] FBContrib Admin 
Fix freed memory access in performance schema tables (bug#99180) 
(*) This code is contributed under the Facebook agreement

Contribution: fb_patch_228.txt (text/plain), 4.10 KiB.
[2 May 2022 8:02] Jon Stephens 
EdG added following to 8.0.29 changelog:
Under certain circumstances, when executing TRUNCATE TABLE
performance_schema.status_by_thread; a race condition could occur.
Our thanks to Facebook for their contribution to this fix.  

Closed.