Bug #108501 Add return value check for sanitize_table_share()
Submitted: 15 Sep 2022 23:09 Modified: 20 Nov 2023 16:38
Reporter: Li Zhong Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Performance Schema Severity:S2 (Serious)
Version:8.0.21 OS:Linux
Assigned to: CPU Architecture:Any

[15 Sep 2022 23:09] Li Zhong 
Description:
In https://github.com/mysql/mysql-server/blob/f8cdce86448a211511e8a039c62580ae16cb96f5/storag..., sanitize_table_share(PFS_table_share*) could return nullptr. So when it is used in m_key_2.match(share), it's possible to cause null pointer dereference. 

How to repeat:
We find this by our static analysis tool. The analysis result is checked manually.

Suggested fix:
Add check

if (share == ptr) {
  return false;
}
[16 Sep 2022 4:45] MySQL Verification Team 
Hello Li Zhong,

Thank you for the report.

regards,
Umesh
[20 Nov 2023 16:38] Edward Gilmore 
Posted by developer:
 
Added the following note to the MySQL Server 8.3.0 release notes:
	
Removed a potential issue with performance_schema.table_handles found through code analysis, but never reported by users.
[17 Jan 17:41] Jean-François Gagné 
This is flagged as fixed in 8.3.0, but also as affecting 8.0.21.

Will this be fixed in a future 8.0 release.