Bug #111860 shutdown plugin core when init_events_waits_history_long failed
Submitted: 24 Jul 2023 8:59 Modified: 5 Sep 2023 10:03
Reporter: Fan Lyu Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Performance Schema Severity:S3 (Non-critical)
Version: OS:Any
Assigned to: CPU Architecture:Any

[24 Jul 2023 8:59] Fan Lyu
Description:
when perf-schema enabled
1.set performance_schema_max_sql_text_length as a big value ,start mysqld
2.In initialization process, , when entering function
[init_events_waits_history_long],
global variable[events_waits_history_long_size] is set to the user input,
but this function may fail due to mallocing big memory for global variable [events_waits_history_long_array].
however,
3.Then Initialization Performance schema failed,  cleanup_performance_schema will be called and reset those relating global variables. But [events_waits_history_long_size] is not reset!!!!!
4. shutdown normally, when shutdown plugin: plugin_shutdown->...->reset_source_file_pointers:
code belike:

  PFS_events_waits *wait = events_waits_history_long_array;
  PFS_events_waits *wait_last = wait + events_waits_history_long_size;
  for (; wait < wait_last; wait++) {
    wait->m_source_file = nullptr;
  }

so here events_waits_history_long_array is nullptr but events_waits_history_long_size is not 0 (cuz is set in [init_events_waits_history_long], but not reset when perf-schema failed)

This causes code go into for loop and trigger nullptr core

How to repeat:
set performance_schema_max_sql_text_length as a big value,to make init_events_waits_history_long fail. 
Or just use a stub to make [init_events_waits_history_long]fail in initialization

Suggested fix:
that's easy 
in [cleanup_events_waits_history_long]
not only reset events_waits_history_long_array to nullptr
but also reset events_waits_history_long_size to 0.
[24 Jul 2023 13:11] MySQL Verification Team
Hi Mr. Lyu,

Thank you for your bug report.

We tested your report and we repeated the behaviour with both 8.0.34 and 8.10.

There should be some upper limit set and the error returned. There is no error no warning even with a debug release.

Verified as reported.
[5 Sep 2023 10:03] Edward Gilmore
Posted by developer:
 
Added the following note to the MySQL Server 8.2.0 release notes:

Under certain circumstances, if an out of memory condition occurred during Performance Schema initialization,
the server closed unexpectedly during the cleanup process.

Thank you for the bug report.
[18 Sep 2023 10:17] MySQL Verification Team
Thank you, Mr. Gilmore.