Bug #98113 Crash possible when load & unload a connection handler
Submitted: 3 Jan 2020 0:19 Modified: 16 Jan 2020 13:24
Reporter: Fangxin Flou (OCA) Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: Pluggable Authentication Severity:S3 (Non-critical)
Version:5.7, 8.0 OS:Any
Assigned to: CPU Architecture:Any

[3 Jan 2020 0:19] Fangxin Flou
Description:
The code of unload_connection_handler in current version.

bool Connection_handler_manager::unload_connection_handler()
{
  DBUG_ASSERT(m_saved_connection_handler != NULL);
  if (m_saved_connection_handler == NULL)
    return true;
  delete m_connection_handler;
  m_connection_handler= m_saved_connection_handler;
  Connection_handler_manager::thread_handling= m_saved_thread_handling;
  m_saved_connection_handler= NULL;
  m_saved_thread_handling= 0;
  max_threads= m_connection_handler->get_max_threads();
  return false;
}

The delete run before reset m_connection_handler correctly.

How to repeat:
put a sleep after "delete m_connection_handler"

Suggested fix:
save the m_connection_handler first

bool Connection_handler_manager::unload_connection_handler()
{
  DBUG_ASSERT(m_saved_connection_handler != NULL);
  if (m_saved_connection_handler == NULL)
    return true;
  Connection_handler *current_handler = m_connection_handler;
  m_connection_handler= m_saved_connection_handler;
  Connection_handler_manager::thread_handling= m_saved_thread_handling;
  m_saved_connection_handler= NULL;
  m_saved_thread_handling= 0;
  max_threads= m_connection_handler->get_max_threads();
  delete current_handler;
  return false;
}

or just remove the "delete m_connection_handler" line, let caller do the delete job
[7 Jan 2020 15:02] MySQL Verification Team
Hello Mr. Flou,

Thank you for your bug report.

However, this report is very unclear and less then rudimentary .....

What releases are affected ??? What are problems that you observe ???  How can we repeat the buggy behaviour that you are reporting ??? Is there a crash or some other malfunction ??? What is the source code file and line numbers ....

We need all these data and more in order to start considering this report.
[12 Jan 2020 8:47] Fangxin Flou
We developed a connection manager plugin (like thread pool), which can be enabled or disabled dynamically by load and unload connection handler function listed. 

Under connection storm (like php application) with very high cpu usage, it could lead to a crash because the connection handler is deleted before restore to the old connection handler.
[13 Jan 2020 13:04] MySQL Verification Team
Hi Mr. Flou,

Thank you for your feedback.

However, you are reporting a bug in your own software. We have a thread pool in our Enterprise Edition, which is on the server side, which does not have problems, what so ever ...

Hence, you should debug your own problems yourself ......
[16 Jan 2020 13:24] MySQL Verification Team
Hi Mr. Flou,

Upon further analysis, I concluded that this is truly a bug.

Thank you for your contribution.

Verified as reported.