Bug#50557 checksum table crashes server when used in performance_schema

CHECKSUM TABLE for performance schema tables could cause uninitialized memory reads. The root cause is a design flaw in the implementation of mysql_checksum_table(), which do not honor null fields. However, fixing this bug in CHECKSUM TABLE is risky, as it can cause the checksum value to change. This fix implements a work around, to systematically reset fields values even for null fields, so that the field memory representation is always initialized with a known value.
2025-01-16 03:52:35 +01:00 · 2010-09-17 13:03:09 -06:00 · 2010-09-17 13:03:09 -06:00 · 14ac8c79ff
commit 14ac8c79ff
parent fdb40d42e5
1 changed files with 12 additions and 0 deletions
--- a/storage/perfschema/pfs_engine_table.cc
+++ b/storage/perfschema/pfs_engine_table.cc
@ -223,6 +223,8 @@ int PFS_engine_table::read_row(TABLE *table,
                               Field **fields)
 {
  my_bitmap_map *org_bitmap;
+  Field *f;
+  Field **fields_reset;

  /*
    Make sure the table structure is as expected before mapping
@ -240,6 +242,16 @@ int PFS_engine_table::read_row(TABLE *table,

  /* We internally write to Fields to support the read interface */
  org_bitmap= dbug_tmp_use_all_columns(table, table->write_set);
+
+  /*
+    Some callers of the storage engine interface do not honor the
+    f->is_null() flag, and will attempt to read the data itself.
+    A known offender is mysql_checksum_table().
+    For robustness, reset every field.
+  */
+  for (fields_reset= fields; (f= *fields_reset) ; fields_reset++)
+    f->reset();
+
  int result= read_row_values(table, buf, fields, read_all);
  dbug_tmp_restore_column_map(table->write_set, org_bitmap);