Bug#51377 Crash in information_schema / processlist on concurrent DDL workload

    the fill_schema_processlist function accesses THD::query() without proper protection
    so the parallel thread killing can lead to access to the freed meemory.

per-file comments:
  sql/sql_load.cc
Bug#51377      Crash in information_schema / processlist on concurrent DDL workload
    the THD::set_query_inner() call needs to be protected.
    But here we don't need to change the original thd->query() at all.
  sql/sql_show.cc
Bug#51377      Crash in information_schema / processlist on concurrent DDL workload
    protect the THD::query() access with the THD::LOCK_thd_data mutex.

1 files changed, 3 insertions, 5 deletions

diff --git a/sql/sql_load.cc b/sql/sql_load.cc
index ee3b442c83a..3fb1b07cf6c 100644
--- a/sql/sql_load.cc
+++ b/sql/sql_load.cc
@@ -689,12 +689,10 @@ static bool write_execute_load_query_log_event(THD *thd, sql_exchange* ex,
   strcpy(end, p);
   end += pl;
 
-  thd->set_query_inner(load_data_query, end - load_data_query);
-
   Execute_load_query_log_event
-    e(thd, thd->query(), thd->query_length(),
-      (uint) ((char*) fname_start - (char*) thd->query() - 1),
-      (uint) ((char*) fname_end - (char*) thd->query()),
+    e(thd, load_data_query, end-load_data_query,
+      (uint) ((char*) fname_start - load_data_query - 1),
+      (uint) ((char*) fname_end - load_data_query),
       (duplicates == DUP_REPLACE) ? LOAD_DUP_REPLACE :
       (ignore ? LOAD_DUP_IGNORE : LOAD_DUP_ERROR),
       transactional_table, FALSE, errcode);