Bug#58003 Segfault on CHECKSUM TABLE performance_schema.EVENTS_WAITS_HISTORY_LONG EXTENDED

This fix is a follow up on the fix for similar issue 56761.

When sanitizing data read from the events_waits_history_long table,
the code needs also to sanitize the schema_name / object_name / file_name pointers,
because such pointers could also hold invalid values.
Checking the string length alone was required but not sufficient.

This fix verifies that:
- the table schema and table name used in table io events
- the file name used in file io events
are valid pointers before dereferencing these pointers.

1 files changed, 16 insertions, 0 deletions

diff --git a/storage/perfschema/pfs_global.h b/storage/perfschema/pfs_global.h
index 6050612e24c..c0c0490a380 100644
--- a/storage/perfschema/pfs_global.h
+++ b/storage/perfschema/pfs_global.h
@@ -79,5 +79,21 @@ inline uint randomized_index(const void *ptr, uint max_size)
 
 void pfs_print_error(const char *format, ...);
 
+/**
+  Given an array defined as T ARRAY[MAX],
+  check that an UNSAFE pointer actually points to an element
+  within the array.
+*/
+#define SANITIZE_ARRAY_BODY(T, ARRAY, MAX, UNSAFE)          \
+  intptr offset;                                            \
+  if ((&ARRAY[0] <= UNSAFE) &&                              \
+      (UNSAFE < &ARRAY[MAX]))                               \
+  {                                                         \
+    offset= ((intptr) UNSAFE - (intptr) ARRAY) % sizeof(T); \
+    if (offset == 0)                                        \
+      return UNSAFE;                                        \
+  }                                                         \
+  return NULL
+
 #endif