Bug#25492129 --PERFORMANCE-SCHEMA-DIGESTS-SIZE=1 LEADS TO SIGSEGV

marcalff · marcalff · commit e85a5e60749c · 2017-02-03T11:47:53.000+01:00
Before this fix, starting a server with
  --performance-schema-digests-size=1
would cause a crash.

The root cause is in function fund_or_create_digest().

When scanning the digest array, the code skip entry [0]
which is reserved for the "NULL" digest,
and proceeds directly to entry [1].

When --performance-schema-digests-size is 2 or more,
the record at index [1] exists, but for a size of exactly 1,
using this record causes a failure.

The fix is ignore record 0 instead of adjusting to record 1,
and let the while loop operate normally,
as it accesses records safely already.
diff --git a/mysql-test/suite/perfschema/r/start_server_1_digest.result b/mysql-test/suite/perfschema/r/start_server_1_digest.result
@@ -0,0 +1,7 @@
+SELECT "Digest table has a size 1 and is full already." as use_case;
+use_case
+Digest table has a size 1 and is full already.
+select SCHEMA_NAME, DIGEST, DIGEST_TEXT
+from performance_schema.events_statements_summary_by_digest;
+SCHEMA_NAME	DIGEST	DIGEST_TEXT
+NULL	NULL	NULL
diff --git a/mysql-test/suite/perfschema/t/start_server_1_digest-master.opt b/mysql-test/suite/perfschema/t/start_server_1_digest-master.opt
@@ -0,0 +1 @@
+--performance-schema-digests-size=1
diff --git a/mysql-test/suite/perfschema/t/start_server_1_digest.test b/mysql-test/suite/perfschema/t/start_server_1_digest.test
@@ -0,0 +1,15 @@
+# -----------------------------------------------------------------------
+# Tests for the performance schema statement Digests.
+# -----------------------------------------------------------------------
+
+--source include/not_embedded.inc
+--source include/have_perfschema.inc
+--source include/no_protocol.inc
+
+SELECT "Digest table has a size 1 and is full already." as use_case;
+
+select SCHEMA_NAME, DIGEST, DIGEST_TEXT
+  from performance_schema.events_statements_summary_by_digest;
+
+
+
diff --git a/storage/perfschema/pfs_digest.cc b/storage/perfschema/pfs_digest.cc
@@ -1,4 +1,4 @@
-/* Copyright (c) 2008, 2016, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2008, 2017, Oracle and/or its affiliates. All rights reserved.
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -255,10 +255,11 @@ find_or_create_digest(PFS_thread *thread,
     if (safe_index == 0)
     {
       /* Record [0] is reserved. */
-      safe_index= 1;
+      continue;
     }
 
     /* Add a new record in digest stat array. */
+    DBUG_ASSERT(safe_index < digest_max);
     pfs= &statements_digest_stat_array[safe_index];
 
     if (pfs->m_lock.is_free())
