Fix heap-after-use between PROXYSQL INTERNAL SESSION and SHOW PROCESSLIST

[JavierJF]

This PR fixes potential invalid memory accesses from SHOW PROCESSLIST. Missing query cleanup in 'PROXYSQL INTERNAL SESSION' could lead to invalid memory accesses during 'SHOW PROCESSLIST' sessions scan.

[gemini-code-assist]

Summary of Changes

Hello @JavierJF, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request resolves a significant memory safety issue where SHOW PROCESSLIST could attempt to access memory that has already been freed by PROXYSQL INTERNAL SESSION operations. The core of the fix involves reordering memory deallocation to occur only after the session's request has been fully processed and logged. To ensure the stability and correctness of this fix, a new regression test has been added that specifically targets and reproduces the previously identified heap-after-use scenario.

Highlights

• Heap-After-Use Fix: Addresses a critical heap-after-use vulnerability that could lead to invalid memory accesses when SHOW PROCESSLIST is executed concurrently with PROXYSQL INTERNAL SESSION commands.
• Internal Session Cleanup: Ensures proper termination and cleanup of internal MySQL and PostgreSQL sessions by calling RequestEnd() before deallocating the associated packet memory, thus preventing memory corruption.
• New Regression Test: Introduces a dedicated regression test case (reg_test_proclist_use_after_free-t.cpp) to simulate the race condition and validate the fix, safeguarding against future reintroductions of this bug.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request correctly addresses a heap-use-after-free vulnerability by ensuring RequestEnd is called before the packet memory is freed. The logic is sound and the included comments clarify the change. The addition of a regression test is excellent for preventing this issue from recurring. I've found a minor area for improvement in the new test file to reduce code duplication.

[renecannao]

Can one of the admins verify this patch?

[renecannao]

Add to whitelist

[mirostauder]

retest this please

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud