MDEV-11628 mysql.slow_log reports incorrect start time

vuvova · vuvova · commit dcb814c44ec2 · 2024-01-23T15:40:42.000+01:00
use thd-&gt;start_time for the "start_time" column of the slow_log table.
"current_time" here refers to the current_time() function return value
not to the actual *current* time.

also fixes
MDEV-33267 User with minimal permissions can intentionally corrupt mysql.slow_log table
diff --git a/mysql-test/main/log_tables.result b/mysql-test/main/log_tables.result
@@ -994,6 +994,34 @@ ERROR HY000: Cannot rename 'slow_log'. When logging enabled, rename to/from log
 use test;
 flush tables with read lock;
 unlock tables;
+#
+# MDEV-33267 User with minimal permissions can intentionally corrupt mysql.slow_log table
+#
+truncate mysql.slow_log;
+set global log_output= 'TABLE';
+create user u@localhost;
+set slow_query_log=on, long_query_time=0.1;
+select 'before evil-doing', sleep(0.2);
+before evil-doing	sleep(0.2)
+before evil-doing	0
+connect  con1,localhost,u,,;
+set @@timestamp= 2147483647;
+set slow_query_log=on, long_query_time=0.1;
+select 'evil-doing', sleep(1.1);
+evil-doing	sleep(1.1)
+evil-doing	0
+disconnect con1;
+connection default;
+select 'after evil-doing', sleep(0.2);
+after evil-doing	sleep(0.2)
+after evil-doing	0
+select distinct sql_text from mysql.slow_log where sql_text like '%evil%';
+sql_text
+select 'before evil-doing', sleep(0.2)
+select 'evil-doing', sleep(1.1)
+select 'after evil-doing', sleep(0.2)
+set global log_output=default;
+drop user u@localhost;
 SET @@global.log_output=       @old_log_output;
 SET @@global.slow_query_log=   @old_slow_query_log;
 SET @@global.general_log=      @old_general_log;
diff --git a/mysql-test/main/log_tables.test b/mysql-test/main/log_tables.test
@@ -1033,6 +1033,24 @@ use test;
 flush tables with read lock;
 unlock tables;
 
+--echo #
+--echo # MDEV-33267 User with minimal permissions can intentionally corrupt mysql.slow_log table
+--echo #
+truncate mysql.slow_log;
+set global log_output= 'TABLE';
+create user u@localhost;
+set slow_query_log=on, long_query_time=0.1;
+select 'before evil-doing', sleep(0.2);
+--connect (con1,localhost,u,,)
+set @@timestamp= 2147483647;
+set slow_query_log=on, long_query_time=0.1;
+select 'evil-doing', sleep(1.1);
+--disconnect con1
+--connection default
+select 'after evil-doing', sleep(0.2);
+select distinct sql_text from mysql.slow_log where sql_text like '%evil%';
+set global log_output=default;
+drop user u@localhost;
 
 SET @@global.log_output=       @old_log_output;
 SET @@global.slow_query_log=   @old_slow_query_log;
diff --git a/sql/log.cc b/sql/log.cc
@@ -1334,7 +1334,7 @@ bool LOGGER::slow_log_print(THD *thd, const char *query, size_t query_length,
     query_utime= (current_utime - thd->start_utime);
     lock_utime=  (thd->utime_after_lock - thd->start_utime);
     my_hrtime_t current_time= { hrtime_from_time(thd->start_time) +
-                                thd->start_time_sec_part + query_utime };
+                                thd->start_time_sec_part };
 
     if (!query || thd->get_command() == COM_STMT_PREPARE)
     {

Original file line number	Diff line number	Diff line change
`@@ -1334,7 +1334,7 @@ bool LOGGER::slow_log_print(THD thd, const char query, size_t query_length,`
`1334`	`1334`	`query_utime= (current_utime - thd->start_utime);`
`1335`	`1335`	`lock_utime= (thd->utime_after_lock - thd->start_utime);`
`1336`	`1336`	`my_hrtime_t current_time= { hrtime_from_time(thd->start_time) +`
`1337`		`- thd->start_time_sec_part + query_utime };`
	`1337`	`+ thd->start_time_sec_part };`
`1338`	`1338`
`1339`	`1339`	`if (!query \|\| thd->get_command() == COM_STMT_PREPARE)`
`1340`	`1340`	`{`