上游MySQL内核潜在与安全和稳定性相关的bugfix未合入

[fullwaywang]

近期在研究MySQL Server内核漏洞和补丁时，借助大语言模型，从MySQL Server的各版本bugfix、代码仓库提交历史注释和diff中，推断出了一批次潜在解决漏洞、其它安全性和稳定性问题的代码commits与对应的BugID，并经过安全研究人员二次分析确认。借助Patch2QL工具，为这些补丁生成了对应的CodeQL规则。
在使用这个规则集，对包括polardbx在内的、基于MySQL Server社区版深度定制的开源数据库内核项目进行分析时，发现了一些补丁在项目源码中未进行有效合入。其中部分可以很容易判断出可利用性与版本代码上下文无耦合性，另外一些则需要研发专家判断是否可能存在影响、需要合入。

以下为针对8.0.18版本分支扫描后的检出：

./mysql-#33107663_600e8b8/Rows_log_event__next_record_scan-autogen.ql
|       func       |                           col1                            |
+------------------+-----------------------------------------------------------+
| next_record_scan | /data/project/build/polardbx-engine/sql/log_event.cc:8726 |
./mysql-#34594035_b25312b/mysql_audit_release-autogen.ql
|        func         |                           col1                            |
+---------------------+-----------------------------------------------------------+
| mysql_audit_release | /data/project/build/polardbx-engine/sql/sql_audit.cc:1274 |
./mysql-#34594035_b25312b/THD__release_resources-autogen.ql
|       func        |                           col1                            |
+-------------------+-----------------------------------------------------------+
| release_resources | /data/project/build/polardbx-engine/sql/sql_class.cc:1031 |
./mysql-#34594035_b25312b/MDL_context__acquire_lock_-autogen.ql
|     func     |                        col1                         |
+--------------+-----------------------------------------------------+
| acquire_lock | /data/project/build/polardbx-engine/sql/mdl.cc:3344 |
./mysql-#34594035_b25312b/mysql_audit_release_-autogen.ql
|        func         |                           col1                            |
+---------------------+-----------------------------------------------------------+
| mysql_audit_release | /data/project/build/polardbx-engine/sql/sql_audit.cc:1274 |
./mysql-#33830493_01cd607/Persisted_variables_cache__init-autogen.ql
| func |                               col1                                |
+------+-------------------------------------------------------------------+
| init | /data/project/build/polardbx-engine/sql/persisted_variable.cc:203 |
./mysql-#33206343_c08374f/dispatch_command-autogen.ql
|       func       |                           col1                            |
+------------------+-----------------------------------------------------------+
| dispatch_command | /data/project/build/polardbx-engine/sql/sql_parse.cc:1603 |
./mysql-#33206343_c08374f/dispatch_command_-autogen.ql
|       func       |                           col1                            |
+------------------+-----------------------------------------------------------+
| dispatch_command | /data/project/build/polardbx-engine/sql/sql_parse.cc:1603 |
./mysql-#33206343_c08374f/Sql_cmd_show_replicas__execute_inner-autogen.ql
|         func          |                           col1                            |
+-----------------------+-----------------------------------------------------------+
| mysql_execute_command | /data/project/build/polardbx-engine/sql/sql_parse.cc:2809 |
./mysql-#34274914_44e4da6/File_IO__operator<<-autogen.ql
|    func    |                                  col1                                   |
+------------+-------------------------------------------------------------------------+
| operator<< | /data/project/build/polardbx-engine/sql/auth/sql_authentication.cc:4508 |
./mysql-#34274914_44e4da6/Rsa_authentication_keys__read_key_file-autogen.ql
|     func      |                                  col1                                  |
+---------------+------------------------------------------------------------------------+
| read_key_file | /data/project/build/polardbx-engine/sql/auth/sql_authentication.cc:979 |
./mysql-#34274914_44e4da6/init_rsa_keys-autogen.ql
|     func      |                                  col1                                   |
+---------------+-------------------------------------------------------------------------+
| init_rsa_keys | /data/project/build/polardbx-engine/sql/auth/sql_authentication.cc:4029 |
./mysql-#35846221_ddfa195/Item_func_make_set__resolve_type-autogen.ql
|     func     |                             col1                             |
+--------------+--------------------------------------------------------------+
| resolve_type | /data/project/build/polardbx-engine/sql/item_strfunc.cc:2190 |
./mysql-#33546207_816720c/Migrate_keyring__execute-autogen.ql
|  func   |                              col1                              |
+---------+----------------------------------------------------------------+
| execute | /data/project/build/polardbx-engine/sql/migrate_keyring.cc:185 |
./mysql-#32103192_70cf38f/Gtid_state__get_automatic_gno-autogen.ql
|       func        |                             col1                              |
+-------------------+---------------------------------------------------------------+
| get_automatic_gno | /data/project/build/polardbx-engine/sql/rpl_gtid_state.cc:391 |
./mysql-#32103192_70cf38f/Gtid_state__get_automatic_gno_-autogen.ql
|       func        |                             col1                              |
+-------------------+---------------------------------------------------------------+
| get_automatic_gno | /data/project/build/polardbx-engine/sql/rpl_gtid_state.cc:391 |
./mysql-#32103192_70cf38f/parse_gno-autogen.ql
|   func    |                            col1                             |
+-----------+-------------------------------------------------------------+
| parse_gno | /data/project/build/polardbx-engine/sql/rpl_gtid_set.cc:412 |

以最后一个条目为例，该检出基于的是上游Bug #32103192缺陷、在commit 70cf38f进行修复的补丁建立的规则发现的，检出的函数为parse_gno，检出函数起始位置为sql/rpl_gtid_set.cc:412。

报告者：fullwaywang

[sWildGold]

感谢您的安全漏洞分析。一些经判定为严重漏洞的bugfix，我们会进行单独port修复，其余mysql新版本bugfix，我们以跟进官方版本的方式来解决。