Bug#23104498 SERVER CRASHES AFTER CREATION OF ~524288 (2^19) TABLES.

Problem

The server crashes while allocating an index stat,
after 2^20 indexes.

This happens when the index buffer,
of size 1024*1024, is full.

The crash happens in PFS_buffer_scalable_container::allocate(),
while using pages beyond the end of the m_pages[PFS_PAGE_COUNT] array.

The root cause is PFS_buffer_scalable_container::init(),
which can compute a value of m_max_page_count that exceeds PFS_PAGE_COUNT.

Solution

When PFS_buffer_scalable_container::init() is called for a max size
that exceeds the buffer total capacity,
trim down m_max_page_count to PFS_PAGE_COUNT,
as this is the effective max number of pages that can be used.

Author: marcalff

storage/perfschema/pfs_buffer_container.h

@@ -445,13 +445,22 @@ class PFS_buffer_scalable_container
       }
       /* Bounded allocation. */
       m_full= false;
+
+      if (m_max_page_count > PFS_PAGE_COUNT)
+      {
+        m_max_page_count= PFS_PAGE_COUNT;
+        m_last_page_size= PFS_PAGE_SIZE;
+      }
     }
     else
     {
       /* max_size = -1 means unbounded allocation */
       m_full= false;
     }
 
+    DBUG_ASSERT(m_max_page_count <= PFS_PAGE_COUNT);
+    DBUG_ASSERT(m_last_page_size <= PFS_PAGE_SIZE);
+
     native_mutex_init(& m_critical_section, NULL);
     return 0;
   }