Description:
If an engine fails to initialize (during INSTALL PLUGIN or server startup), further accesses to MyISAM tables (including grant tables) may result in server crash.
This is affecting all engines with init() function that may return non-zero status on error. At least InnoDB, NDB and Falcon are pretty affected. Third party engines may be affected as well.
Though it was discovered while fixing pure Falcon BUG#42275, it is also affecting mysql-5.1.
Both risk and effort to fix are low.
The problem seem to be around handlerton to plugin mapping. Handlerton slot in hton2plugin mapping is calculated after plugin init() function gets called. If init() function fails, handlerton slot left untouched and holding 0 value (which is usually MyISAM slot).
Later, when we call deinit() function, we're actually shutting down MyISAM and setting it's slot to NULL.
How to repeat:
Trigger an engine init() function to return non-zero status. The easiest way to repeat this is to modify some trivial storage engine to always return non-zero.
E.g. always return 1 from blackhole_init() in ha_blackhole.cc and start the server (if an engine is compiled-in or installed) or issue INSTALL PLUGIN statement.
Suggested fix:
This probably may be fixed by the following patch:
=== modified file 'sql/handler.cc'
--- sql/handler.cc 2008-12-10 20:14:50 +0000
+++ sql/handler.cc 2009-01-26 10:22:51 +0000
@@ -433,6 +433,8 @@
{
if (plugin->plugin->init(hton))
{
+ my_free((uchar*) hton, MYF(0));
+ plugin->data= NULL;
sql_print_error("Plugin '%s' init function returned error.",
plugin->name.str);
goto err;
