Fixed the crash issue of the disable myisam plug-in.

Previously, I wrote a plug-in (blog) to prohibit the creation of MyISAM tables. An issue is reported. After MySQL is restarted, uninstall plugin will cause crash.

After testing, we can reproduce it. After gdb is mounted, backstace is as follows:

(Gdb) bt
#0 0x000000000000006f7658 in column_bitmaps_set (write_set_arg = 0x189ad98, read_set_arg = 0x189ad98, this = 0x7fc3a800fa60)
At/root/mysql-5.6.24-tp/SQL/table. h: 1228
#1 use_all_columns (this = 0x7fc3a800fa60) at/root/mysql-5.6.24-tp/SQL/table. h: 1238
#2 mysql_uninstall_plugin (thd = thd @ entry = 0x1d1b030, name = 0x1d1d858) at/root/mysql-5.6.24-tp/SQL/SQL _plugin.cc: 2077
#3 0x00000000006e8daf in mysql_execute_command (thd = thd @ entry = 0x1d1b030) at/root/mysql-5.6.24-tp/SQL/SQL _parse.cc: 4910
#4 0x000000000000006ed9d8 in mysql_parse (thd = thd @ entry = 0x1d1b030, rawbuf =, length =,
Parser_state = parser_state @ entry = 0x7fc3c61b02f0) at/root/mysql-5.6.24-tp/SQL/SQL _parse.cc: 6391
#5 0x000000000000006ef1cd in dispatch_command (command = COM_QUERY, thd = 0x1d1b030, packet =, packet_length =)
At/root/mysql-5.6.24-tp/SQL/SQL _parse.cc: 1340
#6 0x00000000006f0f24 in do_command (thd =) at/root/mysql-5.6.24-tp/SQL/SQL _parse.cc: 1037
#7 0x00000000006bd662 in do_handle_one_connection (thd_arg = thd_arg @ entry = 0x1d1b030) at/root/mysql-5.6.24-tp/SQL/SQL _connect.cc: 982
#8 0x00000000006bd710 in handle_one_connection (arg = arg @ entry = 0x1d1b030) at/root/mysql-5.6.24-tp/SQL/SQL _connect.cc: 898
#9 0x000000000095dea3 in pfs_spawn_thread (arg = 0x1dbb410) at/root/mysql-5.6.24-tp/storage/perfschema/pfs. cc: 1860
#10 0x00007fc3f7258182 in start_thread (arg = 0x7fc3c61b1700) at pthread_create.c: 312
#11 0x00007fc3f676530d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone. S: 111
Further tracing the call to this column_bitmaps_set

Inline void column_bitmaps_set (MY_BITMAP * read_set_arg,
MY_BITMAP * write_set_arg)
  {
Read_set = read_set_arg;
Write_set = write_set_arg;
If (file & created)
File-> column_bitmaps_signal ();
  }
It was found that an error occurred in the file-> column_bitmaps_signal step. After disassembly, it was indeed in the callq command. After the disassembly, the name of the function called by gdb in the callq command is not displayed, indicating that the address is probably invalid. Here, the file member variable is the wrapper generated by the plug-in that replaces ha_mysiam in the create operation. Print the content and find _ vptr. handler = 0x7fc3d44768d0. The class name pointing to is not shown here.

After reading the code of mysql_uninstall_plugin SQL _handler.cc, I understood the cause. Uninstalling the plug-in will delete the corresponding records in the mysql. plugin table. In mysql_uninstall_plugin, the mysql. plugin table is opened first, the plug-in is uninstalled, and the corresponding records are deleted. The problem is that the plugin table is also a MyISAM table. If the plug-in is enabled when enabled, the corresponding handler is the wrapper in the plug-in. After the plug-in is uninstalled, the code of the corresponding address no longer exists, resulting in crash. Now that this is the reason, I think again that if tables are opened during the plug-in loading, it will also cause errors to access these tables after the plug-in is uninstalled. I tried it for a while, and it was a cold sweat.

Next, we will consider how to solve this problem. Since the plug-in cannot be detached, you need to replace the existing handler pointing to wrapper with the original ha_myisam when uninstalling the plug-in. Handler's memory is managed by mysql and will not be released because of plug-in uninstallation. So it can be modified. Wrapper is a derived class of ha_myisam without adding members. Therefore, the memory layout is identical to that of ha_myisam. The only difference lies in the virtual function table. C ++ does not seem to have the syntax for forced conversion to the parent class. Therefore, replace the virtual function table pointer directly. The C ++ virtual function pointer is always at the top of the object. Therefore, create a real ha_myisam object and copy its virtual function pointer back. You can try it out. The next step is to maintain a set of existing handler in the wrapper constructor and destructor for processing during uninstallation.