You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@doris.apache.org by GitBox <gi...@apache.org> on 2022/05/19 12:51:10 UTC

[GitHub] [incubator-doris] dataroaring opened a new issue, #9691: [Bug] vectorized stream load use after free on bitmap

dataroaring opened a new issue, #9691:
URL: https://github.com/apache/incubator-doris/issues/9691

   ### Search before asking
   
   - [X] I had searched in the [issues](https://github.com/apache/incubator-doris/issues?q=is%3Aissue) and found no similar issues.
   
   
   ### Version
   
   master
   
   ### What's Wrong?
   
   `==1694770==ERROR: AddressSanitizer: heap-use-after-free on address 0x603000a4f000 at pc 0x55a4b1cd34da bp 0x7f2f817ad900 sp 0x7f2f817ad8f0
   READ of size 1 at 0x603000a4f000 thread T998 (MemTableFlushTh)
       #0 0x55a4b1cd34d9 in doris::faststring::append(void const*, unsigned long) /home/zcp/be/src/util/faststring.h:120
       #1 0x55a4b1cd40bc in doris::segment_v2::BinaryPlainPageBuilder::add(unsigned char const*, unsigned long*) /home/zcp/be/src/olap/rowset/segme
   nt_v2/binary_plain_page.h:69
       #2 0x55a4b417cdaf in doris::segment_v2::ScalarColumnWriter::append_data_in_current_page(unsigned char const**, unsigned long*) /home/zcp/be/
   src/olap/rowset/segment_v2/column_writer.cpp:341
       #3 0x55a4b417c8e6 in doris::segment_v2::ScalarColumnWriter::append_data(unsigned char const**, unsigned long) /home/zcp/be/src/olap/rowset/s
   egment_v2/column_writer.cpp:329
       #4 0x55a4b417984e in doris::segment_v2::ColumnWriter::append_nullable(unsigned char const*, unsigned char const**, unsigned long) /home/zcp/
   be/src/olap/rowset/segment_v2/column_writer.cpp:219
       #5 0x55a4b4179bb5 in doris::segment_v2::ColumnWriter::append(unsigned char const*, void const*, unsigned long) /home/zcp/be/src/olap/rowset/
   segment_v2/column_writer.cpp:231
       #6 0x55a4b402d7fc in doris::segment_v2::SegmentWriter::append_block(doris::vectorized::Block const*, unsigned long, unsigned long) /home/zcp
   /be/src/olap/rowset/segment_v2/segment_writer.cpp:140
       #7 0x55a4b1e5e09d in doris::BetaRowsetWriter::add_block(doris::vectorized::Block const*) /home/zcp/be/src/olap/rowset/beta_rowset_writer.cpp
   :123
       #8 0x55a4b1c5dd66 in doris::MemTable::_do_flush(long&) /home/zcp/be/src/olap/memtable.cpp:305
       #9 0x55a4b1c5cc61 in doris::MemTable::flush() /home/zcp/be/src/olap/memtable.cpp:277
       #10 0x55a4b18f7677 in doris::FlushToken::_flush_memtable(std::shared_ptr<doris::MemTable>, long) /home/zcp/be/src/olap/memtable_flush_execut
   or.cpp:74
   
   
   
   0x603000a4f000 is located 16 bytes inside of 32-byte region [0x603000a4eff0,0x603000a4f010)
   freed by thread T998 (MemTableFlushTh) here:
       #0 0x55a4b1071868 in realloc (/mnt/hdd01/VEC_ASAN/be/lib/palo_be+0x536a868)
       #1 0x55a4b1545913 in Allocator<false, false>::realloc(void*, unsigned long, unsigned long, unsigned long) /home/zcp/be/src/vec/common/allocator.h:125
       #2 0x55a4b153b4bb in void doris::vectorized::PODArrayBase<1ul, 4096ul, Allocator<false, false>, 15ul, 16ul>::realloc<>(unsigned long) /home/zcp/be/src/vec/common/pod_array.h:147
       #3 0x55a4b15308ee in void doris::vectorized::PODArrayBase<1ul, 4096ul, Allocator<false, false>, 15ul, 16ul>::reserve<>(unsigned long) /home/zcp/be/src/vec/common/pod_array.h:213
       #4 0x55a4b15222da in void doris::vectorized::PODArrayBase<1ul, 4096ul, Allocator<false, false>, 15ul, 16ul>::resize<>(unsigned long) /home/zcp/be/src/vec/common/pod_array.h:219
       #5 0x55a4b72f9cef in doris::vectorized::OlapBlockDataConvertor::OlapColumnDataConvertorBitMap::convert_to_olap() /home/zcp/be/src/vec/olap/olap_data_convertor.cpp:208
       #6 0x55a4b72f90f7 in doris::vectorized::OlapBlockDataConvertor::convert_column_data(unsigned long) /home/zcp/be/src/vec/olap/olap_data_convertor.cpp:131
       #7 0x55a4b402d543 in doris::segment_v2::SegmentWriter::append_block(doris::vectorized::Block const*, unsigned long, unsigned long) /home/zcp/be/src/olap/rowset/segment_v2/segment_writer.cpp:133
       #8 0x55a4b1e5e09d in doris::BetaRowsetWriter::add_block(doris::vectorized::Block const*) /home/zcp/be/src/olap/rowset/beta_rowset_writer.cpp:123
       #9 0x55a4b1c5dd66 in doris::MemTable::_do_flush(long&) /home/zcp/be/src/olap/memtable.cpp:305
       #10 0x55a4b1c5cc61 in doris::MemTable::flush() /home/zcp/be/src/olap/memtable.cpp:277
       #11 0x55a4b18f7677 in doris::FlushToken::_flush_memtable(std::shared_ptr<doris::MemTable>, long) /home/zcp/be/src/olap/memtable_flush_executor.cpp:74
   
   `
   
   ### What You Expected?
   
   work normal
   
   ### How to Reproduce?
   
   _No response_
   
   ### Anything Else?
   
   _No response_
   
   ### Are you willing to submit PR?
   
   - [ ] Yes I am willing to submit a PR!
   
   ### Code of Conduct
   
   - [X] I agree to follow this project's [Code of Conduct](https://www.apache.org/foundation/policies/conduct)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For additional commands, e-mail: commits-help@doris.apache.org