You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@impala.apache.org by ta...@apache.org on 2019/06/28 05:32:17 UTC

[impala] 03/03: IMPALA-8713: fix stack overflow in unhex()

This is an automated email from the ASF dual-hosted git repository.

tarmstrong pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/impala.git

commit c353cf7a648651244ac39677d0cb028e704281d0
Author: Tim Armstrong <ta...@cloudera.com>
AuthorDate: Wed Jun 26 16:24:11 2019 -0700

    IMPALA-8713: fix stack overflow in unhex()
    
    Write the results into the output heap buffer
    instead of into a temporary stack buffer.
    
    No additional memory is used because
    AnyValUtil::FromBuffer() allocated a temporary
    buffer anyway.
    
    Testing:
    Added a targeted test to expr-test that caused
    a crash before this fix.
    
    Change-Id: Ie0c1760511a04c0823fc465cf6e529e9681b2488
    Reviewed-on: http://gerrit.cloudera.org:8080/13743
    Reviewed-by: Impala Public Jenkins <im...@cloudera.com>
    Tested-by: Impala Public Jenkins <im...@cloudera.com>
---
 be/src/exprs/expr-test.cc         | 3 +++
 be/src/exprs/math-functions-ir.cc | 6 +++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/be/src/exprs/expr-test.cc b/be/src/exprs/expr-test.cc
index 76fdf1a..b11dd52 100644
--- a/be/src/exprs/expr-test.cc
+++ b/be/src/exprs/expr-test.cc
@@ -5531,6 +5531,9 @@ TEST_P(ExprTest, MathConversionFunctions) {
   TestStringValue("unhex('30GA')", "");
   // Uneven number of chars results in empty string.
   TestStringValue("unhex('30A')", "");
+  // IMPALA-8713: stack overflow in unhex().
+  TestValue("length(unhex(repeat('a', 1024 * 1024 * 1024)))",
+      TYPE_INT, 512 * 1024 * 1024);
 
   // Run the test suite twice, once with a bigint parameter, and once with
   // string parameters.
diff --git a/be/src/exprs/math-functions-ir.cc b/be/src/exprs/math-functions-ir.cc
index d938953..527b51b 100644
--- a/be/src/exprs/math-functions-ir.cc
+++ b/be/src/exprs/math-functions-ir.cc
@@ -258,7 +258,7 @@ StringVal MathFunctions::Unhex(FunctionContext* ctx, const StringVal& s) {
   if (s.len % 2 != 0) return StringVal();
 
   int result_len = s.len / 2;
-  char result[result_len];
+  StringVal result(ctx, result_len);
   int res_index = 0;
   int s_index = 0;
   while (s_index < s.len) {
@@ -300,10 +300,10 @@ StringVal MathFunctions::Unhex(FunctionContext* ctx, const StringVal& s) {
           return StringVal();
       }
     }
-    result[res_index] = c;
+    result.ptr[res_index] = c;
     ++res_index;
   }
-  return AnyValUtil::FromBuffer(ctx, result, result_len);
+  return result;
 }
 
 StringVal MathFunctions::ConvInt(FunctionContext* ctx, const BigIntVal& num,