You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@impala.apache.org by ta...@apache.org on 2019/06/28 05:32:17 UTC
[impala] 03/03: IMPALA-8713: fix stack overflow in unhex()
This is an automated email from the ASF dual-hosted git repository.
tarmstrong pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/impala.git
commit c353cf7a648651244ac39677d0cb028e704281d0
Author: Tim Armstrong <ta...@cloudera.com>
AuthorDate: Wed Jun 26 16:24:11 2019 -0700
IMPALA-8713: fix stack overflow in unhex()
Write the results into the output heap buffer
instead of into a temporary stack buffer.
No additional memory is used because
AnyValUtil::FromBuffer() allocated a temporary
buffer anyway.
Testing:
Added a targeted test to expr-test that caused
a crash before this fix.
Change-Id: Ie0c1760511a04c0823fc465cf6e529e9681b2488
Reviewed-on: http://gerrit.cloudera.org:8080/13743
Reviewed-by: Impala Public Jenkins <im...@cloudera.com>
Tested-by: Impala Public Jenkins <im...@cloudera.com>
---
be/src/exprs/expr-test.cc | 3 +++
be/src/exprs/math-functions-ir.cc | 6 +++---
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/be/src/exprs/expr-test.cc b/be/src/exprs/expr-test.cc
index 76fdf1a..b11dd52 100644
--- a/be/src/exprs/expr-test.cc
+++ b/be/src/exprs/expr-test.cc
@@ -5531,6 +5531,9 @@ TEST_P(ExprTest, MathConversionFunctions) {
TestStringValue("unhex('30GA')", "");
// Uneven number of chars results in empty string.
TestStringValue("unhex('30A')", "");
+ // IMPALA-8713: stack overflow in unhex().
+ TestValue("length(unhex(repeat('a', 1024 * 1024 * 1024)))",
+ TYPE_INT, 512 * 1024 * 1024);
// Run the test suite twice, once with a bigint parameter, and once with
// string parameters.
diff --git a/be/src/exprs/math-functions-ir.cc b/be/src/exprs/math-functions-ir.cc
index d938953..527b51b 100644
--- a/be/src/exprs/math-functions-ir.cc
+++ b/be/src/exprs/math-functions-ir.cc
@@ -258,7 +258,7 @@ StringVal MathFunctions::Unhex(FunctionContext* ctx, const StringVal& s) {
if (s.len % 2 != 0) return StringVal();
int result_len = s.len / 2;
- char result[result_len];
+ StringVal result(ctx, result_len);
int res_index = 0;
int s_index = 0;
while (s_index < s.len) {
@@ -300,10 +300,10 @@ StringVal MathFunctions::Unhex(FunctionContext* ctx, const StringVal& s) {
return StringVal();
}
}
- result[res_index] = c;
+ result.ptr[res_index] = c;
++res_index;
}
- return AnyValUtil::FromBuffer(ctx, result, result_len);
+ return result;
}
StringVal MathFunctions::ConvInt(FunctionContext* ctx, const BigIntVal& num,