You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues-all@impala.apache.org by "Tim Armstrong (JIRA)" <ji...@apache.org> on 2018/06/01 22:52:00 UTC
[jira] [Updated] (IMPALA-7111) ASAN heap-use-after-free in
impala::HdfsPluginTextScanner::CheckPluginEnabled
[ https://issues.apache.org/jira/browse/IMPALA-7111?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tim Armstrong updated IMPALA-7111:
----------------------------------
Target Version: Impala 2.13.0, Impala 3.1.0
> ASAN heap-use-after-free in impala::HdfsPluginTextScanner::CheckPluginEnabled
> -----------------------------------------------------------------------------
>
> Key: IMPALA-7111
> URL: https://issues.apache.org/jira/browse/IMPALA-7111
> Project: IMPALA
> Issue Type: Bug
> Components: Backend
> Affects Versions: Impala 2.13.0, Impala 3.1.0
> Reporter: Lars Volker
> Assignee: Tim Armstrong
> Priority: Blocker
> Labels: asan, broken-build
>
> [~tarmstrong@cloudera.com] - I'm assigning this to you since you added this file in IMPALA-6941.
> {noformat}
> ==4582==ERROR: AddressSanitizer: heap-use-after-free on address 0x603000e8aa28 at pc 0x0000017ab9b4 bp 0x7f67e5f6b650 sp 0x7f67e5f6b648
> READ of size 1 at 0x603000e8aa28 thread T9236
> #0 0x17ab9b3 in bool __gnu_cxx::__ops::_Iter_pred<boost::algorithm::detail::is_any_ofF<char> >::operator()<__gnu_cxx::__normal_iterator<char*, std::string> >(__gnu_cxx::__normal_iterator<char*, std::string>) /data/jenkins/workspace/impala-asf-2.x-core-asan/Impala-Toolchain/gcc-4.9.2/lib/gcc/x86_64-unknown-linux-gnu/4.9.2/../../../../include/c++/4.9.2/bits/predefined_ops.h:231:24
> #1 0x17ab745 in __gnu_cxx::__normal_iterator<char*, std::string> std::__find_if<__gnu_cxx::__normal_iterator<char*, std::string>, __gnu_cxx::__ops::_Iter_pred<boost::algorithm::detail::is_any_ofF<char> > >(__gnu_cxx::__normal_iterator<char*, std::string>, __gnu_cxx::__normal_iterator<char*, std::string>, __gnu_cxx::__ops::_Iter_pred<boost::algorithm::detail::is_any_ofF<char> >, std::random_access_iterator_tag) /data/jenkins/workspace/impala-asf-2.x-core-asan/Impala-Toolchain/gcc-4.9.2/lib/gcc/x86_64-unknown-linux-gnu/4.9.2/../../../../include/c++/4.9.2/bits/stl_algo.h:140:8
> #2 0x17ab2dc in __gnu_cxx::__normal_iterator<char*, std::string> std::__find_if<__gnu_cxx::__normal_iterator<char*, std::string>, __gnu_cxx::__ops::_Iter_pred<boost::algorithm::detail::is_any_ofF<char> > >(__gnu_cxx::__normal_iterator<char*, std::string>, __gnu_cxx::__normal_iterator<char*, std::string>, __gnu_cxx::__ops::_Iter_pred<boost::algorithm::detail::is_any_ofF<char> >) /data/jenkins/workspace/impala-asf-2.x-core-asan/Impala-Toolchain/gcc-4.9.2/lib/gcc/x86_64-unknown-linux-gnu/4.9.2/../../../../include/c++/4.9.2/bits/stl_algo.h:161:14
> #3 0x17aaf6c in __gnu_cxx::__normal_iterator<char*, std::string> std::find_if<__gnu_cxx::__normal_iterator<char*, std::string>, boost::algorithm::detail::is_any_ofF<char> >(__gnu_cxx::__normal_iterator<char*, std::string>, __gnu_cxx::__normal_iterator<char*, std::string>, boost::algorithm::detail::is_any_ofF<char>) /data/jenkins/workspace/impala-asf-2.x-core-asan/Impala-Toolchain/gcc-4.9.2/lib/gcc/x86_64-unknown-linux-gnu/4.9.2/../../../../include/c++/4.9.2/bits/stl_algo.h:3803:14
> #4 0x17aaba1 in boost::iterator_range<__gnu_cxx::__normal_iterator<char*, std::string> > boost::algorithm::detail::token_finderF<boost::algorithm::detail::is_any_ofF<char> >::operator()<__gnu_cxx::__normal_iterator<char*, std::string> >(__gnu_cxx::__normal_iterator<char*, std::string>, __gnu_cxx::__normal_iterator<char*, std::string>) const /data/jenkins/workspace/impala-asf-2.x-core-asan/Impala-Toolchain/boost-1.57.0-p3/include/boost/algorithm/string/detail/finder.hpp:565:41
> #5 0x17ac118 in boost::function2<boost::iterator_range<__gnu_cxx::__normal_iterator<char*, std::string> >, __gnu_cxx::__normal_iterator<char*, std::string>, __gnu_cxx::__normal_iterator<char*, std::string> >::operator()(__gnu_cxx::__normal_iterator<char*, std::string>, __gnu_cxx::__normal_iterator<char*, std::string>) const /data/jenkins/workspace/impala-asf-2.x-core-asan/Impala-Toolchain/boost-1.57.0-p3/include/boost/function/function_template.hpp:766:14
> #6 0x17abf8d in boost::algorithm::detail::find_iterator_base<__gnu_cxx::__normal_iterator<char*, std::string> >::do_find(__gnu_cxx::__normal_iterator<char*, std::string>, __gnu_cxx::__normal_iterator<char*, std::string>) const /data/jenkins/workspace/impala-asf-2.x-core-asan/Impala-Toolchain/boost-1.57.0-p3/include/boost/algorithm/string/detail/find_iterator.hpp:63:32
> #7 0x17aa00c in boost::algorithm::split_iterator<__gnu_cxx::__normal_iterator<char*, std::string> >::increment() /data/jenkins/workspace/impala-asf-2.x-core-asan/Impala-Toolchain/boost-1.57.0-p3/include/boost/algorithm/string/find_iterator.hpp:305:44
> #8 0x17a95a5 in boost::algorithm::split_iterator<__gnu_cxx::__normal_iterator<char*, std::string> >::split_iterator<boost::algorithm::detail::token_finderF<boost::algorithm::detail::is_any_ofF<char> > >(__gnu_cxx::__normal_iterator<char*, std::string>, __gnu_cxx::__normal_iterator<char*, std::string>, boost::algorithm::detail::token_finderF<boost::algorithm::detail::is_any_ofF<char> >) /data/jenkins/workspace/impala-asf-2.x-core-asan/Impala-Toolchain/boost-1.57.0-p3/include/boost/algorithm/string/find_iterator.hpp:265:21
> #9 0x17a8d5e in std::vector<std::string, std::allocator<std::string> >& boost::algorithm::iter_split<std::vector<std::string, std::allocator<std::string> >, std::string, boost::algorithm::detail::token_finderF<boost::algorithm::detail::is_any_ofF<char> > >(std::vector<std::string, std::allocator<std::string> >&, std::string&, boost::algorithm::detail::token_finderF<boost::algorithm::detail::is_any_ofF<char> >) /data/jenkins/workspace/impala-asf-2.x-core-asan/Impala-Toolchain/boost-1.57.0-p3/include/boost/algorithm/string/iter_find.hpp:170:21
> #10 0x179754f in std::vector<std::string, std::allocator<std::string> >& boost::algorithm::split<std::vector<std::string, std::allocator<std::string> >, std::string, boost::algorithm::detail::is_any_ofF<char> >(std::vector<std::string, std::allocator<std::string> >&, std::string&, boost::algorithm::detail::is_any_ofF<char>, boost::algorithm::token_compress_mode_type) /data/jenkins/workspace/impala-asf-2.x-core-asan/Impala-Toolchain/boost-1.57.0-p3/include/boost/algorithm/string/split.hpp:146:20
> #11 0x1ef957a in impala::HdfsPluginTextScanner::CheckPluginEnabled(std::string const&) /data/jenkins/workspace/impala-asf-2.x-core-asan/repos/Impala/be/src/exec/hdfs-plugin-text-scanner.cc:109:3
> #12 0x1ef8cd6 in impala::HdfsPluginTextScanner::IssueInitialRanges(impala::HdfsScanNodeBase*, std::vector<impala::HdfsFileDesc*, std::allocator<impala::HdfsFileDesc*> > const&, std::string const&) /data/jenkins/workspace/impala-asf-2.x-core-asan/repos/Impala/be/src/exec/hdfs-plugin-text-scanner.cc:81:3
> #13 0x1efe979 in impala::HdfsTextScanner::IssueInitialRanges(impala::HdfsScanNodeBase*, std::vector<impala::HdfsFileDesc*, std::allocator<impala::HdfsFileDesc*> > const&) /data/jenkins/workspace/impala-asf-2.x-core-asan/repos/Impala/be/src/exec/hdfs-text-scanner.cc:154:5
> #14 0x1e6a5fc in impala::HdfsScanNodeBase::IssueInitialScanRanges(impala::RuntimeState*) /data/jenkins/workspace/impala-asf-2.x-core-asan/repos/Impala/be/src/exec/hdfs-scan-node-base.cc:482:9
> #15 0x1e55fc0 in impala::HdfsScanNode::GetNext(impala::RuntimeState*, impala::RowBatch*, bool*) /data/jenkins/workspace/impala-asf-2.x-core-asan/repos/Impala/be/src/exec/hdfs-scan-node.cc:72:5
> #16 0x2bcd245 in impala::PartitionedAggregationNode::Open(impala::RuntimeState*) /data/jenkins/workspace/impala-asf-2.x-core-asan/repos/Impala/be/src/exec/partitioned-aggregation-node.cc:301:5
> #17 0x197009b in impala::FragmentInstanceState::Open() /data/jenkins/workspace/impala-asf-2.x-core-asan/repos/Impala/be/src/runtime/fragment-instance-state.cc:264:5
> #18 0x196ce45 in impala::FragmentInstanceState::Exec() /data/jenkins/workspace/impala-asf-2.x-core-asan/repos/Impala/be/src/runtime/fragment-instance-state.cc:81:12
> #19 0x1983fe4 in impala::QueryState::ExecFInstance(impala::FragmentInstanceState*) /data/jenkins/workspace/impala-asf-2.x-core-asan/repos/Impala/be/src/runtime/query-state.cc:401:24
> #20 0x1846be6 in boost::function0<void>::operator()() const /data/jenkins/workspace/impala-asf-2.x-core-asan/Impala-Toolchain/boost-1.57.0-p3/include/boost/function/function_template.hpp:766:14
> #21 0x1d5112e in impala::Thread::SuperviseThread(std::string const&, std::string const&, boost::function<void ()>, impala::ThreadDebugInfo const*, impala::Promise<long>*) /data/jenkins/workspace/impala-asf-2.x-core-asan/repos/Impala/be/src/util/thread.cc:356:3
> #22 0x1d5c938 in void boost::_bi::list5<boost::_bi::value<std::string>, boost::_bi::value<std::string>, boost::_bi::value<boost::function<void ()> >, boost::_bi::value<impala::ThreadDebugInfo*>, boost::_bi::value<impala::Promise<long>*> >::operator()<void (*)(std::string const&, std::string const&, boost::function<void ()>, impala::ThreadDebugInfo const*, impala::Promise<long>*), boost::_bi::list0>(boost::_bi::type<void>, void (*&)(std::string const&, std::string const&, boost::function<void ()>, impala::ThreadDebugInfo const*, impala::Promise<long>*), boost::_bi::list0&, int) /data/jenkins/workspace/impala-asf-2.x-core-asan/Impala-Toolchain/boost-1.57.0-p3/include/boost/bind/bind.hpp:525:9
> #23 0x1d5c78b in boost::_bi::bind_t<void, void (*)(std::string const&, std::string const&, boost::function<void ()>, impala::ThreadDebugInfo const*, impala::Promise<long>*), boost::_bi::list5<boost::_bi::value<std::string>, boost::_bi::value<std::string>, boost::_bi::value<boost::function<void ()> >, boost::_bi::value<impala::ThreadDebugInfo*>, boost::_bi::value<impala::Promise<long>*> > >::operator()() /data/jenkins/workspace/impala-asf-2.x-core-asan/Impala-Toolchain/boost-1.57.0-p3/include/boost/bind/bind_template.hpp:20:27
> #24 0x336e8a9 in thread_proxy (/data0/jenkins/workspace/impala-asf-2.x-core-asan/repos/Impala/be/build/debug/service/impalad+0x336e8a9)
> #25 0x7f6cc38c0e24 in start_thread (/lib64/libpthread.so.0+0x7e24)
> #26 0x7f6cc33d734c in __clone (/lib64/libc.so.6+0xf834c)
> 0x603000e8aa28 is located 24 bytes inside of 28-byte region [0x603000e8aa10,0x603000e8aa2c)
> freed by thread T9234 here:
> #0 0x14dcde0 in operator delete(void*) /data/jenkins/workspace/impala-toolchain-package-build/label/impala-toolchnbld-cent70-ec2-c3-4xl-ondem/toolchain/source/llvm/llvm-5.0.1.src/projects/compiler-rt/lib/asan/asan_new_delete.cc:137
> #1 0x7f6cc3e95347 in __gnu_cxx::new_allocator<char>::deallocate(char*, unsigned long) /data/jenkins/workspace/impala-toolchain-package-build/label/impala-toolchnbld-cent70-ec2-c3-4xl-ondem/toolchain/source/gcc/build-4.9.2/x86_64-unknown-linux-gnu/libstdc++-v3/include/ext/new_allocator.h:110
> #2 0x7f6cc3e95347 in std::string::_Rep::_M_destroy(std::allocator<char> const&) /data/jenkins/workspace/impala-toolchain-package-build/label/impala-toolchnbld-cent70-ec2-c3-4xl-ondem/toolchain/source/gcc/build-4.9.2/x86_64-unknown-linux-gnu/libstdc++-v3/include/bits/basic_string.tcc:449
> #3 0x7f6cc3e95347 in std::string::_Rep::_M_dispose(std::allocator<char> const&) /data/jenkins/workspace/impala-toolchain-package-build/label/impala-toolchnbld-cent70-ec2-c3-4xl-ondem/toolchain/source/gcc/build-4.9.2/x86_64-unknown-linux-gnu/libstdc++-v3/include/bits/basic_string.h:249
> #4 0x7f6cc3e95347 in std::string::_M_mutate(unsigned long, unsigned long, unsigned long) /data/jenkins/workspace/impala-toolchain-package-build/label/impala-toolchnbld-cent70-ec2-c3-4xl-ondem/toolchain/source/gcc/build-4.9.2/x86_64-unknown-linux-gnu/libstdc++-v3/include/bits/basic_string.tcc:487
> previously allocated by thread T9236 here:
> #0 0x14dc068 in operator new(unsigned long) /data/jenkins/workspace/impala-toolchain-package-build/label/impala-toolchnbld-cent70-ec2-c3-4xl-ondem/toolchain/source/llvm/llvm-5.0.1.src/projects/compiler-rt/lib/asan/asan_new_delete.cc:92
> #1 0x7f6cc3e95158 in __gnu_cxx::new_allocator<char>::allocate(unsigned long, void const*) /data/jenkins/workspace/impala-toolchain-package-build/label/impala-toolchnbld-cent70-ec2-c3-4xl-ondem/toolchain/source/gcc/build-4.9.2/x86_64-unknown-linux-gnu/libstdc++-v3/include/ext/new_allocator.h:104
> #2 0x7f6cc3e95158 in std::string::_Rep::_S_create(unsigned long, unsigned long, std::allocator<char> const&) /data/jenkins/workspace/impala-toolchain-package-build/label/impala-toolchnbld-cent70-ec2-c3-4xl-ondem/toolchain/source/gcc/build-4.9.2/x86_64-unknown-linux-gnu/libstdc++-v3/include/bits/basic_string.tcc:607
> Thread T9236 created by T9231 here:
> #0 0x13ecf5d in __interceptor_pthread_create /data/jenkins/workspace/impala-toolchain-package-build/label/impala-toolchnbld-cent70-ec2-c3-4xl-ondem/toolchain/source/llvm/llvm-5.0.1.src/projects/compiler-rt/lib/asan/asan_interceptors.cc:317
> #1 0x336dc89 in boost::thread::start_thread_noexcept() (/data0/jenkins/workspace/impala-asf-2.x-core-asan/repos/Impala/be/build/debug/service/impalad+0x336dc89)
> #2 0x45e0360d (<unknown module>)
> Thread T9231 created by T9194 here:
> #0 0x13ecf5d in __interceptor_pthread_create /data/jenkins/workspace/impala-toolchain-package-build/label/impala-toolchnbld-cent70-ec2-c3-4xl-ondem/toolchain/source/llvm/llvm-5.0.1.src/projects/compiler-rt/lib/asan/asan_interceptors.cc:317
> #1 0x336dc89 in boost::thread::start_thread_noexcept() (/data0/jenkins/workspace/impala-asf-2.x-core-asan/repos/Impala/be/build/debug/service/impalad+0x336dc89)
> #2 0x45e0360d (<unknown module>)
> Thread T9194 created by T192 here:
> #0 0x13ecf5d in __interceptor_pthread_create /data/jenkins/workspace/impala-toolchain-package-build/label/impala-toolchnbld-cent70-ec2-c3-4xl-ondem/toolchain/source/llvm/llvm-5.0.1.src/projects/compiler-rt/lib/asan/asan_interceptors.cc:317
> #1 0x336dc89 in boost::thread::start_thread_noexcept() (/data0/jenkins/workspace/impala-asf-2.x-core-asan/repos/Impala/be/build/debug/service/impalad+0x336dc89)
> #2 0x45e0360d (<unknown module>)
> Thread T192 created by T191 here:
> #0 0x13ecf5d in __interceptor_pthread_create /data/jenkins/workspace/impala-toolchain-package-build/label/impala-toolchnbld-cent70-ec2-c3-4xl-ondem/toolchain/source/llvm/llvm-5.0.1.src/projects/compiler-rt/lib/asan/asan_interceptors.cc:317
> #1 0x336dc89 in boost::thread::start_thread_noexcept() (/data0/jenkins/workspace/impala-asf-2.x-core-asan/repos/Impala/be/build/debug/service/impalad+0x336dc89)
> #2 0x45e0360d (<unknown module>)
> Thread T191 created by T0 here:
> #0 0x13ecf5d in __interceptor_pthread_create /data/jenkins/workspace/impala-toolchain-package-build/label/impala-toolchnbld-cent70-ec2-c3-4xl-ondem/toolchain/source/llvm/llvm-5.0.1.src/projects/compiler-rt/lib/asan/asan_interceptors.cc:317
> #1 0x336dc89 in boost::thread::start_thread_noexcept() (/data0/jenkins/workspace/impala-asf-2.x-core-asan/repos/Impala/be/build/debug/service/impalad+0x336dc89)
> #2 0x45e0360d (<unknown module>)
> Thread T9234 created by T9230 here:
> #0 0x13ecf5d in __interceptor_pthread_create /data/jenkins/workspace/impala-toolchain-package-build/label/impala-toolchnbld-cent70-ec2-c3-4xl-ondem/toolchain/source/llvm/llvm-5.0.1.src/projects/compiler-rt/lib/asan/asan_interceptors.cc:317
> #1 0x336dc89 in boost::thread::start_thread_noexcept() (/data0/jenkins/workspace/impala-asf-2.x-core-asan/repos/Impala/be/build/debug/service/impalad+0x336dc89)
> #2 0x45e0360d (<unknown module>)
> Thread T9230 created by T9174 here:
> #0 0x13ecf5d in __interceptor_pthread_create /data/jenkins/workspace/impala-toolchain-package-build/label/impala-toolchnbld-cent70-ec2-c3-4xl-ondem/toolchain/source/llvm/llvm-5.0.1.src/projects/compiler-rt/lib/asan/asan_interceptors.cc:317
> #1 0x336dc89 in boost::thread::start_thread_noexcept() (/data0/jenkins/workspace/impala-asf-2.x-core-asan/repos/Impala/be/build/debug/service/impalad+0x336dc89)
> #2 0x45e0360d (<unknown module>)
> Thread T9174 created by T192 here:
> #0 0x13ecf5d in __interceptor_pthread_create /data/jenkins/workspace/impala-toolchain-package-build/label/impala-toolchnbld-cent70-ec2-c3-4xl-ondem/toolchain/source/llvm/llvm-5.0.1.src/projects/compiler-rt/lib/asan/asan_interceptors.cc:317
> #1 0x336dc89 in boost::thread::start_thread_noexcept() (/data0/jenkins/workspace/impala-asf-2.x-core-asan/repos/Impala/be/build/debug/service/impalad+0x336dc89)
> #2 0x45e0360d (<unknown module>)
> SUMMARY: AddressSanitizer: heap-use-after-free /data/jenkins/workspace/impala-asf-2.x-core-asan/Impala-Toolchain/gcc-4.9.2/lib/gcc/x86_64-unknown-linux-gnu/4.9.2/../../../../include/c++/4.9.2/bits/predefined_ops.h:231:24 in bool __gnu_cxx::__ops::_Iter_pred<boost::algorithm::detail::is_any_ofF<char> >::operator()<__gnu_cxx::__normal_iterator<char*, std::string> >(__gnu_cxx::__normal_iterator<char*, std::string>)
> Shadow bytes around the buggy address:
> 0x0c06801c94f0: fa fa fa fa 00 00 00 00 fa fa fd fd fd fd fa fa
> 0x0c06801c9500: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> 0x0c06801c9510: fa fa fa fa fa fa fa fa fd fd fd fd fa fa fa fa
> 0x0c06801c9520: fa fa fa fa fd fd fd fd fa fa fa fa fa fa fa fa
> 0x0c06801c9530: fa fa fa fa fa fa fd fd fd fd fa fa fd fd fd fd
> =>0x0c06801c9540: fa fa fd fd fd[fd]fa fa fa fa fa fa fa fa fa fa
> 0x0c06801c9550: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> 0x0c06801c9560: fd fd fd fd fa fa fd fd fd fd fa fa fa fa fa fa
> 0x0c06801c9570: fa fa fd fd fd fa fa fa fa fa fa fa fa fa fa fa
> 0x0c06801c9580: fa fa fa fa fd fd fd fd fa fa fa fa fa fa fa fa
> 0x0c06801c9590: fa fa fa fa fa fa fa fa fa fa fa fa fd fd fd fa
> Shadow byte legend (one shadow byte represents 8 application bytes):
> Addressable: 00
> Partially addressable: 01 02 03 04 05 06 07
> Heap left redzone: fa
> Freed heap region: fd
> Stack left redzone: f1
> Stack mid redzone: f2
> Stack right redzone: f3
> Stack after return: f5
> Stack use after scope: f8
> Global redzone: f9
> Global init order: f6
> Poisoned by user: f7
> Container overflow: fc
> Array cookie: ac
> Intra object redzone: bb
> ASan internal: fe
> Left alloca redzone: ca
> Right alloca redzone: cb
> ==4582==ABORTING{noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscribe@impala.apache.org
For additional commands, e-mail: issues-all-help@impala.apache.org