You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hawq.apache.org by "Ruilong Huo (Jira)" <ji...@apache.org> on 2021/07/26 06:03:00 UTC
[jira] [Created] (HAWQ-1797) heap-use-after-free serializeNode
Ruilong Huo created HAWQ-1797:
---------------------------------
Summary: heap-use-after-free serializeNode
Key: HAWQ-1797
URL: https://issues.apache.org/jira/browse/HAWQ-1797
Project: Apache HAWQ
Issue Type: Bug
Components: Core
Reporter: Ruilong Huo
Assignee: Ruilong Huo
Fix For: 3.0.0.0
{code:c}
16:08:12 ==8141==ERROR: AddressSanitizer: heap-use-after-free on address 0x6290002e7bf0 at pc 0x0000004eb904 bp 0x7fff6dc7bd60 sp 0x7fff6dc7b500
16:08:12 READ of size 4 at 0x6290002e7bf0 thread T0
16:08:12 #0 0x4eb903 in memcpy /local/mnt/workspace/bcain_0721/llvm/utils/release/final/llvm.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:792:5
16:08:12 #1 0x8b6add in appendBinaryStringInfo /root/hawq/hawq/src/backend/lib/stringinfo.c:258:2
16:08:12 #2 0x942f4f in _outQueryResource /root/hawq/hawq/src/backend/nodes/outfast.c:3977:2
16:08:12 #3 0x9330c5 in _outNode /root/hawq/hawq/src/backend/nodes/outfast.c:4826:5
16:08:12 #4 0x93368e in _outPlannedStmt /root/hawq/hawq/src/backend/nodes/outfast.c:482:2
16:08:12 #5 0x931bb0 in _outNode /root/hawq/hawq/src/backend/nodes/outfast.c:4011:5
16:08:12 #6 0x931a60 in nodeToBinaryStringFast /root/hawq/hawq/src/backend/nodes/outfast.c:4880:2
16:08:12 #7 0xcd7dc0 in serializeNode /root/hawq/hawq/src/backend/cdb/cdbsrlz.c:90:12
16:08:12 #8 0xd05cf3 in prepare_dispatch_query_desc /root/hawq/hawq/src/backend/cdb/dispatcher.c:606:12
16:08:12 #9 0x843336 in ExecutorStart /root/hawq/hawq/src/backend/executor/execMain.c:976:19
16:08:12 #10 0xa47150 in PortalStart /root/hawq/hawq/src/backend/tcop/pquery.c:1316:5
16:08:12 #11 0xa3e175 in exec_simple_query /root/hawq/hawq/src/backend/tcop/postgres.c:1857:3
16:08:12 #12 0xa3c4d2 in PostgresMain /root/hawq/hawq/src/backend/tcop/postgres.c:5015:6
16:08:12 #13 0x9e341f in BackendRun /root/hawq/hawq/src/backend/postmaster/postmaster.c:5996:16
16:08:12 #14 0x9e07c8 in BackendStartup /root/hawq/hawq/src/backend/postmaster/postmaster.c:5565:15
16:08:12 #15 0x9dd876 in ServerLoop /root/hawq/hawq/src/backend/postmaster/postmaster.c:2173:7
16:08:12 #16 0x9dbf77 in PostmasterMain /root/hawq/hawq/src/backend/postmaster/postmaster.c:1457:11
16:08:12 #17 0x8e58e5 in main /root/hawq/hawq/src/backend/main/main.c:226:7
16:08:12 #18 0x7f83ac788b34 in __libc_start_main (/lib64/libc.so.6+0x21b34)
16:08:12 #19 0x4d161c in _start (/usr/local/hawq-4.0.0.0/bin/postgres+0x4d161c)
16:08:12
16:08:12 0x6290002e7bf0 is located 14832 bytes inside of 16384-byte region [0x6290002e4200,0x6290002e8200)
16:08:12 freed by thread T0 here:
16:08:12 #0 0x5790e2 in free /local/mnt/workspace/bcain_0721/llvm/utils/release/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:124:3
16:08:12 #1 0xb903c8 in gp_free2 /root/hawq/hawq/src/backend/utils/mmgr/memprot.c:477:3
16:08:12 #2 0xb882e4 in AllocSetReset /root/hawq/hawq/src/backend/utils/mmgr/aset.c:948:4
16:08:12 #3 0xb8ad6d in MemoryContextResetAndDeleteChildren /root/hawq/hawq/src/backend/utils/mmgr/mcxt.c:286:2
16:08:12 #4 0xd05a3e in dispatch_init_env /root/hawq/hawq/src/backend/cdb/dispatcher.c:430:4
16:08:12
16:08:12 previously allocated by thread T0 here:
16:08:12 #0 0x579463 in __interceptor_malloc /local/mnt/workspace/bcain_0721/llvm/utils/release/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:146:3
16:08:12 #1 0xb8fd5d in gp_malloc /root/hawq/hawq/src/backend/utils/mmgr/memprot.c:408:8
16:08:12 #2 0xb8986d in AllocSetAllocImpl /root/hawq/hawq/src/backend/utils/mmgr/aset.c:1227:24
16:08:12 #3 0xb86dee in AllocSetAlloc /root/hawq/hawq/src/backend/utils/mmgr/aset.c:1307:9
16:08:12 #4 0xb8bfdb in MemoryContextAllocZeroImpl /root/hawq/hawq/src/backend/utils/mmgr/mcxt.c:1129:8
16:08:12
16:08:12 SUMMARY: AddressSanitizer: heap-use-after-free /local/mnt/workspace/bcain_0721/llvm/utils/release/final/llvm.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:792:5 in memcpy
16:08:12 Shadow bytes around the buggy address:
16:08:12 0x0c5280054f20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
16:08:12 0x0c5280054f30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
16:08:12 0x0c5280054f40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
16:08:12 0x0c5280054f50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
16:08:12 0x0c5280054f60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
16:08:12 =>0x0c5280054f70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd
16:08:12 0x0c5280054f80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
16:08:12 0x0c5280054f90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
16:08:12 0x0c5280054fa0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
16:08:12 0x0c5280054fb0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
16:08:12 0x0c5280054fc0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
16:08:12 Shadow byte legend (one shadow byte represents 8 application bytes):
16:08:12 Addressable: 00
16:08:12 Partially addressable: 01 02 03 04 05 06 07
16:08:12 Heap left redzone: fa
16:08:12 Freed heap region: fd
16:08:12 Stack left redzone: f1
16:08:12 Stack mid redzone: f2
16:08:12 Stack right redzone: f3
16:08:12 Stack after return: f5
16:08:12 Stack use after scope: f8
16:08:12 Global redzone: f9
16:08:12 Global init order: f6
16:08:12 Poisoned by user: f7
16:08:12 Container overflow: fc
16:08:12 Array cookie: ac
16:08:12 Intra object redzone: bb
16:08:12 ASan internal: fe
16:08:12 Left alloca redzone: ca
16:08:12 Right alloca redzone: cb
16:08:12 Shadow gap: cc
16:08:12 ==8141==ABORTING
{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)