You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues-all@impala.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2018/11/05 21:59:00 UTC

[jira] [Commented] (IMPALA-7777) Fix crash due to arithmetic overflows in Exchange Node

    [ https://issues.apache.org/jira/browse/IMPALA-7777?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16675803#comment-16675803 ] 

ASF subversion and git services commented on IMPALA-7777:
---------------------------------------------------------

Commit 31669a6703474f27259c8ad52208cd26d5788a1c in impala's branch refs/heads/master from stakiar
[ https://git-wip-us.apache.org/repos/asf?p=impala.git;h=31669a6 ]

IMPALA-7777: Fix crash due to arithmetic overflows in Exchange Node

Fixes an arithmetic overflow in ExchangeNode::GetNextMerging. Prior to
this patch, the code read:

int rows_to_keep = num_rows_skipped_ - offset_;

Where num_rows_skipped_ and offset_ were of type int64_t. The result was
cast to an int which can lead to an overflow if the result exceeds the
value of 2^31. The value of rows_to_keep would be passed into
row-batch.h::CopyRows which would crash due to a DCHECK_LE error.

This crash arises when the value of the OFFSET is a large number, for
example, the query:

select int_col from functional.alltypes order by 1 limit
1 offset 9223372036854775800;

Would crash the Impalad executor for this query.

The fix is to change rows_to_keep to an int64_t to avoid the overflow,
which prevents the DCHECK_LE from failing.

Change-Id: I8bb8064aae6ad25c8a19f6a8869086be7e70400a
Reviewed-on: http://gerrit.cloudera.org:8080/11844
Reviewed-by: Tim Armstrong <ta...@cloudera.com>
Tested-by: Impala Public Jenkins <im...@cloudera.com>


> Fix crash due to arithmetic overflows in Exchange Node
> ------------------------------------------------------
>
>                 Key: IMPALA-7777
>                 URL: https://issues.apache.org/jira/browse/IMPALA-7777
>             Project: IMPALA
>          Issue Type: Bug
>          Components: Frontend
>    Affects Versions: Impala 2.10.0, Impala 2.11.0, Impala 3.0, Impala 2.12.0
>            Reporter: Sahil Takiar
>            Assignee: Sahil Takiar
>            Priority: Major
>
> A follow up to IMPALA-5004. Impala allows a value of LIMIT and OFFSET up to 2^63. However, if a user tries to run a query with a large offset (e.g. slightly lower than 2^63), the query will crash the impalad due to a {{DCHECK_LE}} in {{row-batch.h}}.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscribe@impala.apache.org
For additional commands, e-mail: issues-all-help@impala.apache.org