You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafodion.apache.org by "David Wayne Birdsall (JIRA)" <ji...@apache.org> on 2018/12/06 21:31:00 UTC
[jira] [Resolved] (TRAFODION-3243) Dereference of deallocated
NAString in UPDATE STATISTICS can cause cores
[ https://issues.apache.org/jira/browse/TRAFODION-3243?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Wayne Birdsall resolved TRAFODION-3243.
---------------------------------------------
Resolution: Fixed
Fix Version/s: 2.4
> Dereference of deallocated NAString in UPDATE STATISTICS can cause cores
> ------------------------------------------------------------------------
>
> Key: TRAFODION-3243
> URL: https://issues.apache.org/jira/browse/TRAFODION-3243
> Project: Apache Trafodion
> Issue Type: Bug
> Components: sql-cmp
> Affects Versions: 2.3, 2.4
> Reporter: David Wayne Birdsall
> Assignee: David Wayne Birdsall
> Priority: Major
> Fix For: 2.4
>
>
> In ustat/hs_globals.cpp, the HSColGroupStruct destructor deletes the colNames member (an NAString), then calls HSColGroupStruct::freeISMemory. If logging is on (which is the default nowadays), the latter method dereferences colNames, calling its data() method. NAString :: data() adds a null terminator to the end of its string; in a deleted NAString, this can result in the corruption of a heap boundary tag. This seems to only happen in the case where the original string did not fit into the small_ buffer of the NAString (which happens when column names are sufficiently long, e.g. multi-column histograms) and then only rarely.
> The fix is to defer deleting colNames until after freeISMemory is called.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)