BiteTheDDDDt opened a new pull request, #25380:
URL: https://github.com/apache/doris/pull/25380
## Proposed changes
fix heap-use-after-free on map_agg
```cpp
disabled stack guard. The VM will try to fix the stack guard now.
It's highly recommended that you fix the library with 'execstack -c
<libfile>', or link it with '-z noexecstack'.
=================================================================
==8358==ERROR: AddressSanitizer: heap-use-after-free on address
0x608002c319b0 at pc 0x55778c831c4d bp 0x7fa85a63b390 sp 0x7fa85a63b388
READ of size 4 at 0x608002c319b0 thread T278 (WithoutGroupTas)
#0 0x55778c831c4c in doris::HashUtil::crc_hash(void const*, int,
unsigned int) /root/doris/be/src/util/hash_util.hpp:80:40
#1 0x55778d864183 in doris::HashUtil::hash(void const*, int, unsigned
int) /root/doris/be/src/util/hash_util.hpp:299:20
#2 0x5577986ff725 in doris::hash_value(doris::StringRef const&)
/root/doris/be/src/vec/common/string_ref.h:309:12
#3 0x5577986ff725 in unsigned long
phmap::Hash<doris::StringRef>::_hash<doris::StringRef, 0>(doris::StringRef
const&) const
/var/local/thirdparty/installed/include/parallel_hashmap/phmap_utils.h:153:16
#4 0x5577986ff725 in
phmap::Hash<doris::StringRef>::operator()(doris::StringRef const&) const
/var/local/thirdparty/installed/include/parallel_hashmap/phmap_utils.h:164:16
#5 0x5577986ff725 in unsigned long
phmap::priv::raw_hash_set<phmap::priv::FlatHashMapPolicy<doris::StringRef,
long>, phmap::Hash<doris::StringRef>, phmap::EqualTo<doris::StringRef>,
std::allocator<std::pair<doris::StringRef const, long> >
>::HashElement::operator()<doris::StringRef, std::piecewise_construct_t const&,
std::tuple<doris::StringRef const&>, std::tuple<long const&> >(doris::StringRef
const&, std::piecewise_construct_t const&, std::tuple<doris::StringRef
const&>&&, std::tuple<long const&>&&) const
/var/local/thirdparty/installed/include/parallel_hashmap/phmap.h:1867:48
#6 0x5577986ff725 in
decltype(std::declval<phmap::priv::raw_hash_set<phmap::priv::FlatHashMapPolicy<doris::StringRef,
long>, phmap::Hash<doris::StringRef>, phmap::EqualTo<doris::StringRef>,
std::allocator<std::pair<doris::StringRef const, long> >
>::HashElement>()(std::declval<doris::StringRef const& const&>(),
std::piecewise_construct, std::declval<std::tuple<doris::StringRef const&> >(),
std::declval<std::tuple<long const&> >()))
phmap::priv::memory_internal::DecomposePairImpl<phmap::priv::raw_hash_set<phmap::priv::FlatHashMapPolicy<doris::StringRef,
long>, phmap::Hash<doris::StringRef>, phmap::EqualTo<doris::StringRef>,
std::allocator<std::pair<doris::StringRef const, long> > >::HashElement,
doris::StringRef const&, std::tuple<long const&>
>(phmap::priv::raw_hash_set<phmap::priv::FlatHashMapPolicy<doris::StringRef,
long>, phmap::Hash<doris::StringRef>, phmap::EqualTo<doris::StringRef>,
std::allocator<std::pair<doris::StringRef const, long> > >::HashElement&&,
std::pair<std:
:tuple<doris::StringRef const&>, std::tuple<long const&> >)
/var/local/thirdparty/installed/include/parallel_hashmap/phmap.h:751:12
#7 0x5577986ff725 in
decltype(memory_internal::DecomposePairImpl(std::forward<phmap::priv::raw_hash_set<phmap::priv::FlatHashMapPolicy<doris::StringRef,
long>, phmap::Hash<doris::StringRef>, phmap::EqualTo<doris::StringRef>,
std::allocator<std::pair<doris::StringRef const, long> > >::HashElement>(fp),
PairArgs(std::forward<std::pair<doris::StringRef const, long>&>(fp0))))
phmap::priv::DecomposePair<phmap::priv::raw_hash_set<phmap::priv::FlatHashMapPolicy<doris::StringRef,
long>, phmap::Hash<doris::StringRef>, phmap::EqualTo<doris::StringRef>,
std::allocator<std::pair<doris::StringRef const, long> > >::HashElement,
std::pair<doris::StringRef const,
long>&>(phmap::priv::raw_hash_set<phmap::priv::FlatHashMapPolicy<doris::StringRef,
long>, phmap::Hash<doris::StringRef>, phmap::EqualTo<doris::StringRef>,
std::allocator<std::pair<doris::StringRef const, long> > >::HashElement&&,
std::pair<doris::StringRef const, long>&)
/var/local/thirdparty/installed/include/parallel_hashmap/phmap.
h:4119:12
#8 0x5577986ff725 in
decltype(phmap::priv::DecomposePair(std::declval<phmap::priv::raw_hash_set<phmap::priv::FlatHashMapPolicy<doris::StringRef,
long>, phmap::Hash<doris::StringRef>, phmap::EqualTo<doris::StringRef>,
std::allocator<std::pair<doris::StringRef const, long> > >::HashElement>(),
std::declval<std::pair<doris::StringRef const, long>&>()))
phmap::priv::FlatHashMapPolicy<doris::StringRef,
long>::apply<phmap::priv::raw_hash_set<phmap::priv::FlatHashMapPolicy<doris::StringRef,
long>, phmap::Hash<doris::StringRef>, phmap::EqualTo<doris::StringRef>,
std::allocator<std::pair<doris::StringRef const, long> > >::HashElement,
std::pair<doris::StringRef const,
long>&>(phmap::priv::raw_hash_set<phmap::priv::FlatHashMapPolicy<doris::StringRef,
long>, phmap::Hash<doris::StringRef>, phmap::EqualTo<doris::StringRef>,
std::allocator<std::pair<doris::StringRef const, long> > >::HashElement&&,
std::pair<doris::StringRef const, long>&)
/var/local/thirdparty/installed/include/parallel_ha
shmap/phmap.h:4222:16
#9 0x5577986ff725 in
decltype(phmap::priv::FlatHashMapPolicy<doris::StringRef,
long>::apply(std::forward<phmap::priv::raw_hash_set<phmap::priv::FlatHashMapPolicy<doris::StringRef,
long>, phmap::Hash<doris::StringRef>, phmap::EqualTo<doris::StringRef>,
std::allocator<std::pair<doris::StringRef const, long> > >::HashElement>(fp),
std::forward<std::pair<doris::StringRef const, long>&>(fp0)))
phmap::priv::hash_policy_traits<phmap::priv::FlatHashMapPolicy<doris::StringRef,
long>,
void>::apply<phmap::priv::raw_hash_set<phmap::priv::FlatHashMapPolicy<doris::StringRef,
long>, phmap::Hash<doris::StringRef>, phmap::EqualTo<doris::StringRef>,
std::allocator<std::pair<doris::StringRef const, long> > >::HashElement,
std::pair<doris::StringRef const, long>&,
phmap::priv::FlatHashMapPolicy<doris::StringRef, long>
>(phmap::priv::raw_hash_set<phmap::priv::FlatHashMapPolicy<doris::StringRef,
long>, phmap::Hash<doris::StringRef>, phmap::EqualTo<doris::StringRef>,
std::allocator<std::pair<doris::
StringRef const, long> > >::HashElement&&, std::pair<doris::StringRef const,
long>&)
/var/local/thirdparty/installed/include/parallel_hashmap/phmap_base.h:548:16
#10 0x5577986ff725 in
phmap::priv::raw_hash_set<phmap::priv::FlatHashMapPolicy<doris::StringRef,
long>, phmap::Hash<doris::StringRef>, phmap::EqualTo<doris::StringRef>,
std::allocator<std::pair<doris::StringRef const, long> > >::resize(unsigned
long) /var/local/thirdparty/installed/include/parallel_hashmap/phmap.h:2019:34
#11 0x5577986ff153 in
phmap::priv::raw_hash_set<phmap::priv::FlatHashMapPolicy<doris::StringRef,
long>, phmap::Hash<doris::StringRef>, phmap::EqualTo<doris::StringRef>,
std::allocator<std::pair<doris::StringRef const, long> >
>::prepare_insert(unsigned long)
/var/local/thirdparty/installed/include/parallel_hashmap/phmap.h:2198:13
#12 0x5577986feb54 in std::pair<unsigned long, bool>
phmap::priv::raw_hash_set<phmap::priv::FlatHashMapPolicy<doris::StringRef,
long>, phmap::Hash<doris::StringRef>, phmap::EqualTo<doris::StringRef>,
std::allocator<std::pair<doris::StringRef const, long> >
>::find_or_prepare_insert<doris::StringRef>(doris::StringRef const&, unsigned
long) /var/local/thirdparty/installed/include/parallel_hashmap/phmap.h:2186:17
#13 0x5577987011bf in
std::pair<phmap::priv::raw_hash_set<phmap::priv::FlatHashMapPolicy<doris::StringRef,
long>, phmap::Hash<doris::StringRef>, phmap::EqualTo<doris::StringRef>,
std::allocator<std::pair<doris::StringRef const, long> > >::iterator, bool>
phmap::priv::raw_hash_set<phmap::priv::FlatHashMapPolicy<doris::StringRef,
long>, phmap::Hash<doris::StringRef>, phmap::EqualTo<doris::StringRef>,
std::allocator<std::pair<doris::StringRef const, long> >
>::emplace_decomposable<doris::StringRef, std::piecewise_construct_t const&,
std::tuple<doris::StringRef&>, std::tuple<unsigned long&&> >(doris::StringRef
const&, unsigned long, std::piecewise_construct_t const&,
std::tuple<doris::StringRef&>&&, std::tuple<unsigned long&&>&&)
/var/local/thirdparty/installed/include/parallel_hashmap/phmap.h:1887:20
#14 0x55779878b4fb in
std::pair<phmap::priv::raw_hash_set<phmap::priv::FlatHashMapPolicy<doris::StringRef,
long>, phmap::Hash<doris::StringRef>, phmap::EqualTo<doris::StringRef>,
std::allocator<std::pair<doris::StringRef const, long> > >::iterator, bool>
phmap::priv::raw_hash_set<phmap::priv::FlatHashMapPolicy<doris::StringRef,
long>, phmap::Hash<doris::StringRef>, phmap::EqualTo<doris::StringRef>,
std::allocator<std::pair<doris::StringRef const, long> >
>::EmplaceDecomposable::operator()<doris::StringRef, std::piecewise_construct_t
const&, std::tuple<doris::StringRef&>, std::tuple<unsigned long&&>
>(doris::StringRef const&, std::piecewise_construct_t const&,
std::tuple<doris::StringRef&>&&, std::tuple<unsigned long&&>&&) const
/var/local/thirdparty/installed/include/parallel_hashmap/phmap.h:1898:22
#15 0x55779878b4fb in
decltype(std::declval<phmap::priv::raw_hash_set<phmap::priv::FlatHashMapPolicy<doris::StringRef,
long>, phmap::Hash<doris::StringRef>, phmap::EqualTo<doris::StringRef>,
std::allocator<std::pair<doris::StringRef const, long> >
>::EmplaceDecomposable>()(std::declval<doris::StringRef& const&>(),
std::piecewise_construct, std::declval<std::tuple<doris::StringRef&> >(),
std::declval<std::tuple<unsigned long&&> >()))
phmap::priv::memory_internal::DecomposePairImpl<phmap::priv::raw_hash_set<phmap::priv::FlatHashMapPolicy<doris::StringRef,
long>, phmap::Hash<doris::StringRef>, phmap::EqualTo<doris::StringRef>,
std::allocator<std::pair<doris::StringRef const, long> >
>::EmplaceDecomposable, doris::StringRef&, std::tuple<unsigned long&&>
>(phmap::priv::raw_hash_set<phmap::priv::FlatHashMapPolicy<doris::StringRef,
long>, phmap::Hash<doris::StringRef>, phmap::EqualTo<doris::StringRef>,
std::allocator<std::pair<doris::StringRef const, long> >
>::EmplaceDecomposable&&,
std::pair<std::tuple<doris::StringRef&>, std::tuple<unsigned long&&> >)
/var/local/thirdparty/installed/include/parallel_hashmap/phmap.h:751:12
#16 0x55779878b4fb in
decltype(memory_internal::DecomposePairImpl(std::forward<phmap::priv::raw_hash_set<phmap::priv::FlatHashMapPolicy<doris::StringRef,
long>, phmap::Hash<doris::StringRef>, phmap::EqualTo<doris::StringRef>,
std::allocator<std::pair<doris::StringRef const, long> >
>::EmplaceDecomposable>(fp), PairArgs(std::forward<doris::StringRef&>(fp0),
std::forward<unsigned long>(fp0))))
phmap::priv::DecomposePair<phmap::priv::raw_hash_set<phmap::priv::FlatHashMapPolicy<doris::StringRef,
long>, phmap::Hash<doris::StringRef>, phmap::EqualTo<doris::StringRef>,
std::allocator<std::pair<doris::StringRef const, long> >
>::EmplaceDecomposable, doris::StringRef&, unsigned
long>(phmap::priv::raw_hash_set<phmap::priv::FlatHashMapPolicy<doris::StringRef,
long>, phmap::Hash<doris::StringRef>, phmap::EqualTo<doris::StringRef>,
std::allocator<std::pair<doris::StringRef const, long> >
>::EmplaceDecomposable&&, doris::StringRef&, unsigned long&&)
/var/local/thirdparty/installed/include/p
arallel_hashmap/phmap.h:4119:12
#17 0x55779878b4fb in
decltype(phmap::priv::DecomposePair(std::declval<phmap::priv::raw_hash_set<phmap::priv::FlatHashMapPolicy<doris::StringRef,
long>, phmap::Hash<doris::StringRef>, phmap::EqualTo<doris::StringRef>,
std::allocator<std::pair<doris::StringRef const, long> >
>::EmplaceDecomposable>(), std::declval<doris::StringRef&>(),
std::declval<unsigned long>()))
phmap::priv::FlatHashMapPolicy<doris::StringRef,
long>::apply<phmap::priv::raw_hash_set<phmap::priv::FlatHashMapPolicy<doris::StringRef,
long>, phmap::Hash<doris::StringRef>, phmap::EqualTo<doris::StringRef>,
std::allocator<std::pair<doris::StringRef const, long> >
>::EmplaceDecomposable, doris::StringRef&, unsigned
long>(phmap::priv::raw_hash_set<phmap::priv::FlatHashMapPolicy<doris::StringRef,
long>, phmap::Hash<doris::StringRef>, phmap::EqualTo<doris::StringRef>,
std::allocator<std::pair<doris::StringRef const, long> >
>::EmplaceDecomposable&&, doris::StringRef&, unsigned long&&)
/var/local/thirdparty/installed/
include/parallel_hashmap/phmap.h:4222:16
#18 0x55779878b4fb in
decltype(phmap::priv::FlatHashMapPolicy<doris::StringRef,
long>::apply(std::forward<phmap::priv::raw_hash_set<phmap::priv::FlatHashMapPolicy<doris::StringRef,
long>, phmap::Hash<doris::StringRef>, phmap::EqualTo<doris::StringRef>,
std::allocator<std::pair<doris::StringRef const, long> >
>::EmplaceDecomposable>(fp), std::forward<doris::StringRef&>(fp0),
std::forward<unsigned long>(fp0)))
phmap::priv::hash_policy_traits<phmap::priv::FlatHashMapPolicy<doris::StringRef,
long>,
void>::apply<phmap::priv::raw_hash_set<phmap::priv::FlatHashMapPolicy<doris::StringRef,
long>, phmap::Hash<doris::StringRef>, phmap::EqualTo<doris::StringRef>,
std::allocator<std::pair<doris::StringRef const, long> >
>::EmplaceDecomposable, doris::StringRef&, unsigned long,
phmap::priv::FlatHashMapPolicy<doris::StringRef, long>
>(phmap::priv::raw_hash_set<phmap::priv::FlatHashMapPolicy<doris::StringRef,
long>, phmap::Hash<doris::StringRef>, phmap::EqualTo<doris::StringRef>,
std::allocat
or<std::pair<doris::StringRef const, long> > >::EmplaceDecomposable&&,
doris::StringRef&, unsigned long&&)
/var/local/thirdparty/installed/include/parallel_hashmap/phmap_base.h:548:16
#19 0x55779878b4fb in
std::pair<phmap::priv::raw_hash_set<phmap::priv::FlatHashMapPolicy<doris::StringRef,
long>, phmap::Hash<doris::StringRef>, phmap::EqualTo<doris::StringRef>,
std::allocator<std::pair<doris::StringRef const, long> > >::iterator, bool>
phmap::priv::raw_hash_set<phmap::priv::FlatHashMapPolicy<doris::StringRef,
long>, phmap::Hash<doris::StringRef>, phmap::EqualTo<doris::StringRef>,
std::allocator<std::pair<doris::StringRef const, long> >
>::emplace<doris::StringRef&, unsigned long, 0>(doris::StringRef&, unsigned
long&&) /var/local/thirdparty/installed/include/parallel_hashmap/phmap.h:1438:16
#20 0x55779878b4fb in
doris::vectorized::AggregateFunctionMapAggData<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > >::add(doris::vectorized::Field
const&, doris::vectorized::Field const&)
/root/doris/be/src/vec/aggregate_functions/aggregate_function_map.h:100:18
#21 0x557798783cac in
doris::vectorized::AggregateFunctionMapAgg<doris::vectorized::AggregateFunctionMapAggData<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > >,
std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >
>::deserialize_and_merge_vec(char* const*, unsigned long, char*,
doris::vectorized::ColumnString const*, doris::vectorized::Arena*, unsigned
long) const
/root/doris/be/src/vec/aggregate_functions/aggregate_function_map.h:281:35
#22 0x55779ec8b28b in doris::Status
doris::vectorized::AggregationNode::_merge_with_serialized_key_helper<false,
false>(doris::vectorized::Block*)
/root/doris/be/src/vec/exec/vaggregation_node.h:693:63
#23 0x55779eb0ae08 in
doris::vectorized::AggregationNode::_merge_with_serialized_key(doris::vectorized::Block*)
/root/doris/be/src/vec/exec/vaggregation_node.cpp:1535:16
#24 0x55779edf3816 in doris::Status std::__invoke_impl<doris::Status,
doris::Status
(doris::vectorized::AggregationNode::*&)(doris::vectorized::Block*),
doris::vectorized::AggregationNode*&,
doris::vectorized::Block*>(std::__invoke_memfun_deref, doris::Status
(doris::vectorized::AggregationNode::*&)(doris::vectorized::Block*),
doris::vectorized::AggregationNode*&, doris::vectorized::Block*&&)
/var/local/ldb-toolchain/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/invoke.h:74:14
#25 0x55779edf3816 in std::enable_if<is_invocable_r_v<doris::Status,
doris::Status
(doris::vectorized::AggregationNode::*&)(doris::vectorized::Block*),
doris::vectorized::AggregationNode*&, doris::vectorized::Block*>,
doris::Status>::type std::__invoke_r<doris::Status, doris::Status
(doris::vectorized::AggregationNode::*&)(doris::vectorized::Block*),
doris::vectorized::AggregationNode*&, doris::vectorized::Block*>(doris::Status
(doris::vectorized::AggregationNode::*&)(doris::vectorized::Block*),
doris::vectorized::AggregationNode*&, doris::vectorized::Block*&&)
/var/local/ldb-toolchain/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/invoke.h:114:9
#26 0x55779edf3816 in doris::Status std::_Bind_result<doris::Status,
doris::Status (doris::vectorized::AggregationNode::*
(doris::vectorized::AggregationNode*,
std::_Placeholder<1>))(doris::vectorized::Block*)>::__call<doris::Status,
doris::vectorized::Block*&&, 0ul,
1ul>(std::tuple<doris::vectorized::Block*&&>&&, std::_Index_tuple<0ul, 1ul>)
/var/local/ldb-toolchain/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/functional:570:11
#27 0x55779edf3816 in doris::Status std::_Bind_result<doris::Status,
doris::Status (doris::vectorized::AggregationNode::*
(doris::vectorized::AggregationNode*,
std::_Placeholder<1>))(doris::vectorized::Block*)>::operator()<doris::vectorized::Block*>(doris::vectorized::Block*&&)
/var/local/ldb-toolchain/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/functional:629:17
```
## Further comments
If this is a relatively large or complex change, kick off the discussion at
[[email protected]](mailto:[email protected]) by explaining why you
chose the solution you did and what alternatives you considered, etc...
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
