[jira] [Commented] (IMPALA-7833) Audit and fix other string builtins for long string handling

Thu, 14 Feb 2019 15:51:27 -0800 


    [ 
https://issues.apache.org/jira/browse/IMPALA-7833?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16768814#comment-16768814
 ] 

Bikramjeet Vig commented on IMPALA-7833:
----------------------------------------

Additional Possible suspects:
ConcatWs/Concat => possible overflow due to no checks, but unable to hit to 
because putting large strings as arguments trigger java heap out of memory 
before it gets a chance to run this builtin with those arguments. So 
theoretically, we can hit this given a large enough heap size.
RegexpEscape => same as Concat, does not have size checks built in but other 
checks kick in before that for its arguments either by the function that is 
used to create a large string to be used as an argument or the JVM itself 
throwing " OutOfMemoryError: Requested array size exceeds VM limit"
Replace => has a bunch of checks to prevent overflow
Base64Encode => check for size constraints in Base64EncodeBufLen
Base64Decode => Base64DecodeBufLen always decreases the str.size and str.size 
is already within bounds, so it cannot go overboard

> Audit and fix other string builtins for long string handling
> ------------------------------------------------------------
>
>                 Key: IMPALA-7833
>                 URL: https://issues.apache.org/jira/browse/IMPALA-7833
>             Project: IMPALA
>          Issue Type: Bug
>          Components: Backend
>    Affects Versions: Impala 2.11.0, Impala 3.0, Impala 3.1.0
>            Reporter: Tim Armstrong
>            Priority: Critical
>              Labels: crash, ramp-up
>
> Following on from IMPALA-7822, there are some other string builtins that seem 
> to follow the same pattern of having a string size overflow an int passed 
> into the StringVal constructor. I think in some cases we get lucky and it 
> works out, but others it seems possible to crash given the right input 
> values. 
> Here are some examples of cases where we can hit such bugs:
> {noformat}
> select lpad('foo', 17179869184 , ' ');
> select rpad('foo', 17179869184 , ' ');
> select space(17179869184 );
> {noformat}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscr...@impala.apache.org
For additional commands, e-mail: issues-all-h...@impala.apache.org

Reply via email to