[
https://issues.apache.org/jira/browse/IMPALA-12781?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17813856#comment-17813856
]
ASF subversion and git services commented on IMPALA-12781:
----------------------------------------------------------
Commit 61dd953691f1c4b83a8aa86d8f0e8a8031cd56a2 in impala's branch
refs/heads/master from Daniel Becker
[ https://gitbox.apache.org/repos/asf?p=impala.git;h=61dd95369 ]
IMPALA-12781: ARRAY<STRUCT<s: STRING> crashes in top-n
In ASAN builds, and if codegen is enabled, if we sort an array
containing a struct of a string with limit, Impala crashes.
This is because of an error in
SlotDescriptor::CodegenWriteCollectionStructChild(). This function is
responsible for copying the variable length data of struct children, but
currently we return early without doing anything if
'children_tuple_desc->string_slots()' and
'children_tuple_desc->collection_slots()' are empty. However, this is
incorrect because the variable length children of a struct are listed in
the corresponding members of the struct's parent slot, not the struct
slot itself; see the comment in TupleDescriptor::AddSlot(). Because of
this, the variable length data of the StringValue is not copied.
This commit removes the early return from
SlotDescriptor::CodegenWriteCollectionStructChild() and inserts a DCHECK
in TupleDescriptor::string_slots() and
TupleDescriptor::collection_slots() that ensures that these functions
are not called on item tuples of structs, as the result would be
unexpected/incorrect.
This change also adjusts some variable names in
SlotDescriptor::CodegenWriteCollectionToSlot() to make them clearer and
updates the codegen IR example of
SlotDescriptor::CodegenWriteStringOrCollectionToSlot().
Testing:
- added a query in top-n-complex.test that used to crash, and the same
query without LIMIT in sort-complex.test for completeness.
Change-Id: If87d9e44775e809da9a13e953b4d2c3db9728801
Reviewed-on: http://gerrit.cloudera.org:8080/20988
Reviewed-by: Impala Public Jenkins <impala-public-jenk...@cloudera.com>
Tested-by: Impala Public Jenkins <impala-public-jenk...@cloudera.com>
> ARRAY<STRUCT<s: STRING> crashes in top-n
> ----------------------------------------
>
> Key: IMPALA-12781
> URL: https://issues.apache.org/jira/browse/IMPALA-12781
> Project: IMPALA
> Issue Type: Bug
> Components: Backend
> Reporter: Daniel Becker
> Assignee: Daniel Becker
> Priority: Major
>
> In ASAN builds if we sort an array containing a struct of a string with
> limit, Impala crashes. This is how to reproduce it:
> In Hive:
> {code:java}
> create table su (arr ARRAY<STRUCT<s: STRING>>) stored as parquet;
> insert into su values (array(named_struct("s", "A")));
> {code}
> In Impala:
> {code:java}
> select 1, arr from su order by 1 limit 1{code}
> The ASAN error message indicates a heap-use-after-free.
> Note that this only happens if codegen is enabled.
> h4.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscr...@impala.apache.org
For additional commands, e-mail: issues-all-h...@impala.apache.org
