[
https://issues.apache.org/jira/browse/HAWQ-1797?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Zhenglin Tao closed HAWQ-1797.
------------------------------
Resolution: Fixed
> heap-use-after-free serializeNode
> ---------------------------------
>
> Key: HAWQ-1797
> URL: https://issues.apache.org/jira/browse/HAWQ-1797
> Project: Apache HAWQ
> Issue Type: Bug
> Components: Core
> Reporter: Ruilong Huo
> Assignee: Ruilong Huo
> Priority: Major
> Fix For: 3.0.0.0
>
>
> {code:c}
> 16:08:12 ==8141==ERROR: AddressSanitizer: heap-use-after-free on address
> 0x6290002e7bf0 at pc 0x0000004eb904 bp 0x7fff6dc7bd60 sp 0x7fff6dc7b500
> 16:08:12 READ of size 4 at 0x6290002e7bf0 thread T0
> 16:08:12 #0 0x4eb903 in memcpy
> /local/mnt/workspace/bcain_0721/llvm/utils/release/final/llvm.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:792:5
> 16:08:12 #1 0x8b6add in appendBinaryStringInfo
> /root/hawq/hawq/src/backend/lib/stringinfo.c:258:2
> 16:08:12 #2 0x942f4f in _outQueryResource
> /root/hawq/hawq/src/backend/nodes/outfast.c:3977:2
> 16:08:12 #3 0x9330c5 in _outNode
> /root/hawq/hawq/src/backend/nodes/outfast.c:4826:5
> 16:08:12 #4 0x93368e in _outPlannedStmt
> /root/hawq/hawq/src/backend/nodes/outfast.c:482:2
> 16:08:12 #5 0x931bb0 in _outNode
> /root/hawq/hawq/src/backend/nodes/outfast.c:4011:5
> 16:08:12 #6 0x931a60 in nodeToBinaryStringFast
> /root/hawq/hawq/src/backend/nodes/outfast.c:4880:2
> 16:08:12 #7 0xcd7dc0 in serializeNode
> /root/hawq/hawq/src/backend/cdb/cdbsrlz.c:90:12
> 16:08:12 #8 0xd05cf3 in prepare_dispatch_query_desc
> /root/hawq/hawq/src/backend/cdb/dispatcher.c:606:12
> 16:08:12 #9 0x843336 in ExecutorStart
> /root/hawq/hawq/src/backend/executor/execMain.c:976:19
> 16:08:12 #10 0xa47150 in PortalStart
> /root/hawq/hawq/src/backend/tcop/pquery.c:1316:5
> 16:08:12 #11 0xa3e175 in exec_simple_query
> /root/hawq/hawq/src/backend/tcop/postgres.c:1857:3
> 16:08:12 #12 0xa3c4d2 in PostgresMain
> /root/hawq/hawq/src/backend/tcop/postgres.c:5015:6
> 16:08:12 #13 0x9e341f in BackendRun
> /root/hawq/hawq/src/backend/postmaster/postmaster.c:5996:16
> 16:08:12 #14 0x9e07c8 in BackendStartup
> /root/hawq/hawq/src/backend/postmaster/postmaster.c:5565:15
> 16:08:12 #15 0x9dd876 in ServerLoop
> /root/hawq/hawq/src/backend/postmaster/postmaster.c:2173:7
> 16:08:12 #16 0x9dbf77 in PostmasterMain
> /root/hawq/hawq/src/backend/postmaster/postmaster.c:1457:11
> 16:08:12 #17 0x8e58e5 in main
> /root/hawq/hawq/src/backend/main/main.c:226:7
> 16:08:12 #18 0x7f83ac788b34 in __libc_start_main
> (/lib64/libc.so.6+0x21b34)
> 16:08:12 #19 0x4d161c in _start
> (/usr/local/hawq-4.0.0.0/bin/postgres+0x4d161c)
> 16:08:12
> 16:08:12 0x6290002e7bf0 is located 14832 bytes inside of 16384-byte region
> [0x6290002e4200,0x6290002e8200)
> 16:08:12 freed by thread T0 here:
> 16:08:12 #0 0x5790e2 in free
> /local/mnt/workspace/bcain_0721/llvm/utils/release/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:124:3
> 16:08:12 #1 0xb903c8 in gp_free2
> /root/hawq/hawq/src/backend/utils/mmgr/memprot.c:477:3
> 16:08:12 #2 0xb882e4 in AllocSetReset
> /root/hawq/hawq/src/backend/utils/mmgr/aset.c:948:4
> 16:08:12 #3 0xb8ad6d in MemoryContextResetAndDeleteChildren
> /root/hawq/hawq/src/backend/utils/mmgr/mcxt.c:286:2
> 16:08:12 #4 0xd05a3e in dispatch_init_env
> /root/hawq/hawq/src/backend/cdb/dispatcher.c:430:4
> 16:08:12
> 16:08:12 previously allocated by thread T0 here:
> 16:08:12 #0 0x579463 in __interceptor_malloc
> /local/mnt/workspace/bcain_0721/llvm/utils/release/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:146:3
> 16:08:12 #1 0xb8fd5d in gp_malloc
> /root/hawq/hawq/src/backend/utils/mmgr/memprot.c:408:8
> 16:08:12 #2 0xb8986d in AllocSetAllocImpl
> /root/hawq/hawq/src/backend/utils/mmgr/aset.c:1227:24
> 16:08:12 #3 0xb86dee in AllocSetAlloc
> /root/hawq/hawq/src/backend/utils/mmgr/aset.c:1307:9
> 16:08:12 #4 0xb8bfdb in MemoryContextAllocZeroImpl
> /root/hawq/hawq/src/backend/utils/mmgr/mcxt.c:1129:8
> 16:08:12
> 16:08:12 SUMMARY: AddressSanitizer: heap-use-after-free
> /local/mnt/workspace/bcain_0721/llvm/utils/release/final/llvm.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:792:5
> in memcpy
> 16:08:12 Shadow bytes around the buggy address:
> 16:08:12 0x0c5280054f20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
> 16:08:12 0x0c5280054f30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
> 16:08:12 0x0c5280054f40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
> 16:08:12 0x0c5280054f50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
> 16:08:12 0x0c5280054f60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
> 16:08:12 =>0x0c5280054f70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd
> 16:08:12 0x0c5280054f80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
> 16:08:12 0x0c5280054f90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
> 16:08:12 0x0c5280054fa0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
> 16:08:12 0x0c5280054fb0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
> 16:08:12 0x0c5280054fc0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
> 16:08:12 Shadow byte legend (one shadow byte represents 8 application bytes):
> 16:08:12 Addressable: 00
> 16:08:12 Partially addressable: 01 02 03 04 05 06 07
> 16:08:12 Heap left redzone: fa
> 16:08:12 Freed heap region: fd
> 16:08:12 Stack left redzone: f1
> 16:08:12 Stack mid redzone: f2
> 16:08:12 Stack right redzone: f3
> 16:08:12 Stack after return: f5
> 16:08:12 Stack use after scope: f8
> 16:08:12 Global redzone: f9
> 16:08:12 Global init order: f6
> 16:08:12 Poisoned by user: f7
> 16:08:12 Container overflow: fc
> 16:08:12 Array cookie: ac
> 16:08:12 Intra object redzone: bb
> 16:08:12 ASan internal: fe
> 16:08:12 Left alloca redzone: ca
> 16:08:12 Right alloca redzone: cb
> 16:08:12 Shadow gap: cc
> 16:08:12 ==8141==ABORTING
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
