ASAN error: heap-buffer-overflow in MemIndex::load_segment #4459
Description
Describe the bug
Error reported in clone procedure:
Wed Aug 12 21:42:13 CST 2020: =================================================================
Wed Aug 12 21:42:13 CST 2020: ==35521==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x607001923f3e at pc 0x000000d13012 bp 0x7fa3e7296d20 sp 0x7fa3e72964d0
Wed Aug 12 21:42:13 CST 2020: READ of size 1792 at 0x607001923f3e thread T954
Wed Aug 12 21:42:13 CST 2020: #0 0xd13011 in __interceptor_memcpy ../../.././libsanitizer/asan/asan_interceptors.cc:456
Wed Aug 12 21:42:13 CST 2020: #1 0x313b92a in doris::memory_copy(void*, void const*, unsigned long) /home/laiyingchun/ap_doris/be/src/util/mem_util.hpp:622
Wed Aug 12 21:42:13 CST 2020: #2 0x313b92a in doris::MemIndex::load_segment(char const*, unsigned long*, bool) /home/laiyingchun/ap_doris/be/src/olap/olap_index.cpp:216
Wed Aug 12 21:42:13 CST 2020: #3 0x180e17a in doris::SegmentGroup::load(bool) /home/laiyingchun/ap_doris/be/src/olap/rowset/segment_group.cpp:358
Wed Aug 12 21:42:13 CST 2020: #4 0x1774d3c in doris::AlphaRowset::do_load(bool) /home/laiyingchun/ap_doris/be/src/olap/rowset/alpha_rowset.cpp:42
Wed Aug 12 21:42:13 CST 2020: #5 0x175da37 in doris::Rowset::load(bool) /home/laiyingchun/ap_doris/be/src/olap/rowset/rowset.cpp:54
Wed Aug 12 21:42:13 CST 2020: #6 0x31c4238 in doris::SnapshotManager::_rename_rowset_id(doris::RowsetMetaPB const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, doris::TabletSchema&, doris::RowsetId const&, doris::RowsetMetaPB*) /home/laiyingchun/ap_doris/be/src/olap/snapshot_manager.cpp:208
Wed Aug 12 21:42:13 CST 2020: #7 0x31c879a in doris::SnapshotManager::convert_rowset_ids(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, long, int const&) /home/laiyingchun/ap_doris/be/src/olap/snapshot_manager.cpp:166
Wed Aug 12 21:42:14 CST 2020: #8 0x325aef5 in doris::EngineCloneTask::_clone_copy(doris::DataDir&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, doris::TBackend*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >*, std::vector<doris::Version, std::allocator<doris::Version> > const*, bool*) /home/laiyingchun/ap_doris/be/src/olap/task/engine_clone_task.cpp:366
Wed Aug 12 21:42:14 CST 2020: #9 0x325dc5b in doris::EngineCloneTask::execute() /home/laiyingchun/ap_doris/be/src/olap/task/engine_clone_task.cpp:171
Wed Aug 12 21:42:14 CST 2020: #10 0x12649fe in doris::StorageEngine::execute_task(doris::EngineTask*) /home/laiyingchun/ap_doris/be/src/olap/storage_engine.cpp:932
Wed Aug 12 21:42:14 CST 2020: #11 0x2a9ff37 in doris::TaskWorkerPool::_clone_worker_thread_callback(void*) /home/laiyingchun/ap_doris/be/src/agent/task_worker_pool.cpp:900
Wed Aug 12 21:42:14 CST 2020: #12 0x7fa4a8df7dc4 in start_thread (/lib64/libpthread.so.0+0x7dc4)
Wed Aug 12 21:42:14 CST 2020: #13 0x7fa4a910373c in clone (/lib64/libc.so.6+0xf773c)
...
Reproduce by insert:
(gdb) bt
#0 0x00007f515ab791d7 in raise () from /lib64/libc.so.6
#1 0x00007f515ab7a8c8 in abort () from /lib64/libc.so.6
#2 0x0000000001a9c336 in google::DumpStackTraceAndExit () at src/utilities.cc:147
#3 0x0000000001a9363d in google::LogMessage::Fail () at src/logging.cc:1599
#4 0x0000000001a954c4 in google::LogMessage::SendToLog (this=0x7f505f4044b0) at src/logging.cc:1553
#5 0x0000000001a93164 in google::LogMessage::Flush (this=0x7f505f4044b0) at src/logging.cc:1422
#6 0x0000000001a95ef9 in google::LogMessageFatal::~LogMessageFatal (this=<optimized out>, __in_chrg=<optimized out>) at src/logging.cc:2125
#7 0x000000000157800c in doris::MemIndex::load_segment (this=this@entry=0x47b47ecb0, file=<optimized out>, current_num_rows_per_row_block=current_num_rows_per_row_block@entry=0x47b47eea8, use_cache=use_cache@entry=true)
at /builds/olap/doris/be/src/olap/olap_index.cpp:258
#8 0x0000000000f30bcf in doris::SegmentGroup::load (this=0x47b47ec00, use_cache=use_cache@entry=true) at /builds/olap/doris/be/src/olap/rowset/segment_group.cpp:358
#9 0x0000000000f172e5 in doris::AlphaRowsetWriter::build (this=0x772c72280) at /builds/olap/doris/be/src/olap/rowset/alpha_rowset_writer.cpp:164
#10 0x000000000156eb79 in doris::DeltaWriter::close_wait (this=0x3d251e960, tablet_vec=tablet_vec@entry=0x25334dd78) at /builds/olap/doris/be/src/olap/delta_writer.cpp:223
#11 0x0000000000ff1efc in doris::TabletsChannel::close (this=this@entry=0x2f34c8f00, sender_id=<optimized out>, finished=finished@entry=0x7f505f4073b0, partition_ids=..., tablet_vec=tablet_vec@entry=0x25334dd78)
at /builds/olap/doris/be/src/runtime/tablets_channel.cpp:168
#12 0x0000000000feecc8 in doris::LoadChannel::add_batch (this=this@entry=0x8301b36c0, request=..., tablet_vec=tablet_vec@entry=0x25334dd78) at /builds/olap/doris/be/src/runtime/load_channel.cpp:99
#13 0x0000000000fea241 in doris::LoadChannelMgr::add_batch (this=0x9920cf00, request=..., tablet_vec=0x25334dd78, wait_lock_time_ns=wait_lock_time_ns@entry=0x7f505f407710) at /builds/olap/doris/be/src/runtime/load_channel_mgr.cpp:149
#14 0x0000000001071955 in doris::PInternalServiceImpl<palo::PInternalService>::tablet_writer_add_batch(google::protobuf::RpcController*, doris::PTabletWriterAddBatchRequest const*, doris::PTabletWriterAddBatchResult*, google::protobuf::Closure*)::{lambda()#1}::operator()() const (__closure=0x20ee09cc0) at /builds/olap/doris/be/src/service/internal_service.cpp:109
#15 0x0000000000f853f5 in operator() (this=0x7f505f4077e8) at /var/local/thirdparty/installed/include/boost/function/function_template.hpp:759
#16 doris::PriorityThreadPool::work_thread (this=0x259ff510, thread_id=<optimized out>) at /builds/olap/doris/be/src/util/priority_thread_pool.hpp:138
#17 0x0000000001a432ed in thread_proxy ()
#18 0x00007f515a92fdc5 in start_thread () from /lib64/libpthread.so.0
#19 0x00007f515ac3b73d in clone () from /lib64/libc.so.6
(gdb)
To Reproduce
Steps to reproduce the behavior:
- Create a table with nullable varchar type key.
- Insert a row with the nullable key to null
- An ASAN error will report as above.
Expected behavior
no error