[HAWQ-1797] heap-use-after-free serializeNode - ASF JIRA

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.0.0.0
Component/s: Core
Labels:
None

Description

16:08:12 ==8141==ERROR: AddressSanitizer: heap-use-after-free on address 0x6290002e7bf0 at pc 0x0000004eb904 bp 0x7fff6dc7bd60 sp 0x7fff6dc7b500
16:08:12 READ of size 4 at 0x6290002e7bf0 thread T0
16:08:12     #0 0x4eb903 in memcpy /local/mnt/workspace/bcain_0721/llvm/utils/release/final/llvm.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:792:5
16:08:12     #1 0x8b6add in appendBinaryStringInfo /root/hawq/hawq/src/backend/lib/stringinfo.c:258:2
16:08:12     #2 0x942f4f in _outQueryResource /root/hawq/hawq/src/backend/nodes/outfast.c:3977:2
16:08:12     #3 0x9330c5 in _outNode /root/hawq/hawq/src/backend/nodes/outfast.c:4826:5
16:08:12     #4 0x93368e in _outPlannedStmt /root/hawq/hawq/src/backend/nodes/outfast.c:482:2
16:08:12     #5 0x931bb0 in _outNode /root/hawq/hawq/src/backend/nodes/outfast.c:4011:5
16:08:12     #6 0x931a60 in nodeToBinaryStringFast /root/hawq/hawq/src/backend/nodes/outfast.c:4880:2
16:08:12     #7 0xcd7dc0 in serializeNode /root/hawq/hawq/src/backend/cdb/cdbsrlz.c:90:12
16:08:12     #8 0xd05cf3 in prepare_dispatch_query_desc /root/hawq/hawq/src/backend/cdb/dispatcher.c:606:12
16:08:12     #9 0x843336 in ExecutorStart /root/hawq/hawq/src/backend/executor/execMain.c:976:19
16:08:12     #10 0xa47150 in PortalStart /root/hawq/hawq/src/backend/tcop/pquery.c:1316:5
16:08:12     #11 0xa3e175 in exec_simple_query /root/hawq/hawq/src/backend/tcop/postgres.c:1857:3
16:08:12     #12 0xa3c4d2 in PostgresMain /root/hawq/hawq/src/backend/tcop/postgres.c:5015:6
16:08:12     #13 0x9e341f in BackendRun /root/hawq/hawq/src/backend/postmaster/postmaster.c:5996:16
16:08:12     #14 0x9e07c8 in BackendStartup /root/hawq/hawq/src/backend/postmaster/postmaster.c:5565:15
16:08:12     #15 0x9dd876 in ServerLoop /root/hawq/hawq/src/backend/postmaster/postmaster.c:2173:7
16:08:12     #16 0x9dbf77 in PostmasterMain /root/hawq/hawq/src/backend/postmaster/postmaster.c:1457:11
16:08:12     #17 0x8e58e5 in main /root/hawq/hawq/src/backend/main/main.c:226:7
16:08:12     #18 0x7f83ac788b34 in __libc_start_main (/lib64/libc.so.6+0x21b34)
16:08:12     #19 0x4d161c in _start (/usr/local/hawq-4.0.0.0/bin/postgres+0x4d161c)
16:08:12 
16:08:12 0x6290002e7bf0 is located 14832 bytes inside of 16384-byte region [0x6290002e4200,0x6290002e8200)
16:08:12 freed by thread T0 here:
16:08:12     #0 0x5790e2 in free /local/mnt/workspace/bcain_0721/llvm/utils/release/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:124:3
16:08:12     #1 0xb903c8 in gp_free2 /root/hawq/hawq/src/backend/utils/mmgr/memprot.c:477:3
16:08:12     #2 0xb882e4 in AllocSetReset /root/hawq/hawq/src/backend/utils/mmgr/aset.c:948:4
16:08:12     #3 0xb8ad6d in MemoryContextResetAndDeleteChildren /root/hawq/hawq/src/backend/utils/mmgr/mcxt.c:286:2
16:08:12     #4 0xd05a3e in dispatch_init_env /root/hawq/hawq/src/backend/cdb/dispatcher.c:430:4
16:08:12 
16:08:12 previously allocated by thread T0 here:
16:08:12     #0 0x579463 in __interceptor_malloc /local/mnt/workspace/bcain_0721/llvm/utils/release/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:146:3
16:08:12     #1 0xb8fd5d in gp_malloc /root/hawq/hawq/src/backend/utils/mmgr/memprot.c:408:8
16:08:12     #2 0xb8986d in AllocSetAllocImpl /root/hawq/hawq/src/backend/utils/mmgr/aset.c:1227:24
16:08:12     #3 0xb86dee in AllocSetAlloc /root/hawq/hawq/src/backend/utils/mmgr/aset.c:1307:9
16:08:12     #4 0xb8bfdb in MemoryContextAllocZeroImpl /root/hawq/hawq/src/backend/utils/mmgr/mcxt.c:1129:8
16:08:12 
16:08:12 SUMMARY: AddressSanitizer: heap-use-after-free /local/mnt/workspace/bcain_0721/llvm/utils/release/final/llvm.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:792:5 in memcpy
16:08:12 Shadow bytes around the buggy address:
16:08:12   0x0c5280054f20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
16:08:12   0x0c5280054f30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
16:08:12   0x0c5280054f40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
16:08:12   0x0c5280054f50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
16:08:12   0x0c5280054f60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
16:08:12 =>0x0c5280054f70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd
16:08:12   0x0c5280054f80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
16:08:12   0x0c5280054f90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
16:08:12   0x0c5280054fa0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
16:08:12   0x0c5280054fb0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
16:08:12   0x0c5280054fc0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
16:08:12 Shadow byte legend (one shadow byte represents 8 application bytes):
16:08:12   Addressable:           00
16:08:12   Partially addressable: 01 02 03 04 05 06 07 
16:08:12   Heap left redzone:       fa
16:08:12   Freed heap region:       fd
16:08:12   Stack left redzone:      f1
16:08:12   Stack mid redzone:       f2
16:08:12   Stack right redzone:     f3
16:08:12   Stack after return:      f5
16:08:12   Stack use after scope:   f8
16:08:12   Global redzone:          f9
16:08:12   Global init order:       f6
16:08:12   Poisoned by user:        f7
16:08:12   Container overflow:      fc
16:08:12   Array cookie:            ac
16:08:12   Intra object redzone:    bb
16:08:12   ASan internal:           fe
16:08:12   Left alloca redzone:     ca
16:08:12   Right alloca redzone:    cb
16:08:12   Shadow gap:              cc
16:08:12 ==8141==ABORTING

heap-use-after-free serializeNode

Details

Description

Attachments

Activity

People

Dates