Uploaded image for project: 'IMPALA'
  1. IMPALA
  2. IMPALA-5252

Java UDF returning string can lead to crash under memory pressure.

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: Impala 2.8.0
    • Fix Version/s: Impala 2.9.0
    • Component/s: Backend
    • Labels:

      Description

      Look at this code from hive-udf-call.cc HiveUdfCall::GetStringVal():

      StringVal HiveUdfCall::GetStringVal(ExprContext* ctx, const TupleRow* row) {
        DCHECK_EQ(type_.type, TYPE_STRING);
        StringVal result = *reinterpret_cast<StringVal*>(Evaluate(ctx, row));
      
        // Copy the string into a local allocation with the usual lifetime for expr results.
        // Needed because the UDF output buffer is owned by the Java UDF executor and may be
        // freed or reused by the next call into the Java UDF executor.
        FunctionContext* fn_ctx = ctx->fn_context(fn_context_index_);
        uint8_t* local_alloc = fn_ctx->impl()->AllocateLocal(result.len);
        memcpy(local_alloc, result.ptr, result.len); <--- crash when local_alloc is nullptr
        result.ptr = local_alloc;
        return result;
      }
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                dhecht Dan Hecht
                Reporter:
                alex.behm Alexander Behm
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: