Details
-
Bug
-
Status: Resolved
-
Blocker
-
Resolution: Fixed
-
Impala 3.2.0
-
ghx-label-7
Description
HiveUdfCall has the sizes of internal types hardcoded as magic numbers:
switch (GetChild(i)->type().type) { case TYPE_BOOLEAN: case TYPE_TINYINT: // Using explicit sizes helps the compiler unroll memcpy memcpy(input_ptr, v, 1); break; case TYPE_SMALLINT: memcpy(input_ptr, v, 2); break; case TYPE_INT: case TYPE_FLOAT: memcpy(input_ptr, v, 4); break; case TYPE_BIGINT: case TYPE_DOUBLE: memcpy(input_ptr, v, 8); break; case TYPE_TIMESTAMP: case TYPE_STRING: case TYPE_VARCHAR: memcpy(input_ptr, v, 16); break; default: DCHECK(false) << "NYI"; }
STRING and VARCHAR were only 16 bytes because of padding. This padding is removed by IMPALA-7367, so this will read past the end of the actual value. This could in theory lead to a crash.
We need to change the value, but we should probably also switch to sizeof(StringValue) so that it doesn't get broken by similar changes in future.
Attachments
Issue Links
- is broken by
-
IMPALA-7367 Pack StringValue, CollectionValue and TimestampValue slots
- Resolved