Uploaded image for project: 'IMPALA'
  1. IMPALA
  2. IMPALA-8846

Undefined behaviour in RleEncoder::Put

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Epic Color:
      ghx-label-3

      Description

      On line https://github.com/apache/impala/blob/4000da35be69e469500f5f11e0e5fdec119cf5c7/be/src/util/rle-encoding.h#L346, we test repeat_count_ <= std::numeric_limits<int32_t>::max(), which is always true (repeat_count_ is an int), then we increment repeat_count which could be std::numeric_limits<int32_t>::max() and overflow, which is undefined behaviour for signed integers.

       

      We should either change <= to < or if we think that this never happens, remove the misleading check.

      If we correct the check, it may lead to some (probably small) performance regression because the compiler could have optimised this out.

        Attachments

        Issue Links

          Activity

            People

            • Assignee:
              daniel.becker Daniel Becker
              Reporter:
              daniel.becker Daniel Becker

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment