Uploaded image for project: 'IMPALA'
  1. IMPALA
  2. IMPALA-8846

Undefined behaviour in RleEncoder::Put

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • None
    • None
    • None
    • ghx-label-3

    Description

      On line https://github.com/apache/impala/blob/4000da35be69e469500f5f11e0e5fdec119cf5c7/be/src/util/rle-encoding.h#L346, we test repeat_count_ <= std::numeric_limits<int32_t>::max(), which is always true (repeat_count_ is an int), then we increment repeat_count which could be std::numeric_limits<int32_t>::max() and overflow, which is undefined behaviour for signed integers.

       

      We should either change <= to < or if we think that this never happens, remove the misleading check.

      If we correct the check, it may lead to some (probably small) performance regression because the compiler could have optimised this out.

      Attachments

        1. original.txt
          7 kB
          Daniel Becker
        2. with_check.txt
          7 kB
          Daniel Becker

        Issue Links

          is a child of

          Task - A task that needs to be done. IMPALA-5031 UBSAN clean and method for testing UBSAN cleanliness

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • In Progress

          Activity

            People

              daniel.becker Daniel Becker
              daniel.becker Daniel Becker
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: