[MCOL-1826] PrimProc crash in float/double to string conversion Created: 2018-10-21  Updated: 2020-08-25  Resolved: 2018-11-12

Status: Closed
Project: MariaDB ColumnStore
Component/s: PrimProc
Affects Version/s: 1.1.5
Fix Version/s: 1.1.7, 1.2.1

Type: Bug Priority: Major
Reporter: Andrew Hutchings (Inactive) Assignee: Roman
Resolution: Fixed Votes: 0
Labels: None

Attachments: File mcol1826.php    
Sprint: 2018-19, 2018-20

 Description   

Steps to reproduce:

1. Create table

create table test.t1 (a double, b double) engine=columnstore;

2. Run the attached PHP script as follows:

php mcol1826.php > mcol1826.csv

3. Insert the data:

cpimport test t1 mcol1826.csv

4. Run the query:

select concat_ws(':', a, b) from t1;

PrimProc will crash most of the time (may require a ColumnStore restart and retry if it doesn't)

 Comments   
Comment by Andrew Hutchings (Inactive) [ 2018-10-21 ]

Cause appears to be class global fFloatStr being used by multiple threads for multiple blocks during sringValue. Causing a race-style crash.

Comment by Andrew Hutchings (Inactive) [ 2018-10-22 ]

For QA: see description. This is a race condition so may not happen 100% of the time (but I was hitting it every time)

Comment by Roman [ 2018-11-12 ]

Fixed both in develop with HEAD at

commit 9cf4f01a54f95938ee039b99002b78ede917a2c5 (HEAD -> develop, upstream/develop)
 
Merge: f134f057 e587adac
 
Author: Patrick LeBlanc <43503225+pleblanc1976@users.noreply.github.com>
 
Date:   Fri Nov 9 14:47:53 2018 -0600
 
 
 
    Merge pull request #617 from mariadb-corporation/1.2.1-merge-fix
 
    
    fix merge issue in 1.2.1

and
develop-1.1

commit 65287a0613e11748e8bdb0ca5aac743acf1ac139
 
Author: Andrew Hutchings <andrew@linuxjedi.co.uk>
 
Date:   Mon Oct 22 17:56:49 2018 +0100
 
 
 
    MCOL-1826 Fix race in FLOAT/DOUBLE to string
 
    
    In the FLOAT/DOUBLE to string conversions a class global string was used
 
    to store the result. Unfortunately it is possible for an instance of
 
    this class to be used by multiple threads of PrimProc simultaneously.
 
    This would cause a race and data corruption or more likely a crash.
 
    
    This fix passes a string object from the caller to use instead.

Generated at Thu Feb 08 02:31:40 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.