[MCOL-2018] Dictionary null comparison check can crash Created: 2018-12-12  Updated: 2020-08-25  Resolved: 2019-01-22

Status: Closed
Project: MariaDB ColumnStore
Component/s: None
Affects Version/s: None
Fix Version/s: 1.1.7, 1.2.3

Type: Bug Priority: Blocker
Reporter: Andrew Hutchings (Inactive) Assignee: Daniel Lee (Inactive)
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
Relates
Sprint: 2018-21, 2019-01

 Description   

StringStore::isNullValue does the following check:

return (*((uint64_t*) &mc->data[offset] + 4) == *((uint64_t*) joblist::CPNULLSTRMARK.c_str()));

This jumps by 4x 8 bytes instead of 4 bytes. It should instead be:

return (*((uint64_t*) &mc->data[offset + 4]) == *((uint64_t*) joblist::CPNULLSTRMARK.c_str()));



 Comments   
Comment by Andrew Hutchings (Inactive) [ 2018-12-12 ]

For QA:

I haven't been able to find a way to make this crash in the same way observed in a provided core file, but the bad behaviour is easily observable when using GDB. I suggest that it passing regression is probably good enough.

Comment by patrice [ 2018-12-12 ]

Hi Andrew,
Should this line be corrected also ? https://github.com/mariadb-corporation/mariadb-columnstore-engine/blob/7989ccefe0052fa87893e1d72e3075d90ad010f5/utils/rowgroup/rowgroup.h#L1654

Comment by Andrew Hutchings (Inactive) [ 2018-12-12 ]

plinel that line is fine since on Intel platforms the size of char is 1. If that is ever not the case it will need to be revised but I would expect other things would also need to be revised at the same time. The one in this bug is only a problem because we were casting to uint64_t which is 8 bytes so were skipping 4x 8 bytes instead of 4x 1 bytes.

Comment by Daniel Lee (Inactive) [ 2019-01-22 ]

Builds verified: 1.1.7-1, 1.2.3-1

1.1.7-1
server commit:
b5a7a22
engine commit:
d87b9a6

1.2.3-1

server commit:
61f32f2
engine commit:
83b2d4c

Generated at Thu Feb 08 02:33:06 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.