[MCOL-2182] PrimProc crash - signal 11, Segmentation fault - funcexp::Func_lpad::getStrVal Created: 2019-02-19  Updated: 2020-08-25  Resolved: 2019-03-11

Status: Closed
Project: MariaDB ColumnStore
Component/s: PrimProc
Affects Version/s: 1.2.2
Fix Version/s: 1.2.3

Type: Bug Priority: Major
Reporter: David Hill (Inactive) Assignee: Daniel Lee (Inactive)
Resolution: Fixed Votes: 0
Labels: None
Environment:

2um 2pm

Sprint: 2019-03

 Description   

Customer reported PrimProc crash. From logs, there was no other processes crashes at the same time. System was left not working, they had to restart the system

Program terminated with signal 11, Segmentation fault.
#0 0x00007fdd43d4ec43 in funcexp::Func_lpad::getStrVal (this=<optimized out>, row=..., fp=..., isNull=@0x7fdd053fc45d: false)
at /data/buildbot/bb-worker/centos7/mariadb-columnstore-engine/utils/funcexp/func_lpad.cpp:127
127 /data/buildbot/bb-worker/centos7/mariadb-columnstore-engine/utils/funcexp/func_lpad.cpp: No such file or directory.
Missing separate debuginfos, use: debuginfo-install mariadb-columnstore-platform-1.2.2-1.x86_64
(gdb) bt
#0 0x00007fdd43d4ec43 in funcexp::Func_lpad::getStrVal (this=<optimized out>, row=..., fp=std::vector of length 2, capacity 2 =

{...}, isNull=@0x7fdd053fc45d: false)
at /data/buildbot/bb-worker/centos7/mariadb-columnstore-engine/utils/funcexp/func_lpad.cpp:127
#1 0x00007fdd447c612d in execplan::FunctionColumn::getStrVal (this=0x7fb6ff08f700, row=..., isNull=<optimized out>) at /data/buildbot/bb-worker/centos7/mariadb-columnstore-engine/dbcon/execplan/functioncolumn.h:209
#2 0x00007fdd43d2bc0e in funcexp::Func_Str::stringValue (this=<optimized out>, fp=..., row=..., isNull=@0x7fdd053fc45d: false, fFloatStr="HO")
at /data/buildbot/bb-worker/centos7/mariadb-columnstore-engine/utils/funcexp/functor_str.h:123
#3 0x00007fdd43d2b8ab in funcexp::Func_concat::getStrVal (this=0x7fb70b3ad1a0, row=..., parm=std::vector of length 4, capacity 4 = {...}

, isNull=@0x7fdd053fc45d: false)
at /data/buildbot/bb-worker/centos7/mariadb-columnstore-engine/utils/funcexp/func_concat.cpp:64
#4 0x00007fdd447c612d in execplan::FunctionColumn::getStrVal (this=0x7fb6ff08d080, row=..., isNull=<optimized out>) at /data/buildbot/bb-worker/centos7/mariadb-columnstore-engine/dbcon/execplan/functioncolumn.h:209
#5 0x00007fdd43d09687 in funcexp::FuncExp::evaluate (this=<optimized out>, row=..., expression=std::vector of length 1, capacity 1 =

{...}

)
at /data/buildbot/bb-worker/centos7/mariadb-columnstore-engine/utils/funcexp/funcexp.cpp:306
#6 0x00007fdd43d150e8 in funcexp::FuncExpWrapper::evaluate (this=0x7fdd0140f140, r=r@entry=0x7fb70237de28) at /data/buildbot/bb-worker/centos7/mariadb-columnstore-engine/utils/funcexp/funcexpwrapper.cpp:122
#7 0x00005582cbf3d996 in primitiveprocessor::BatchPrimitiveProcessor::execute (this=this@entry=0x7fb702359000)
at /data/buildbot/bb-worker/centos7/mariadb-columnstore-engine/primitives/primproc/batchprimitiveprocessor.cpp:1577
#8 0x00005582cbf3e433 in primitiveprocessor::BatchPrimitiveProcessor::operator() (this=0x7fb702359000) at /data/buildbot/bb-worker/centos7/mariadb-columnstore-engine/primitives/primproc/batchprimitiveprocessor.cpp:2030
#9 0x00005582cbf4e9d9 in primitiveprocessor::BPPSeeder::operator() (this=0x7fb701021420) at /data/buildbot/bb-worker/centos7/mariadb-columnstore-engine/primitives/primproc/bppseeder.cpp:287
#10 0x00007fdd4292994b in threadpool::PriorityThreadPool::threadFcn (this=0x7fdd3ac10880, preferredQueue=threadpool::PriorityThreadPool::LOW)
at /data/buildbot/bb-worker/centos7/mariadb-columnstore-engine/utils/threadpool/prioritythreadpool.cpp:191
#11 0x00007fdd412dd27a in thread_proxy () from /lib64/libboost_thread-mt.so.1.53.0
#12 0x00007fdd4083ddd5 in start_thread () from /lib64/libpthread.so.0
#13 0x00007fdd3f72eead in clone () from /lib64/libc.so.6

 Comments   
Comment by David Hall (Inactive) [ 2019-03-08 ]

The problem is the lpad() with only two parameters. I think the user has a mistake in their SQL, as the second parameter is in quotes and it should be a numeric value.

A change in MariaDB 10.3 allows lpad (and rpad) to allow only two parameters, the third --the pad character – defaulting to a space. Columnstore was not updated to reflect this change, and attempted to access the third parameter thus going outside the vector and causing a crash.

Code was fixed to insert a space as the default when two parameters are used. In addition, modifications were made to properly use a quoted numeric for the second parameter.

Note: the behavior when the second parameter is missed and so the third is used as the second (as possibly in the complainants case), there's a good chance the second parameter will evaluate to 0, in which case NULL will be returned.

Comment by David Hall (Inactive) [ 2019-03-08 ]

For QA:
select substr(l_comment,5,5), lpad(substr(l_comment,5,5),'0') from lineitem where l_comment like '. w%';

Will crash before the patch and will return 85 rows of NULL (1g) after the patch.

Comment by Daniel Lee (Inactive) [ 2019-03-11 ]

Build verified: 1.2.3-1 nightly

server commit:
2243073
engine commit:
2509d83

Generated at Thu Feb 08 02:34:21 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.