Skip to content

Commit 633e6fd

Browse files
vasil-pashovvasil-pashov
authored
[Bugfix 9754509632] Fix use-after-stack-free (#2569)
#### Reference Issues/PRs <!--Example: Fixes #1234. See also #3456.--> Monday 9754509632 #### What does this implement or fix? Fix use after free of the component manager when exception is thrown during concatenation. See ASAN traceback in the details section. Because of this bug concatenation could randomly segfault instead of throw an exception. #### Any other comments? #### Checklist <details> SUMMARY: AddressSanitizer: stack-use-after-return /home/vasil/Documents/source/ArcticDB/cpp/arcticdb/version/local_versioned_engine.cpp:1234:103 in arcticdb::version_store::LocalVersionedEngine::batch_read_and_join_internal(std::shared_ptr<std::vector<std::variant<long, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, unsigned long>, std::allocator<std::variant<long, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, unsigned long>>>>, std::shared_ptr<std::vector<arcticdb::pipelines::VersionQuery, std::allocator<arcticdb::pipelines::VersionQuery>>>, std::vector<std::shared_ptr<arcticdb::pipelines::ReadQuery>, std::allocator<std::shared_ptr<arcticdb::pipelines::ReadQuery>>>&, arcticdb::ReadOptions const&, std::vector<std::shared_ptr<folly::Poly<arcticdb::IClause>>, std::allocator<std::shared_ptr<folly::Poly<arcticdb::IClause>>>>&&, std::any&)::$_1::operator()(std::optional<arcticdb::entity::AtomKeyImpl>&&) #0 0x7f464ece77e5 in std::__shared_ptr<arcticdb::ComponentManager, (__gnu_cxx::_Lock_policy)2>::__shared_ptr(std::__shared_ptr<arcticdb::ComponentManager, (__gnu_cxx::_Lock_policy)2> const&) /usr/lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/shared_ptr_base.h:1522:7 #1 0x7f464ece5aec in std::shared_ptr<arcticdb::ComponentManager>::shared_ptr(std::shared_ptr<arcticdb::ComponentManager> const&) /usr/lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/shared_ptr.h:204:7 #2 0x7f46545207ca in arcticdb::version_store::LocalVersionedEngine::batch_read_and_join_internal(std::shared_ptr<std::vector<std::variant<long, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, unsigned long>, std::allocator<std::variant<long, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, unsigned long>>>>, std::shared_ptr<std::vector<arcticdb::pipelines::VersionQuery, std::allocator<arcticdb::pipelines::VersionQuery>>>, std::vector<std::shared_ptr<arcticdb::pipelines::ReadQuery>, std::allocator<std::shared_ptr<arcticdb::pipelines::ReadQuery>>>&, arcticdb::ReadOptions const&, std::vector<std::shared_ptr<folly::Poly<arcticdb::IClause>>, std::allocator<std::shared_ptr<folly::Poly<arcticdb::IClause>>>>&&, std::any&)::$_1::operator()(std::optional<arcticdb::entity::AtomKeyImpl>&&) /home/vasil/Documents/source/ArcticDB/cpp/arcticdb/version/local_versioned_engine.cpp:1234:103 Address 0x7f465d82f4e0 is located in stack of thread T0 at offset 224 in frame #0 0x7f46544e0c4f in arcticdb::version_store::LocalVersionedEngine::batch_read_and_join_internal(std::shared_ptr<std::vector<std::variant<long, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, unsigned long>, std::allocator<std::variant<long, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, unsigned long>>>>, std::shared_ptr<std::vector<arcticdb::pipelines::VersionQuery, std::allocator<arcticdb::pipelines::VersionQuery>>>, std::vector<std::shared_ptr<arcticdb::pipelines::ReadQuery>, std::allocator<std::shared_ptr<arcticdb::pipelines::ReadQuery>>>&, arcticdb::ReadOptions const&, std::vector<std::shared_ptr<folly::Poly<arcticdb::IClause>>, std::allocator<std::shared_ptr<folly::Poly<arcticdb::IClause>>>>&&, std::any&) /home/vasil/Documents/source/ArcticDB/cpp/arcticdb/version/local_versioned_engine.cpp:1213 This frame has 20 object(s): [32, 48) 'retval.i' [64, 80) 'release_gil' (line 1214) [96, 120) 'opt_index_key_futs' (line 1216) [160, 184) 'symbol_processing_result_futs' (line 1217) [224, 240) 'component_manager' (line 1219) <== Memory access at offset 224 is inside this variable [256, 264) 'ref.tmp' (line 1220) [288, 304) '__begin2' (line 1220) [320, 336) '__end2' (line 1220) [352, 368) 'ref.tmp28' (line 1220) [384, 392) 'ref.tmp32' (line 1221) [416, 512) 'ref.tmp33' (line 1221) [544, 552) '__begin260' (line 1238) [576, 584) '__end263' (line 1238) [608, 624) 'agg.tmp' [640, 656) 'clauses_ptr' (line 1241) [672, 680) 'ref.tmp85' (line 1242) [704, 712) 'ref.tmp86' (line 1242) [736, 744) 'ref.tmp87' (line 1242) [768, 776) 'agg.tmp90' [800, 848) 'ref.tmp98' (line 1242) </details> <!-- Thanks for contributing a Pull Request to ArcticDB! Please ensure you have taken a look at: - ArcticDB's Code of Conduct: https://github.com/man-group/ArcticDB/blob/master/CODE_OF_CONDUCT.md - ArcticDB's Contribution Licensing: https://github.com/man-group/ArcticDB/blob/master/docs/mkdocs/docs/technical/contributing.md#contribution-licensing -->
1 parent f558210 commit 633e6fd

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

cpp/arcticdb/version/local_versioned_engine.cpp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1225,7 +1225,7 @@ MultiSymbolReadOutput LocalVersionedEngine::batch_read_and_join_internal(
12251225
read_query = read_queries.empty() ? std::make_shared<ReadQuery>(): read_queries[idx],
12261226
idx,
12271227
read_options,
1228-
&component_manager](std::optional<AtomKey>&& opt_index_key) mutable {
1228+
component_manager](std::optional<AtomKey>&& opt_index_key) mutable {
12291229
auto version_info = get_version_identifier(
12301230
(*stream_ids)[idx],
12311231
(*version_queries)[idx],

0 commit comments

Comments
 (0)