New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[R][C++] Undefined behaviour (clang sanitizer) in decompression #38479
Comments
The offending code is basically: library(arrow, warn.conflicts = FALSE)
tbl <- data.frame(
dbl = c(1:8, NA, 10) + .1,
lgl = sample(c(TRUE, FALSE, NA), 10, replace = TRUE),
false = logical(10),
chr = letters[c(1:5, NA, 7:10)]
)
tflz4 <- tempfile(fileext = ".csv.lz4")
write_csv_arrow(tbl, tflz4)
read_csv_arrow(tflz4)
#> dbl lgl false chr
#> 1 1.1 TRUE FALSE a
#> 2 2.1 FALSE FALSE b
#> 3 3.1 FALSE FALSE c
#> 4 4.1 TRUE FALSE d
#> 5 5.1 TRUE FALSE e
#> 6 6.1 FALSE FALSE <NA>
#> 7 7.1 NA FALSE g
#> 8 8.1 FALSE FALSE h
#> 9 NA NA FALSE i
#> 10 10.1 FALSE FALSE j I don't have a sanitizer build set up locally and may need some help! |
This looks like an empty buffer happens to be read for decompression, so a null pointer is used since there's no data to read. Even though the length of the buffer is zero, it's still being recognized as undefined behavior. That's odd to me since null pointer arithmetic with a zero offset is not UB in c++17 and the lz4 external project should inherit that. I'm not familiar enough with C to know if this differs there. In any case, it seems the fix should be to explicitly check for null in Lz4Decompressor and skip passing that through to LZ4F_decompress. Possibly we should also look for the |
I think that first we should find out why the decompressor is being called with a null pointer. Decompressed data is typically never empty, so this looks like a bug in |
Also, can you find out at which point this started failing @paleolimbot ? |
Thank you for taking a look! It looks like the last successful build was Oct 24 at 9:25 p.m...the only commit that jumps out at me is an R build system PR and some compression benchmarks, although the compression benchmarks seems to just be benchmarks. @assignUser the R install output is slightly different between the last passing run and the first failing run although it seems to be that the end result is the same (build libarrow from source). |
Hm I thought maybe the used lz4 version is different for some reason but it looks like both built it from source using version 1.9.4. The build system change has activated more features (gcs/s3, jemalloc, bz2, zlib, zstd, ...) by default which is likely the reason this is erroring now, can't really help with why though :/ |
Thanks, that helps: it started failing then because the build system change activated either gzip or lz4 on this build that hadn't been previously activated. Previously, this test just didn't run on the sanitizer build. |
I'll probably won't be able to reproduce locally (unless you can show me a simple way of doing with Docker / archery), but I can start from the traceback and try to diagnose from that. |
@paleolimbot Does this still happen? Edit: it does. |
…essor (apache#39125) ### Rationale for this change Avoid undefined behavior in LZ4 when adding an offset to a null pointer. ### Are these changes tested? Yes. ### Are there any user-facing changes? No. * Closes: apache#38479
…essor (apache#39125) ### Rationale for this change Avoid undefined behavior in LZ4 when adding an offset to a null pointer. ### Are these changes tested? Yes. ### Are there any user-facing changes? No. * Closes: apache#38479
…essor (apache#39125) ### Rationale for this change Avoid undefined behavior in LZ4 when adding an offset to a null pointer. ### Are these changes tested? Yes. ### Are there any user-facing changes? No. * Closes: apache#38479
Describe the bug, including details regarding any error messages, version, and platform.
From the latest test-fedora-r-clang-sanitizer nightly:
Component(s)
R
The text was updated successfully, but these errors were encountered: