[C++] Segmentation fault in `ExecBatchBuilder` #39583

zanmato1984 · 2024-01-12T16:39:31Z

Describe the bug, including details regarding any error messages, version, and platform.

This is a subsequent issue of #32570.

In the last fix #39234, I didn't realize there were similar issue for fixed size types.

I am now able to produce the segmentation fault using fixed size types, listed in the following UT:

TEST(ExecBatchBuilder, AppendBatchDupRowsFixedSize) {
  std::unique_ptr<MemoryPool> owned_pool = MemoryPool::CreateDefault();
  MemoryPool* pool = owned_pool.get();
  {
    // 63-byte data occupying almost one minimal 64-byte aligned memory region.
    ExecBatch batch_fsb = JSONToExecBatch({fixed_size_binary(9)}, R"([
        ["000000000"],
        ["000000000"],
        ["000000000"],
        ["000000000"],
        ["000000000"],
        ["000000000"],
        ["123456789"]])");  // 9-byte tail row, not aligned to a word.
    ASSERT_EQ(batch_fsb[0].array()->buffers[1]->capacity(), 64);
    ExecBatchBuilder builder;
    uint16_t row_ids[2] = {6, 6};
    ASSERT_OK(builder.AppendSelected(pool, batch_fsb, 2, row_ids, /*num_cols=*/1));
    ExecBatch built = builder.Flush();
    ExecBatch batch_fsb_appended =
        JSONToExecBatch({fixed_size_binary(9)}, R"([["123456789"], ["123456789"]])");
    ASSERT_EQ(batch_fsb_appended, built);
    ASSERT_NE(0, pool->bytes_allocated());
  }
  ASSERT_EQ(0, pool->bytes_allocated());
}

Component(s)

C++

The text was updated successfully, but these errors were encountered:

zanmato1984 · 2024-01-12T16:39:54Z

I'm fixing this. Take.

zanmato1984 · 2024-01-12T16:45:06Z

Take

…ecutive tail rows with the same id may exceed buffer boundary (for fixed size types) (#39585) ### Rationale for this change #39583 is a subsequent issue of #32570 (fixed by #39234). The last issue and fixed only resolved var length types. It turns out fixed size types have the same issue. ### What changes are included in this PR? Do the same fix of #39234 for fixed size types. ### Are these changes tested? UT included. ### Are there any user-facing changes? * Closes: #39583 Authored-by: zanmato1984 <zanmato1984@gmail.com> Signed-off-by: Antoine Pitrou <antoine@python.org>

…g consecutive tail rows with the same id may exceed buffer boundary (for fixed size types) (apache#39585) ### Rationale for this change apache#39583 is a subsequent issue of apache#32570 (fixed by apache#39234). The last issue and fixed only resolved var length types. It turns out fixed size types have the same issue. ### What changes are included in this PR? Do the same fix of apache#39234 for fixed size types. ### Are these changes tested? UT included. ### Are there any user-facing changes? * Closes: apache#39583 Authored-by: zanmato1984 <zanmato1984@gmail.com> Signed-off-by: Antoine Pitrou <antoine@python.org>

…ecutive tail rows with the same id may exceed buffer boundary (for fixed size types) (#39585) ### Rationale for this change #39583 is a subsequent issue of #32570 (fixed by #39234). The last issue and fixed only resolved var length types. It turns out fixed size types have the same issue. ### What changes are included in this PR? Do the same fix of #39234 for fixed size types. ### Are these changes tested? UT included. ### Are there any user-facing changes? * Closes: #39583 Authored-by: zanmato1984 <zanmato1984@gmail.com> Signed-off-by: Antoine Pitrou <antoine@python.org>

…g consecutive tail rows with the same id may exceed buffer boundary (for fixed size types) (apache#39585) ### Rationale for this change apache#39583 is a subsequent issue of apache#32570 (fixed by apache#39234). The last issue and fixed only resolved var length types. It turns out fixed size types have the same issue. ### What changes are included in this PR? Do the same fix of apache#39234 for fixed size types. ### Are these changes tested? UT included. ### Are there any user-facing changes? * Closes: apache#39583 Authored-by: zanmato1984 <zanmato1984@gmail.com> Signed-off-by: Antoine Pitrou <antoine@python.org>

zanmato1984 added the Type: bug label Jan 12, 2024

github-actions bot added the Component: C++ label Jan 12, 2024

github-actions bot assigned zanmato1984 Jan 12, 2024

This was referenced Jan 12, 2024

GH-39583: [C++] Fix the issue of ExecBatchBuilder when appending consecutive tail rows with the same id may exceed buffer boundary (for fixed size types) #39585

Merged

[C++] Segmentation fault on arrow-compute-hash-join-node-test on macos nightlies #32570

Closed

pitrou closed this as completed in #39585 Jan 17, 2024

pitrou added this to the 16.0.0 milestone Jan 17, 2024

raulcd modified the milestones: 16.0.0, 15.0.1 Jan 18, 2024

zanmato1984 mentioned this issue Feb 7, 2024

[C++][CI] Debug memory pool interferes with ASAN check #39973

Closed

amoeba added the Critical Fix Bugfixes for security vulnerabilities, crashes, or invalid data. label Feb 28, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[C++] Segmentation fault in `ExecBatchBuilder` #39583

[C++] Segmentation fault in `ExecBatchBuilder` #39583

zanmato1984 commented Jan 12, 2024

zanmato1984 commented Jan 12, 2024

zanmato1984 commented Jan 12, 2024 •

edited

Loading

[C++] Segmentation fault in ExecBatchBuilder #39583

[C++] Segmentation fault in ExecBatchBuilder #39583

Comments

zanmato1984 commented Jan 12, 2024

Describe the bug, including details regarding any error messages, version, and platform.

Component(s)

zanmato1984 commented Jan 12, 2024

zanmato1984 commented Jan 12, 2024 • edited Loading

[C++] Segmentation fault in `ExecBatchBuilder` #39583

[C++] Segmentation fault in `ExecBatchBuilder` #39583

zanmato1984 commented Jan 12, 2024 •

edited

Loading