Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[C++] ASAN reports heap buffer overflow in TestArray.TestAppendArraySlice #39976

Closed
zanmato1984 opened this issue Feb 7, 2024 · 1 comment · Fixed by #39994
Closed

[C++] ASAN reports heap buffer overflow in TestArray.TestAppendArraySlice #39976

zanmato1984 opened this issue Feb 7, 2024 · 1 comment · Fixed by #39994
Assignees
@zanmato1984
Labels
Component: C++ Critical Fix Bugfixes for security vulnerabilities, crashes, or invalid data. Type: bug
Milestone
15.0.1

Comments

@zanmato1984
Copy link
Collaborator

Describe the bug, including details regarding any error messages, version, and platform.

This is a failure that should have been reported by our ASAN check but is somehow prevented by the problem discussed in #39973 . There is a a living demo in https://github.com/zanmato1984/arrow/actions/runs/7752895694/job/21143188221?pr=3#step:6:3370. One can also reproduce this issue in local by:

cmake --preset ninja-debug -DARROW_USE_ASAN=ON -DARROW_JEMALLOC=OFF -DARROW_MIMALLOC=OFF ..
ninja -j8
./debug/arrow-array-test

Component(s)

C++
@zanmato1984 zanmato1984 mentioned this issue Feb 7, 2024
Merged
@zanmato1984
Copy link
Collaborator Author

take

@github-actions github-actions bot mentioned this issue Feb 8, 2024
Merged
pitrou pushed a commit that referenced this issue Feb 8, 2024
@zanmato1984
GH-39976: [C++] Fix out-of-line data size calculation in BinaryViewBu…
98c4225 
…ilder::AppendArraySlice (#39994)

### Rationale for this change

Fix the bug in `BinaryViewBuilder::AppendArraySlice` that, when calculating out-of-line data size, the array is wrongly iterated.

### What changes are included in this PR?

Fix and UT.

### Are these changes tested?

UT included.

### Are there any user-facing changes?

No.

* Closes: #39976

Authored-by: Ruoxi Sun <zanmato1984@gmail.com>
Signed-off-by: Antoine Pitrou <antoine@python.org>
@pitrou pitrou modified the milestones: 16.0.0, 15.0.1 Feb 8, 2024
dgreiss pushed a commit to dgreiss/arrow that referenced this issue Feb 19, 2024
@zanmato1984 @dgreiss
apacheGH-39976: [C++] Fix out-of-line data size calculation in Binary…
a6f2549 
…ViewBuilder::AppendArraySlice (apache#39994)

### Rationale for this change

Fix the bug in `BinaryViewBuilder::AppendArraySlice` that, when calculating out-of-line data size, the array is wrongly iterated.

### What changes are included in this PR?

Fix and UT.

### Are these changes tested?

UT included.

### Are there any user-facing changes?

No.

* Closes: apache#39976

Authored-by: Ruoxi Sun <zanmato1984@gmail.com>
Signed-off-by: Antoine Pitrou <antoine@python.org>
raulcd pushed a commit that referenced this issue Feb 20, 2024
@zanmato1984 @raulcd
GH-39976: [C++] Fix out-of-line data size calculation in BinaryViewBu…
23a8991 
…ilder::AppendArraySlice (#39994)

### Rationale for this change

Fix the bug in `BinaryViewBuilder::AppendArraySlice` that, when calculating out-of-line data size, the array is wrongly iterated.

### What changes are included in this PR?

Fix and UT.

### Are these changes tested?

UT included.

### Are there any user-facing changes?

No.

* Closes: #39976

Authored-by: Ruoxi Sun <zanmato1984@gmail.com>
Signed-off-by: Antoine Pitrou <antoine@python.org>
@amoeba amoeba added the Critical Fix Bugfixes for security vulnerabilities, crashes, or invalid data. label Feb 27, 2024
zanmato1984 added a commit to zanmato1984/arrow that referenced this issue Feb 28, 2024
@zanmato1984
apacheGH-39976: [C++] Fix out-of-line data size calculation in Binary…
3ed6727 
…ViewBuilder::AppendArraySlice (apache#39994)

### Rationale for this change

Fix the bug in `BinaryViewBuilder::AppendArraySlice` that, when calculating out-of-line data size, the array is wrongly iterated.

### What changes are included in this PR?

Fix and UT.

### Are these changes tested?

UT included.

### Are there any user-facing changes?

No.

* Closes: apache#39976

Authored-by: Ruoxi Sun <zanmato1984@gmail.com>
Signed-off-by: Antoine Pitrou <antoine@python.org>
thisisnic pushed a commit to thisisnic/arrow that referenced this issue Mar 8, 2024
@zanmato1984 @thisisnic
apacheGH-39976: [C++] Fix out-of-line data size calculation in Binary…
8a5ed96 
…ViewBuilder::AppendArraySlice (apache#39994)

### Rationale for this change

Fix the bug in `BinaryViewBuilder::AppendArraySlice` that, when calculating out-of-line data size, the array is wrongly iterated.

### What changes are included in this PR?

Fix and UT.

### Are these changes tested?

UT included.

### Are there any user-facing changes?

No.

* Closes: apache#39976

Authored-by: Ruoxi Sun <zanmato1984@gmail.com>
Signed-off-by: Antoine Pitrou <antoine@python.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zanmato1984 zanmato1984

Labels
Component: C++ Critical Fix Bugfixes for security vulnerabilities, crashes, or invalid data. Type: bug
Projects
None yet
Milestone
15.0.1
3 participants
@amoeba @zanmato1984 @pitrou