Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] stringfunction substring may cause heap-buffer-overflow #5951

Closed
stdpain opened this issue Jun 1, 2021 · 0 comments · Fixed by #5952
Closed

[BUG] stringfunction substring may cause heap-buffer-overflow #5951

stdpain opened this issue Jun 1, 2021 · 0 comments · Fixed by #5952

Comments

@stdpain
Copy link
Contributor

stdpain commented Jun 1, 2021

Describe the bug

==3930==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60c000000878 at pc 0x000000ae00ce bp 0x7ffeb16aa660 sp 0x7ffeb16aa658
READ of size 8 at 0x60c000000878 thread T0
    #0 0xae00cd in doris::StringFunctions::substring(doris_udf::FunctionContext*, doris_udf::StringVal const&, doris_udf::IntVal const&, doris_udf::IntVal const&) ../src/exprs/string_functions.cpp:98
    #1 0xa3f24e in doris::StringFunctionsTest_substring_Test::TestBody() ../test/exprs/string_functions_test.cpp:295
    #2 0x15d9d2d in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) (/opt/stdpain/doris/baidu/bdg/doris/core/be/ut_build_ASAN/test/exprs/string_functions_test+0x15d9d2d)
    #3 0x15d4bef in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) (/opt/stdpain/doris/baidu/bdg/doris/core/be/ut_build_ASAN/test/exprs/string_functions_test+0x15d4bef)
    #4 0x15bb21b in testing::Test::Run() (/opt/stdpain/doris/baidu/bdg/doris/core/be/ut_build_ASAN/test/exprs/string_functions_test+0x15bb21b)
    #5 0x15bba45 in testing::TestInfo::Run() (/opt/stdpain/doris/baidu/bdg/doris/core/be/ut_build_ASAN/test/exprs/string_functions_test+0x15bba45)
    #6 0x15bc092 in testing::TestCase::Run() (/opt/stdpain/doris/baidu/bdg/doris/core/be/ut_build_ASAN/test/exprs/string_functions_test+0x15bc092)
    #7 0x15c28fd in testing::internal::UnitTestImpl::RunAllTests() (/opt/stdpain/doris/baidu/bdg/doris/core/be/ut_build_ASAN/test/exprs/string_functions_test+0x15c28fd)
    #8 0x15dad0a in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) (/opt/stdpain/doris/baidu/bdg/doris/core/be/ut_build_ASAN/test/exprs/string_functions_test+0x15dad0a)
    #9 0x15d58c1 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) (/opt/stdpain/doris/baidu/bdg/doris/core/be/ut_build_ASAN/test/exprs/string_functions_test+0x15d58c1)
    #10 0x15c1643 in testing::UnitTest::Run() (/opt/stdpain/doris/baidu/bdg/doris/core/be/ut_build_ASAN/test/exprs/string_functions_test+0x15c1643)
    #11 0xa7f918 in RUN_ALL_TESTS() (/opt/stdpain/doris/baidu/bdg/doris/core/be/ut_build_ASAN/test/exprs/string_functions_test+0xa7f918)
    #12 0xa74d55 in main ../test/exprs/string_functions_test.cpp:642
    #13 0x7f7afa4d3b8a in __libc_start_main ../csu/libc-start.c:308
    #14 0x9609b9 in _start (/opt/stdpain/doris/baidu/bdg/doris/core/be/ut_build_ASAN/test/exprs/string_functions_test+0x9609b9)

To Reproduce

select substring('abc', 0, 2);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[BUG] Fixed the problem that substring function may access illegal ad… stdpain/incubator-doris
1 participant
@stdpain