This is an automated email from the ASF dual-hosted git repository.
yiguolei pushed a commit to branch branch-2.1
in repository https://gitbox.apache.org/repos/asf/doris.git
The following commit(s) were added to refs/heads/branch-2.1 by this push:
new 34f55216430 [Bug](min-max) store string data in MinMaxNumFunc to avoid
use after free when cancel (#33152)
34f55216430 is described below
commit 34f552164300395e41bf0b9ad8d562bd93bacf68
Author: Pxl <[email protected]>
AuthorDate: Tue Apr 2 22:33:50 2024 +0800
[Bug](min-max) store string data in MinMaxNumFunc to avoid use after free
when cancel (#33152)
* store string data in MinMaxNumFunc to avoid use after free when cancel
* update
---
be/src/exprs/minmax_predicate.h | 37 +++++++++++++++++++++++--------------
be/src/exprs/runtime_filter.cpp | 3 +--
2 files changed, 24 insertions(+), 16 deletions(-)
diff --git a/be/src/exprs/minmax_predicate.h b/be/src/exprs/minmax_predicate.h
index e7d82c9523f..ee73f67de83 100644
--- a/be/src/exprs/minmax_predicate.h
+++ b/be/src/exprs/minmax_predicate.h
@@ -20,6 +20,7 @@
#include <type_traits>
#include "common/object_pool.h"
+#include "exprs/runtime_filter.h"
#include "runtime/type_limit.h"
#include "vec/columns/column.h"
#include "vec/columns/column_nullable.h"
@@ -36,7 +37,7 @@ public:
// assign minmax data
virtual Status assign(void* min_data, void* max_data) = 0;
// merge from other minmax_func
- virtual Status merge(MinMaxFuncBase* minmax_func, ObjectPool* pool) = 0;
+ virtual Status merge(MinMaxFuncBase* minmax_func) = 0;
virtual ~MinMaxFuncBase() = default;
bool contain_null() const { return _null_aware && _contain_null; }
@@ -81,6 +82,7 @@ public:
_max = std::max(_max, column_string.get_data_at(i));
}
}
+ store_string_ref();
} else {
const T* data = (T*)column->get_raw_data().data;
for (size_t i = start; i < size; i++) {
@@ -109,6 +111,7 @@ public:
}
}
}
+ store_string_ref();
} else {
const T* data = (T*)column->get_raw_data().data;
for (size_t i = start; i < size; i++) {
@@ -124,25 +127,16 @@ public:
}
}
- Status merge(MinMaxFuncBase* minmax_func, ObjectPool* pool) override {
+ Status merge(MinMaxFuncBase* minmax_func) override {
if constexpr (std::is_same_v<T, StringRef>) {
auto* other_minmax = static_cast<MinMaxNumFunc<T>*>(minmax_func);
if constexpr (NeedMin) {
- if (other_minmax->_min < _min) {
- auto& other_min = other_minmax->_min;
- auto* str = pool->add(new std::string(other_min.data,
other_min.size));
- _min.data = str->data();
- _min.size = str->length();
- }
+ _min = std::min(_min, other_minmax->_min);
}
if constexpr (NeedMax) {
- if (other_minmax->_max > _max) {
- auto& other_max = other_minmax->_max;
- auto* str = pool->add(new std::string(other_max.data,
other_max.size));
- _max.data = str->data();
- _max.size = str->length();
- }
+ _max = std::max(_max, other_minmax->_max);
}
+ store_string_ref();
} else {
auto* other_minmax = static_cast<MinMaxNumFunc<T>*>(minmax_func);
if constexpr (NeedMin) {
@@ -171,9 +165,24 @@ public:
return Status::OK();
}
+ void store_string_ref() {
+ if constexpr (std::is_same_v<T, StringRef>) {
+ if constexpr (NeedMin) {
+ _stored_min = _min.to_string();
+ _min = StringRef(_stored_min);
+ }
+ if constexpr (NeedMax) {
+ _stored_max = _max.to_string();
+ _max = StringRef(_stored_max);
+ }
+ }
+ }
+
protected:
T _max = type_limit<T>::min();
T _min = type_limit<T>::max();
+ std::string _stored_min;
+ std::string _stored_max;
};
template <class T>
diff --git a/be/src/exprs/runtime_filter.cpp b/be/src/exprs/runtime_filter.cpp
index f596e1f6459..a73b833f5e0 100644
--- a/be/src/exprs/runtime_filter.cpp
+++ b/be/src/exprs/runtime_filter.cpp
@@ -490,8 +490,7 @@ public:
case RuntimeFilterType::MIN_FILTER:
case RuntimeFilterType::MAX_FILTER:
case RuntimeFilterType::MINMAX_FILTER: {
- RETURN_IF_ERROR(
-
_context.minmax_func->merge(wrapper->_context.minmax_func.get(), _pool));
+
RETURN_IF_ERROR(_context.minmax_func->merge(wrapper->_context.minmax_func.get()));
break;
}
case RuntimeFilterType::BLOOM_FILTER: {
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
