[PR] [fix](core) Validate row indices in MutableBlock::add_rows to prevent… [doris]

Wed, 18 Feb 2026 00:47:11 -0800 


aryash45 opened a new pull request, #60783:
URL: https://github.com/apache/doris/pull/60783

   ## Proposed changes
   
   This bug was originally reported on version 2.1 (#60713). As suggested by 
the maintainer, I verified that the same vulnerability exists on 4.0 (master).
   
   The DCHECK_GE in MutableBlock::add_rows was debug-only (stripped in release 
builds) and semantically incorrect — it compared the count of indices against 
source column size, but the indices are arbitrary row references whose values 
could exceed the source size.
   
   This caused a SIGSEGV crash in ColumnStr::insert_indices_from when 
INSERT...SELECT operations through the Exchange Sink produced out-of-bounds row 
indices (e.g. during _send_new_partition_batch recursive sink calls).
   
   Fix: Replace the debug-only DCHECK with a proper runtime validation that 
checks each index value against the source block's row count before passing 
indices to insert_indices_from. The validation is done once before the 
per-column loop since all columns in a block share the same row count.
   
   Added unit test BlockTest.add_rows_out_of_bounds_index to verify:
   - Valid indices work correctly
   - Out-of-bounds indices return error instead of crashing
   - Off-by-one boundary indices are caught
   
   ### What problem does this PR solve?
   
   Issue Number: close #60713
   
   Problem Summary: SIGSEGV crash in `ColumnStr::insert_indices_from` due to 
out-of-bounds row indices passed from `MutableBlock::add_rows`, which only had 
debug-only validation (DCHECK) stripped in release builds.
   
   ### Release note
   
   Fixed a SIGSEGV crash during INSERT...SELECT operations caused by invalid 
row index validation in MutableBlock::add_rows.
   
   ### Check List (For Author)
   
   - Test
       - [x] Unit Test
       - [ ] Manual test
       - [ ] No need to test or manual test.
   
   - Behavior changed:
       - [x] No.
   
   - Does this need documentation?
       - [x] No.
   
   ### Check List (For Reviewer who merge this PR)
   
   - [ ] Confirm the release note
   - [ ] Confirm test cases
   - [ ] Confirm document
   - [ ] Add branch pick label


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to