Mryange opened a new pull request, #64944:
URL: https://github.com/apache/doris/pull/64944
### What problem does this PR solve?
`ColumnNullable::update_crc32c_batch()` normalized nullable fixed-width
nested columns by mutating `_nested_column` in a logically const hash path. The
mutation replaces NULL rows with default nested values before calling the
non-null nested crc32c hash routine, which keeps the intended hash semantics,
but it also changes the source column object while other readers may still
access the same block.
Root cause: `update_crc32c_batch()` moved/mutated the nested column and
wrote it back to `ColumnNullable::_nested_column`. When the same nullable
column is read concurrently by another path such as `insert_indices_from()`,
the old nested column or its raw data can be released while it is still being
read.
A focused BEUT can reproduce the problem before this fix:
```text
==2227142==ERROR: AddressSanitizer: heap-use-after-free
READ of size 4
#0 doris::ColumnVector<(doris::PrimitiveType)5>::insert_indices_from(...)
be/ut_build_ASAN/../src/core/column/column_vector.cpp:369:21
#1 doris::ColumnVector<(doris::PrimitiveType)5>::insert_indices_from(...)
be/ut_build_ASAN/../src/core/column/column_vector.cpp:373:5
#2 doris::ColumnNullable::insert_indices_from(...)
be/ut_build_ASAN/../src/core/column/column_nullable.cpp:378:25
freed by thread T18 here:
#12 doris::ColumnNullable::update_crc32c_batch(unsigned int*, unsigned
char const*) const
be/ut_build_ASAN/../src/core/column/column_nullable.cpp:194:86
SUMMARY: AddressSanitizer: heap-use-after-free
```
This PR keeps the crc32c hash result unchanged by normalizing a private
nested-column copy for hashing. The source `ColumnNullable` object is no longer
modified by the const hash method, so concurrent readers do not observe a
replaced or freed nested column.
### Release note
None
### Check List (For Author)
- Test <!-- At least one of them must be included. -->
- [ ] Regression test
- [ ] Unit Test
- [ ] Manual test (add detailed scripts or steps below)
- [ ] No need to test or manual test. Explain why:
- [ ] This is a refactor/code format and no logic has been changed.
- [ ] Previous test can cover this change.
- [ ] No code files have been changed.
- [ ] Other reason <!-- Add your reason? -->
- Behavior changed:
- [ ] No.
- [ ] Yes. <!-- Explain the behavior change -->
- Does this need documentation?
- [ ] No.
- [ ] Yes. <!-- Add document PR link here. eg:
https://github.com/apache/doris-website/pull/1214 -->
### Check List (For Reviewer who merge this PR)
- [ ] Confirm the release note
- [ ] Confirm test cases
- [ ] Confirm document
- [ ] Add branch pick label <!-- Add branch pick label that this PR should
merge into -->
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]