This is an automated email from the ASF dual-hosted git repository.
prozsa pushed a commit to branch branch-4.5.0
in repository https://gitbox.apache.org/repos/asf/impala.git
commit e0fa4fa842ec936892af911d43b4d6d7740fc612
Author: jasonmfehr <jf...@cloudera.com>
AuthorDate: Wed Feb 19 13:33:54 2025 -0800
IMPALA-13771: Fix heap-use-after-free in Cluster Membership Manager
The ASAN tests identified a heap-use-after-free issue. This patch
fixes that issue by moving the memory release to after its last use.
Local execution of custom-cluster-mgr-test ASAN replicated the same
heap-use-after-free failure.
Testing:
Existing custom-cluster-mgr-test passed locally using debug build.
Existing custom-cluster-mgr-test passed locally using ASAN build.
Change-Id: I4fd2c9faa6daba9274f38238b952c377a07794e9
Reviewed-on: http://gerrit.cloudera.org:8080/22503
Reviewed-by: Impala Public Jenkins <impala-public-jenk...@cloudera.com>
Tested-by: Impala Public Jenkins <impala-public-jenk...@cloudera.com>
---
be/src/scheduling/cluster-membership-mgr.cc | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/be/src/scheduling/cluster-membership-mgr.cc
b/be/src/scheduling/cluster-membership-mgr.cc
index ab8bf9a61..ce3c211db 100644
--- a/be/src/scheduling/cluster-membership-mgr.cc
+++ b/be/src/scheduling/cluster-membership-mgr.cc
@@ -300,12 +300,15 @@ void ClusterMembershipMgr::UpdateMembership(
RemoveExecutorAndGroup(be_desc, group, new_executor_groups);
}
}
- new_backend_map->erase(item.key);
// If a coordinator is not shutdown gracefully, then it will be
deleted here.
if (be_desc.is_coordinator()) {
_removeCoordIfExists(new_state, be_desc);
}
+
+ // Note: be_desc is a reference to item.key, thus this erase must come
at the end
+ // of the loop where be_desc is initialized.
+ new_backend_map->erase(item.key);
}
continue;
}
