[jira] [Commented] (PARQUET-739) Read after free with uncompressed page

Thu, 06 Oct 2016 20:31:52 -0700 

    [ 
https://issues.apache.org/jira/browse/PARQUET-739?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15553982#comment-15553982
 ] 

Wes McKinney commented on PARQUET-739:
--------------------------------------

The memory referenced by ByteArray objects is not owned by them, you might be 
running into memory ownership issues. Also little consideration so far has been 
given to concurrency. As an aside, would appreciate some help with this

> Read after free with uncompressed page
> --------------------------------------
>
>                 Key: PARQUET-739
>                 URL: https://issues.apache.org/jira/browse/PARQUET-739
>             Project: Parquet
>          Issue Type: Bug
>          Components: parquet-cpp
>            Reporter: Florian Scheibner
>            Assignee: Florian Scheibner
>
> Reading two parquet files in parallel lead to a memory corruption that caused 
> a crash. The columns are rle dictionary encoded strings in an uncompressed 
> page, created with parquet-mr. -fsanitize tracked the issue to a use-after 
> free:
> {code}
> =================================================================
> ==81678==ERROR: AddressSanitizer: heap-use-after-free on address 
> 0x6060001088c0 at pc 0x000003dbd42b bp 0x7fffe30fbe00 sp 0x7fffe30fbdf8
> READ of size 16 at 0x6060001088c0 thread T8
>    #0 0x3dbd42a in int 
> parquet::RleDecoder::GetBatchWithDict<parquet::ByteArray>(parquet::Vector<parquet::ByteArray>
>  const&, parquet::ByteArray*, int) 
> (/home/fscheibner/Snowflake/ExecPlatform/bin/snowflake+0x3dbd42a)
>    #1 0x3db8efa in 
> parquet::DictionaryDecoder<parquet::DataType<(parquet::Type::type)6> 
> >::Decode(parquet::ByteArray*, int) 
> (/home/fscheibner/Snowflake/ExecPlatform/bin/snowflake+0x3db8efa)
>    #2 0x3d84767 in 
> parquet::TypedColumnReader<parquet::DataType<(parquet::Type::type)6> 
> >::ReadValues(long, parquet::ByteArray*) 
> (/home/fscheibner/Snowflake/ExecPlatform/bin/snowflake+0x3d84767)
>    #3 0x3d83497 in 
> parquet::TypedColumnReader<parquet::DataType<(parquet::Type::type)6> 
> >::ReadBatch(int, short*, short*, parquet::ByteArray*, long*) 
> (/home/fscheibner/Snowflake/ExecPlatform/bin/snowflake+0x3d83497)
> {code}
> Initial debugging showed that the indices for the dictionary returned by the 
> rle decoder are garbage. So that data page got corrupted in memory. Reading 
> the files in one thread works.
> I have a ColumnReader for each column and read one element from reach column 
> to get a complete row.
> My guess is that some data buffer is freed and then later still used for 
> reading. I couldn't track the source yet. Any ideas [~wesmckinn]?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to