0dayhunter777 opened a new issue, #47409:
URL: https://github.com/apache/arrow/issues/47409
### Describe the bug, including details regarding any error messages,
version, and platform.
I would like to report a NULL Pointer Dereference bug I encountered while
testing the latest version(21.0.0) of arrow.
The gdb debugging log is in arrow/gdb_debug_log, and the input is in
arrow/input
Reproduction steps:
1. gdb arrow
2. r input/null_dereference
Output:
(gdb) r null_dereference
Starting program: /root/SemaFuzz/Benchmarks/arrow/fuzz/arrowfuzz
null_dereference
warning: Error disabling address space randomization: Operation not permitted
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
@@GetShareKey -> 0xC3B3C5D0
[New Thread 0x7bfa618ca700 (LWP 2239)]
[Thread 0x7bfa618ca700 (LWP 2239) exited]
[New Thread 0x7bfa618ca700 (LWP 2240)]
Thread 3 "arrowfuzz" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7bfa618ca700 (LWP 2240)]
0x00007bfa84f82cd1 in arrow::json::HandlerBase::Null (this=0x7bfa5c000c20)
at
/root/SemaFuzz/Benchmarks/arrow/arrow-apache-arrow-19.0.1/cpp/src/arrow/json/parser.cc:675
675 status_ = builder_set_.AppendNull(builder_stack_.back(),
field_index_, builder_);
(gdb) bt
#0 0x00007bfa84f82cd1 in arrow::json::HandlerBase::Null
(this=0x7bfa5c000c20)
at
/root/SemaFuzz/Benchmarks/arrow/arrow-apache-arrow-19.0.1/cpp/src/arrow/json/parser.cc:675
#1 0x00007bfa84f9bf87 in
arrow::rapidjson::GenericReader<arrow::rapidjson::UTF8<char>,
arrow::rapidjson::UTF8<char>, arrow::rapidjson::CrtAllocator>::ParseNull<332u,
arrow::rapidjson::EncodedInputStream<arrow::rapidjson::UTF8<char>,
arrow::rapidjson::MemoryStream>,
arrow::json::Handler<(arrow::json::UnexpectedFieldBehavior)2> >
(this=0x7bfa618c9500, is=..., handler=warning: RTTI symbol not found for class
'arrow::json::Handler<(arrow::json::UnexpectedFieldBehavior)2>'
...) at /usr/include/rapidjson/reader.h:710
#2 0x00007bfa84f9a0de in
arrow::rapidjson::GenericReader<arrow::rapidjson::UTF8<char>,
arrow::rapidjson::UTF8<char>, arrow::rapidjson::CrtAllocator>::ParseValue<332u,
arrow::rapidjson::EncodedInputStream<arrow::rapidjson::UTF8<char>,
arrow::rapidjson::MemoryStream>,
arrow::json::Handler<(arrow::json::UnexpectedFieldBehavior)2> >
(this=0x7bfa618c9500, is=..., handler=warning: RTTI symbol not found for class
'arrow::json::Handler<(arrow::json::UnexpectedFieldBehavior)2>'
...) at /usr/include/rapidjson/reader.h:1394
#3 0x00007bfa84f9994e in
arrow::rapidjson::GenericReader<arrow::rapidjson::UTF8<char>,
arrow::rapidjson::UTF8<char>, arrow::rapidjson::CrtAllocator>::Transit<332u,
arrow::rapidjson::EncodedInputStream<arrow::rapidjson::UTF8<char>,
arrow::rapidjson::MemoryStream>,
arrow::json::Handler<(arrow::json::UnexpectedFieldBehavior)2> >
(this=0x7bfa618c9500,
src=arrow::rapidjson::GenericReader<arrow::rapidjson::UTF8<char>,
arrow::rapidjson::UTF8<char>,
arrow::rapidjson::CrtAllocator>::IterativeParsingStartState,
token=arrow::rapidjson::GenericReader<arrow::rapidjson::UTF8<char>,
arrow::rapidjson::UTF8<char>, arrow::rapidjson::CrtAllocator>::NullToken,
dst=arrow::rapidjson::GenericReader<arrow::rapidjson::UTF8<char>,
arrow::rapidjson::UTF8<char>,
arrow::rapidjson::CrtAllocator>::IterativeParsingValueState,
is=..., handler=warning: RTTI symbol not found for class
'arrow::json::Handler<(arrow::json::UnexpectedFieldBehavior)2>'
...) at /usr/include/rapidjson/reader.h:1792
#4 0x00007bfa84f98888 in
arrow::rapidjson::GenericReader<arrow::rapidjson::UTF8<char>,
arrow::rapidjson::UTF8<char>,
arrow::rapidjson::CrtAllocator>::IterativeParse<332u,
arrow::rapidjson::EncodedInputStream<arrow::rapidjson::UTF8<char>,
arrow::rapidjson::MemoryStream>,
arrow::json::Handler<(arrow::json::UnexpectedFieldBehavior)2> >
(this=0x7bfa618c9500, is=..., handler=warning: RTTI symbol not found for class
'arrow::json::Handler<(arrow::json::UnexpectedFieldBehavior)2>'
...) at /usr/include/rapidjson/reader.h:1832
#5 0x00007bfa84f98614 in
arrow::rapidjson::GenericReader<arrow::rapidjson::UTF8<char>,
arrow::rapidjson::UTF8<char>, arrow::rapidjson::CrtAllocator>::Parse<332u,
arrow::rapidjson::EncodedInputStream<arrow::rapidjson::UTF8<char>,
arrow::rapidjson::MemoryStream>,
arrow::json::Handler<(arrow::json::UnexpectedFieldBehavior)2> >
(this=0x7bfa618c9500, is=..., handler=warning: RTTI symbol not found for class
'arrow::json::Handler<(arrow::json::UnexpectedFieldBehavior)2>'
...) at /usr/include/rapidjson/reader.h:487
#6 0x00007bfa84f981ad in
arrow::json::HandlerBase::DoParse<arrow::json::Handler<(arrow::json::UnexpectedFieldBehavior)2>,
arrow::rapidjson::EncodedInputStream<arrow::rapidjson::UTF8<char>,
arrow::rapidjson::MemoryStream> > (this=0x7bfa5c000c20, handler=warning: RTTI
symbol not found for class
'arrow::json::Handler<(arrow::json::UnexpectedFieldBehavior)2>'
..., json=..., json_size=98)
at
/root/SemaFuzz/Benchmarks/arrow/arrow-apache-arrow-19.0.1/cpp/src/arrow/json/parser.cc:774
#7 0x00007bfa84f9806f in
arrow::json::HandlerBase::DoParse<arrow::json::Handler<(arrow::json::UnexpectedFieldBehavior)2>
> (this=0x7bfa5c000c20, handler=warning: RTTI symbol not found for class
'arrow::json::Handler<(arrow::json::UnexpectedFieldBehavior)2>'
...,
json=warning: RTTI symbol not found for class
'std::_Sp_counted_ptr_inplace<arrow::Buffer, std::allocator<arrow::Buffer>,
(__gnu_cxx::_Lock_policy)2>'
warning: RTTI symbol not found for class
'std::_Sp_counted_ptr_inplace<arrow::Buffer, std::allocator<arrow::Buffer>,
(__gnu_cxx::_Lock_policy)2>'
std::shared_ptr<arrow::Buffer> (use count 2, weak count 0) = {...})
at
/root/SemaFuzz/Benchmarks/arrow/arrow-apache-arrow-19.0.1/cpp/src/arrow/json/parser.cc:801
#8 0x00007bfa84f97d76 in
arrow::json::Handler<(arrow::json::UnexpectedFieldBehavior)2>::Parse
(this=0x7bfa5c000c20, json=warning: RTTI symbol not found for class
'std::_Sp_counted_ptr_inplace<arrow::Buffer, std::allocator<arrow::Buffer>,
(__gnu_cxx::_Lock_policy)2>'
warning: RTTI symbol not found for class
'std::_Sp_counted_ptr_inplace<arrow::Buffer, std::allocator<arrow::Buffer>,
(__gnu_cxx::_Lock_policy)2>'
std::shared_ptr<arrow::Buffer> (use count 2, weak count 0) = {...}) at
/root/SemaFuzz/Benchmarks/arrow/arrow-apache-arrow-19.0.1/cpp/src/arrow/json/parser.cc:1081
#9 0x00007bfa84fc2cd4 in arrow::json::(anonymous namespace)::ParseBlock
(block=..., parse_options=..., pool=0x7bfa85cc5d40 <arrow::global_state+320>,
out_size=0x0) at
/root/SemaFuzz/Benchmarks/arrow/arrow-apache-arrow-19.0.1/cpp/src/arrow/json/reader.cc:162
#10 0x00007bfa84ff9200 in arrow::json::(anonymous
namespace)::TableReaderImpl::ParseAndInsert (this=0x3ca97a50, block=...)
at
/root/SemaFuzz/Benchmarks/arrow/arrow-apache-arrow-19.0.1/cpp/src/arrow/json/reader.cc:287
#11 0x00007bfa84ff9108 in arrow::json::(anonymous
namespace)::TableReaderImpl::Read()::{lambda()#1}::operator()() const
(this=0x3ca97ec8)
at
/root/SemaFuzz/Benchmarks/arrow/arrow-apache-arrow-19.0.1/cpp/src/arrow/json/reader.cc:268
#12 0x00007bfa84ff9070 in arrow::internal::FnOnce<arrow::Status
()>::FnImpl<arrow::json::(anonymous
namespace)::TableReaderImpl::Read()::{lambda()#1}>::invoke() (
this=0x3ca97ec0) at
/root/SemaFuzz/Benchmarks/arrow/arrow-apache-arrow-19.0.1/cpp/src/arrow/util/functional.h:152
#13 0x00007bfa8504735d in arrow::internal::FnOnce<arrow::Status
()>::operator()() && (this=0x3ca97698)
at
/root/SemaFuzz/Benchmarks/arrow/arrow-apache-arrow-19.0.1/cpp/src/arrow/util/functional.h:140
#14 0x00007bfa851f302c in arrow::internal::(anonymous
namespace)::ThreadedTaskGroup::AppendReal(arrow::internal::FnOnce<arrow::Status
()>)::{lambda()#1}::operator()() (this=0x3ca97688) at
/root/SemaFuzz/Benchmarks/arrow/arrow-apache-arrow-19.0.1/cpp/src/arrow/util/task_group.cc:114
#15 0x00007bfa851f2e5c in arrow::internal::FnOnce<void
()>::FnImpl<arrow::internal::(anonymous
namespace)::ThreadedTaskGroup::AppendReal(arrow::internal::FnOnce<arrow::Status
()>)::{lambda()#1}>::invoke() (this=0x3ca97680) at
/root/SemaFuzz/Benchmarks/arrow/arrow-apache-arrow-19.0.1/cpp/src/arrow/util/functional.h:152
#16 0x00007bfa8520d279 in arrow::internal::FnOnce<void ()>::operator()() &&
(this=0x7bfa618c9c60)
at
/root/SemaFuzz/Benchmarks/arrow/arrow-apache-arrow-19.0.1/cpp/src/arrow/util/functional.h:140
#17 0x00007bfa852249cd in arrow::internal::WorkerLoop (state=warning: RTTI
symbol not found for class
'std::_Sp_counted_ptr_inplace<arrow::internal::ThreadPool::State,
std::allocator<arrow::internal::ThreadPool::State>, (__gnu_cxx::_Lock_policy)2>'
warning: RTTI symbol not found for class
'std::_Sp_counted_ptr_inplace<arrow::internal::ThreadPool::State,
std::allocator<arrow::internal::ThreadPool::State>, (__gnu_cxx::_Lock_policy)2>'
std::shared_ptr<arrow::internal::ThreadPool::State> (use count 3, weak count
1) = {...}, it=
{_M_id = {_M_thread = 136315308648192}}) at
/root/SemaFuzz/Benchmarks/arrow/arrow-apache-arrow-19.0.1/cpp/src/arrow/util/thread_pool.cc:478
#18 0x00007bfa852241bf in
arrow::internal::ThreadPool::LaunchWorkersUnlocked(int)::$_6::operator()()
const (this=0x3ca98158)
at
/root/SemaFuzz/Benchmarks/arrow/arrow-apache-arrow-19.0.1/cpp/src/arrow/util/thread_pool.cc:643
#19 0x00007bfa85224118 in std::__invoke_impl<void,
arrow::internal::ThreadPool::LaunchWorkersUnlocked(int)::$_6>(std::__invoke_other,
arrow::internal::ThreadPool::LaunchWorkersUnlocked(int)::$_6&&) (__f=...) at
/usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/invoke.h:60
#20 0x00007bfa85223fc8 in
std::__invoke<arrow::internal::ThreadPool::LaunchWorkersUnlocked(int)::$_6>(arrow::internal::ThreadPool::LaunchWorkersUnlocked(int)::$_6&&)
(__fn=...) at
/usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/invoke.h:95
#21 0x00007bfa85223f50 in
std::thread::_Invoker<std::tuple<arrow::internal::ThreadPool::LaunchWorkersUnlocked(int)::$_6>
>::_M_invoke<0ul>(std::_Index_tuple<0ul>)
(this=0x3ca98158) at
/usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/thread:264
#22 0x00007bfa85223ed0 in
std::thread::_Invoker<std::tuple<arrow::internal::ThreadPool::LaunchWorkersUnlocked(int)::$_6>
>::operator()() (this=0x3ca98158)
at /usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/thread:271
#23 0x00007bfa85223ae4 in
std::thread::_State_impl<std::thread::_Invoker<std::tuple<arrow::internal::ThreadPool::LaunchWorkersUnlocked(int)::$_6>
> >::_M_run() (
this=0x3ca98150) at
/usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/thread:215
#24 0x00007bfa8650a67f in ?? () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#25 0x00007bfa81ed06db in start_thread (arg=0x7bfa618ca700) at
pthread_create.c:463
#26 0x00007bfa81bf961f in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95
Compiler version: g++ 9.4.0
OS version: ubuntu22.04.1
[arrow.zip](https://github.com/user-attachments/files/21929353/arrow.zip)
### Component(s)
C++
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@arrow.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
