David Wayne Birdsall created TRAFODION-3243:
-----------------------------------------------
Summary: Dereference of deallocated NAString in UPDATE STATISTICS
can cause cores
Key: TRAFODION-3243
URL: https://issues.apache.org/jira/browse/TRAFODION-3243
Project: Apache Trafodion
Issue Type: Bug
Components: sql-cmp
Affects Versions: 2.3, 2.4
Reporter: David Wayne Birdsall
Assignee: David Wayne Birdsall
In ustat/hs_globals.cpp, the HSColGroupStruct destructor deletes the colNames
member (an NAString), then calls HSColGroupStruct::freeISMemory. If logging is
on (which is the default nowadays), the latter method dereferences colNames,
calling its data() method. NAString :: data() adds a null terminator to the end
of its string; in a deleted NAString, this can result in the corruption of a
heap boundary tag. This seems to only happen in the case where the original
string did not fit into the small_ buffer of the NAString (which happens when
column names are sufficiently long, e.g. multi-column histograms) and then only
rarely.
The fix is to defer deleting colNames until after freeISMemory is called.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
