[jira] [Commented] (TRAFODION-3243) Dereference of deallocated NAString in UPDATE STATISTICS can cause cores

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/TRAFODION-3243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16710641#comment-16710641
 ] 

ASF GitHub Bot commented on TRAFODION-3243:
-------------------------------------------

GitHub user DaveBirdsall opened a pull request:

    https://github.com/apache/trafodion/pull/1756

    [TRAFODION-3243] Avoid dereference of deleted NAString in UPDATE STATISTICS

    In the HSColGroupStruct destructor, move the call to 
HSColGroupStruct::freeISMemory up to the front, before the "delete colNames" 
statement. The freeISMemory method dereferences colNames. Before this fix, this 
could cause cores.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/DaveBirdsall/trafodion Trafodion3243

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/trafodion/pull/1756.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #1756
    
----
commit 95380a07e2e4f2aec45d9f0b5a92378cc13da33f
Author: Dave Birdsall <dbirdsall@...>
Date:   2018-12-05T21:15:08Z

    [TRAFODION-3243] Avoid dereference of deleted NAString in UPDATE STATISTICS

----


> Dereference of deallocated NAString in UPDATE STATISTICS can cause cores
> ------------------------------------------------------------------------
>
>                 Key: TRAFODION-3243
>                 URL: https://issues.apache.org/jira/browse/TRAFODION-3243
>             Project: Apache Trafodion
>          Issue Type: Bug
>          Components: sql-cmp
>    Affects Versions: 2.3, 2.4
>            Reporter: David Wayne Birdsall
>            Assignee: David Wayne Birdsall
>            Priority: Major
>
> In ustat/hs_globals.cpp, the HSColGroupStruct destructor deletes the colNames 
> member (an NAString), then calls HSColGroupStruct::freeISMemory. If logging 
> is on (which is the default nowadays), the latter method dereferences 
> colNames, calling its data() method. NAString :: data() adds a null 
> terminator to the end of its string; in a deleted NAString, this can result 
> in the corruption of a heap boundary tag. This seems to only happen in the 
> case where the original string did not fit into the small_ buffer of the 
> NAString (which happens when column names are sufficiently long, e.g. 
> multi-column histograms) and then only rarely.
> The fix is to defer deleting colNames until after freeISMemory is called.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)