[
https://issues.apache.org/jira/browse/TRAFODION-3243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16712044#comment-16712044
]
ASF GitHub Bot commented on TRAFODION-3243:
-------------------------------------------
Github user asfgit closed the pull request at:
https://github.com/apache/trafodion/pull/1756
> Dereference of deallocated NAString in UPDATE STATISTICS can cause cores
> ------------------------------------------------------------------------
>
> Key: TRAFODION-3243
> URL: https://issues.apache.org/jira/browse/TRAFODION-3243
> Project: Apache Trafodion
> Issue Type: Bug
> Components: sql-cmp
> Affects Versions: 2.3, 2.4
> Reporter: David Wayne Birdsall
> Assignee: David Wayne Birdsall
> Priority: Major
>
> In ustat/hs_globals.cpp, the HSColGroupStruct destructor deletes the colNames
> member (an NAString), then calls HSColGroupStruct::freeISMemory. If logging
> is on (which is the default nowadays), the latter method dereferences
> colNames, calling its data() method. NAString :: data() adds a null
> terminator to the end of its string; in a deleted NAString, this can result
> in the corruption of a heap boundary tag. This seems to only happen in the
> case where the original string did not fit into the small_ buffer of the
> NAString (which happens when column names are sufficiently long, e.g.
> multi-column histograms) and then only rarely.
> The fix is to defer deleting colNames until after freeISMemory is called.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
