Chenxi Li created ARROW-15597:
---------------------------------
Summary: [C++][Compute] Crash of out-of-bounds memory accessing in
KeyCompare::NullUpdateColumnToRowImp_avx2 of hash_aggregate
Key: ARROW-15597
URL: https://issues.apache.org/jira/browse/ARROW-15597
Project: Apache Arrow
Issue Type: Bug
Components: C++
Reporter: Chenxi Li
Assignee: Chenxi Li
Run `RandomArraySum` multiple times, there is a high probability that a crash
of out-of-bounds memory accessing will occur. The crash is caused by the
following code:
{code:c++}
left = _mm256_cvtepu8_epi32(_mm_set1_epi8(static_cast<uint8_t>(
reinterpret_cast<const uint16_t*>(non_nulls + i)[0] >>
col.bit_offset(0)))); {code}
This code access the last bytes in the type of `uint16_t`, so one extra byte of
null_bitmap is accessed.
`non_nulls` comes from the null_bitmap of an array. If the length of the array
is close to or equal to a multiple of 64, then the null_bitmap lacks padding
bytes after the last bytes. This code leads to a crash of out-of-bounds memory
accessing.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
