(doris) branch master updated: [Fix](Variant) ColumnObject need to be finalized when doing ColumnObject::update_hash_with_value (#28119)

Thu, 07 Dec 2023 02:49:43 -0800 

This is an automated email from the ASF dual-hosted git repository.

eldenmoon pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/doris.git


The following commit(s) were added to refs/heads/master by this push:
     new 942450a2e52 [Fix](Variant) ColumnObject need to be finalized when 
doing ColumnObject::update_hash_with_value (#28119)
942450a2e52 is described below

commit 942450a2e5284e8cb9637e9ac5ad4e6e13121c69
Author: lihangyu <15605149...@163.com>
AuthorDate: Thu Dec 7 18:48:05 2023 +0800

    [Fix](Variant) ColumnObject need to be finalized when doing 
ColumnObject::update_hash_with_value (#28119)
    
    Otherwise accessing rows at `n` will lead to heap buffer overflow
    
    ```
     5# SipHash::update(char const*, unsigned long) at 
/home/zcp/repo_center/doris_master/doris/be/src/vec/common/sip_hash.h:132
     6# doris::vectorized::ColumnString::update_hash_with_value(unsigned long, 
SipHash&) const at 
/home/zcp/repo_center/doris_master/doris/be/src/vec/columns/column_string.h:452
     7# doris::vectorized::ColumnObject::update_hash_with_value(unsigned long, 
SipHash&) const at 
/home/zcp/repo_center/doris_master/doris/be/src/vec/columns/column_object.cpp:1433
     8# doris::vectorized::Block::update_hash(SipHash&) const at 
/home/zcp/repo_center/doris_master/doris/be/src/vec/core/block.cpp:721
     9# doris::EngineChecksumTask::_compute_checksum() at
    ```
---
 be/src/vec/columns/column_object.cpp | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/be/src/vec/columns/column_object.cpp 
b/be/src/vec/columns/column_object.cpp
index 78ff31a55db..730161cf5b8 100644
--- a/be/src/vec/columns/column_object.cpp
+++ b/be/src/vec/columns/column_object.cpp
@@ -1430,8 +1430,18 @@ void ColumnObject::insert_indices_from(const IColumn& 
src, const uint32_t* indic
 }
 
 void ColumnObject::update_hash_with_value(size_t n, SipHash& hash) const {
-    for_each_imutable_subcolumn(
-            [&](const auto& subcolumn) { return 
subcolumn.update_hash_with_value(n, hash); });
+    if (!is_finalized()) {
+        // finalize has no side effect and can be safely used in const 
functions
+        const_cast<ColumnObject*>(this)->finalize();
+    }
+    for_each_imutable_subcolumn([&](const auto& subcolumn) {
+        if (n >= subcolumn.size()) {
+            LOG(FATAL) << n << " greater than column size " << subcolumn.size()
+                       << " sub_column_info:" << subcolumn.dump_structure()
+                       << " total lines of this column " << num_rows;
+        }
+        return subcolumn.update_hash_with_value(n, hash);
+    });
 }
 
 void ColumnObject::for_each_imutable_subcolumn(ImutableColumnCallback 
callback) const {


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org
For additional commands, e-mail: commits-h...@doris.apache.org

Reply via email to