koarz opened a new pull request, #59204: URL: https://github.com/apache/doris/pull/59204
在执行`init_file_cache_factory` 的时候会进入以下路径 ```txt init_file_cache_factory -> FileCacheFactory::create_file_cache -> cache->initialize() -> initialize_unlocked -> _storage->init(this) -> FSFileCacheStorage::init() (这时候会创建一个线程_cache_background_load_thread剩下的操作都在这个线程里) -> upgrade_cache_dir_if_necessary -> read_file_cache_version -> FileSystem::open_file -> open_file_impl -> LocalFileReader::LocalFileReader -> BeConfDataDirReader::get_data_dir_by_file_path ``` 在`FSFileCacheStorage::init`执行结束(创建_cache_background_load_thread线程)之后 `ExecEnv::_init` 会继续向下执行 `doris::io::BeConfDataDirReader::init_be_conf_data_dir` 这里会对 `be_config_data_dir_list` 做 push 操作,而`BeConfDataDirReader::get_data_dir_by_file_path`就是对`be_config_data_dir_list`进行遍历,这就导致一个问题,如果在读取这个 vector 的数据的过程中`doris::io::BeConfDataDirReader::init_be_conf_data_dir`还在插入数据,那么 1. range for 进行遍历`be_config_data_dir_list`操作时修改`be_config_data_dir_list`是 *UB* 2. 如果这时候`be_config_data_dir_list`正好发生扩容,对`be_config_data_dir_list`元素读取操作就会导致悬垂引用触发 `heap-use-after-free` 因为`init_be_conf_data_dir`需要用到从`init_file_cache_factory`来的`cache_paths`所以我们要小心控制时序避免错误 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
