jacktengg opened a new pull request, #18182: URL: https://github.com/apache/doris/pull/18182
# Proposed changes Issue Number: close #xxx ## Problem summary Query cause be cordump: ``` select ORTHOGONAL_BITMAP_UNION_COUNT( cast(null as bitmap)) from t; ``` coredump stask: ``` ==3246170==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x604000682878 at pc 0x555e96d6a8f9 bp 0x7faf823fb770 sp 0x7faf823fb768 READ of size 4 at 0x604000682878 thread T448 (FragmentMgrThre) #0 0x555e96d6a8f8 in doris::BitmapValue::operator|=(doris::BitmapValue const&) /mnt/disk1//projects/doris/be/src/util/bitmap_value.h:1243:21 #1 0x555e9e02a769 in doris::vectorized::OrthBitmapUnionCountData<doris::StringRef>::add(doris::vectorized::IColumn const**, unsigned long) /mnt/disk1//projects/doris/be/src/vec/aggregate_functions/aggregate_function_orthogonal_bitmap.h:287:15 #2 0x555e9e0286b4 in doris::vectorized::AggFunctionOrthBitmapFunc<doris::vectorized::OrthBitmapUnionCountData<doris::StringRef>>::add(char*, doris::vectorized::IColumn const*, unsigned long, doris::vectorized::Arena) const /mnt/disk1//projects/doris/be/src/vec/aggregate_functions/aggregate_function_orthogonal_bitmap.h:323:27 #3 0x555e9e029ad7 in doris::vectorized::IAggregateFunctionHelper<doris::vectorized::AggFunctionOrthBitmapFunc<doris::vectorized::OrthBitmapUnionCountData<doris::StringRef>>>::add_batch_single_place(unsigned long, char*, doris::vectorized::IColumn const*, doris::vectorized::Arena) const /mnt/disk1//projects/doris/be/src/vec/aggregate_functions/aggregate_function.h:263:48 #4 0x555ea33b03d4 in doris::vectorized::AggFnEvaluator::execute_single_add(doris::vectorized::Block*, char*, doris::vectorized::Arena*) /mnt/disk1//projects/doris/be/src/vec/exprs/vectorized_agg_fn.cpp:159:16 #5 0x555e9ed4a9ae in doris::vectorized::AggregationNode::_execute_without_key(doris::vectorized::Block*) /mnt/disk1//projects/doris/be/src/vec/exec/vaggregation_node.cpp:728:9 #6 0x555e9f0b8aee in doris::Status std::__invoke_impl<doris::Status, doris::Status (doris::vectorized::AggregationNode::&)(doris::vectorized::Block), doris::ve ctorized::AggregationNode*&, doris::vectorized::Block*>(std::__invoke_memfun_deref, doris::Status (doris::vectorized::AggregationNode::&)(doris::vectorized::Block) , doris::vectorized::AggregationNode*&, doris::vectorized::Block*&&) /mnt/disk1//projects/ldb_toolchain/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include /c++/11/bits/invoke.h:74:14 #7 0x555e9f0b892f in std::enable_if<is_invocable_r_v<doris::Status, doris::Status (doris::vectorized::AggregationNode::&)(doris::vectorized::Block), doris::vec torized::AggregationNode*&, doris::vectorized::Block*>, doris::Status>::type std::__invoke_r<doris::Status, doris::Status (doris::vectorized::AggregationNode::*&)(do ris::vectorized::Block*), doris::vectorized::AggregationNode*&, doris::vectorized::Block*>(doris::Status (doris::vectorized::AggregationNode::*&)(doris::vectorized:: Block*), doris::vectorized::AggregationNode*&, doris::vectorized::Block*&&) /mnt/disk1//projects/ldb_toolchain/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../ include/c++/11/bits/invoke.h:114:9 #8 0x555e9f0b8868 in doris::Status std::_Bind_result<doris::Status, doris::Status (doris::vectorized::AggregationNode::* (doris::vectorized::AggregationNode*, st d::Placeholder<1>))(doris::vectorized::Block*)>::_call<doris::Status, doris::vectorized::Block*&&, 0ul, 1ul>(std::tuple<doris::vectorized::Block*&&>&&, std::_Index _tuple<0ul, 1ul>) /mnt/disk1//projects/ldb_toolchain/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/functional:570:11 #9 0x555e9f0b86bc in doris::Status std::_Bind_result<doris::Status, doris::Status (doris::vectorized::AggregationNode::* (doris::vectorized::AggregationNode*, st d::_Placeholder<1>))(doris::vectorized::Block*)>::operator()<doris::vectorized::Block*>(doris::vectorized::Block*&&) /mnt/disk1//projects/ldb_toolchain/bin/.. /lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/functional:629:17 #10 0x555e9f0b85a7 in doris::Status std::__invoke_impl<doris::Status, std::_Bind_result<doris::Status, doris::Status (doris::vectorized::AggregationNode::* (dori s::vectorized::AggregationNode*, std::Placeholder<1>))(doris::vectorized::Block*)>&, doris::vectorized::Block*>(std::_invoke_other, std::_Bind_result<doris::Status , doris::Status (doris::vectorized::AggregationNode::* (doris::vectorized::AggregationNode*, std::_Placeholder<1>))(doris::vectorized::Block*)>&, doris::vectorized:: Block*&&) /mnt/disk1//projects/ldb_toolchain/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/invoke.h:61:14 #11 0x555e9f0b8527 in std::enable_if<is_invocable_r_v<doris::Status, std::_Bind_result<doris::Status, doris::Status (doris::vectorized::AggregationNode::* (doris ::vectorized::AggregationNode*, std::Placeholder<1>))(doris::vectorized::Block*)>&, doris::vectorized::Block*>, doris::Status>::type std::_invoke_r<doris::Status, std::_Bind_result<doris::Status, doris::Status (doris::vectorized::AggregationNode::* (doris::vectorized::AggregationNode*, std::_Placeholder<1>))(doris::vectorized: :Block*)>&, doris::vectorized::Block*>(std::_Bind_result<doris::Status, doris::Status (doris::vectorized::AggregationNode::* (doris::vectorized::AggregationNode*, st d::_Placeholder<1>))(doris::vectorized::Block*)>&, doris::vectorized::Block*&&) /mnt/disk1//projects/ldb_toolchain/bin/../lib/gcc/x86_64-linux-gnu/11/../../.. /../include/c++/11/bits/invoke.h:114:9 #12 0x555e9f0b8377 in std::_Function_handler<doris::Status (doris::vectorized::Block*), std::_Bind_result<doris::Status, doris::Status (doris::vectorized::Aggreg ationNode::* (doris::vectorized::AggregationNode*, std::_Placeholder<1>))(doris::vectorized::Block*)>>::_M_invoke(std::_Any_data const&, doris::vectorized::Block*&&) /mnt/disk1//projects/ldb_toolchain/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/std_function.h:291:9 #13 0x555e9efe3033 in std::function<doris::Status (doris::vectorized::Block*)>::operator()(doris::vectorized::Block*) const /mnt/disk1//projects/ldb_toolc hain/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/std_function.h:560:9 #14 0x555e9ed555c6 in doris::vectorized::AggregationNode::sink(doris::RuntimeState*, doris::vectorized::Block*, bool) /mnt/disk1//projects/doris/be/src/ve c/exec/vaggregation_node.cpp:570:9 #15 0x555e9ed55163 in doris::vectorized::AggregationNode::open(doris::RuntimeState*) /mnt/disk1//projects/doris/be/src/vec/exec/vaggregation_node.cpp:508: 9 #16 0x555e97f0cea0 in doris::PlanFragmentExecutor::open_vectorized_internal() /mnt/disk1//projects/doris/be/src/runtime/plan_fragment_executor.cpp:280:9 #17 0x555e97f0bd4b in doris::PlanFragmentExecutor::open() /mnt/disk1//projects/doris/be/src/runtime/plan_fragment_executor.cpp:242:14 #18 0x555e97e62917 in doris::FragmentExecState::execute() /mnt/disk1//projects/doris/be/src/runtime/fragment_mgr.cpp:228:31 #19 0x555e97e6c7d2 in doris::FragmentMgr::_exec_actual(std::shared_ptr<doris::FragmentExecState>, std::function<void (doris::RuntimeState*, doris::Status*)> cons t&) /mnt/disk1//projects/doris/be/src/runtime/fragment_mgr.cpp:493:29 #20 0x555e97e8892b in doris::FragmentMgr::exec_plan_fragment(doris::TExecPlanFragmentParams const&, std::function<void (doris::RuntimeState*, doris::Status*)> co nst&)::$_3::operator()() const /mnt/disk1//projects/doris/be/src/runtime/fragment_mgr.cpp:726:21 #21 0x555e97e887e4 in void std::__invoke_impl<void, doris::FragmentMgr::exec_plan_fragment(doris::TExecPlanFragmentParams const&, std::function<void (doris::Runt imeState*, doris::Status*)> const&)::$3&>(std::_invoke_other, doris::FragmentMgr::exec_plan_fragment(doris::TExecPlanFragmentParams const&, std::function<void (dor is::RuntimeState*, doris::Status*)> const&)::$_3&) /mnt/disk1//projects/ldb_toolchain/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/invok e.h:61:14 #22 0x555e97e88784 in std::enable_if<is_invocable_r_v<void, doris::FragmentMgr::exec_plan_fragment(doris::TExecPlanFragmentParams const&, std::function<void (dor is::RuntimeState*, doris::Status*)> const&)::$3&>, void>::type std::_invoke_r<void, doris::FragmentMgr::exec_plan_fragment(doris::TExecPlanFragmentParams const&, s td::function<void (doris::RuntimeState*, doris::Status*)> const&)::$_3&>(doris::FragmentMgr::exec_plan_fragment(doris::TExecPlanFragmentParams const&, std::function< void (doris::RuntimeState*, doris::Status*)> const&)::$_3&) /mnt/disk1//projects/ldb_toolchain/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/b its/invoke.h:111:2 #23 0x555e97e884ec in std::_Function_handler<void (), doris::FragmentMgr::exec_plan_fragment(doris::TExecPlanFragmentParams const&, std::function<void (doris::Ru ntimeState*, doris::Status*)> const&)::$_3>::_M_invoke(std::_Any_data const&) /mnt/disk1//projects/ldb_toolchain/bin/../lib/gcc/x86_64-linux-gnu/11/../../../. ./include/c++/11/bits/std_function.h:291:9 #24 0x555e96479e82 in std::function<void ()>::operator()() const /mnt/disk1//projects/ldb_toolchain/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include /c++/11/bits/std_function.h:560:9 #25 0x555e986dc2f8 in doris::FunctionRunnable::run() /mnt/disk1//projects/doris/be/src/util/threadpool.cpp:46:27 #26 0x555e986c8fcb in doris::ThreadPool::dispatch_thread() /mnt/disk1//projects/doris/be/src/util/threadpool.cpp:529:24 #27 0x555e986efbc3 in void std::_invoke_impl<void, void (doris::ThreadPool::&)(), doris::ThreadPool&>(std::_invoke_memfun_deref, void (doris::ThreadPool::*&) (), doris::ThreadPool*&) /mnt/disk1//projects/ldb_toolchain/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/invoke.h:74:14 #28 0x555e986efa9c in std::_invoke_result<void (doris::ThreadPool::&)(), doris::ThreadPool&>::type std::_invoke<void (doris::ThreadPool::*&)(), doris::Thread Pool*&>(void (doris::ThreadPool::&)(), doris::ThreadPool&) /mnt/disk1//projects/ldb_toolchain/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/ bits/invoke.h:96:14 #29 0x555e986efa24 in void std::Bind<void (doris::ThreadPool::* (doris::ThreadPool*))()>::_call<void, 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) /mnt/disk1/y uejing/projects/ldb_toolchain/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/functional:420:11 #30 0x555e986ef8cd in void std::_Bind<void (doris::ThreadPool::* (doris::ThreadPool*))()>::operator()<void>() /mnt/disk1//projects/ldb_toolchain/bin/../li b/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/functional:503:17 #31 0x555e986ef7e4 in void std::_invoke_impl<void, std::_Bind<void (doris::ThreadPool::* (doris::ThreadPool*))()>&>(std::_invoke_other, std::_Bind<void (doris: :ThreadPool::* (doris::ThreadPool*))()>&) /mnt/disk1//projects/ldb_toolchain/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/invoke.h:61:14 #32 0x555e986ef784 in std::enable_if<is_invocable_r_v<void, std::Bind<void (doris::ThreadPool::* (doris::ThreadPool*))()>&>, void>::type std::_invoke_r<void, s td::_Bind<void (doris::ThreadPool::* (doris::ThreadPool*))()>&>(std::_Bind<void (doris::ThreadPool::* (doris::ThreadPool*))()>&) /mnt/disk1//projects/ldb_tool chain/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/invoke.h:111:2 #33 0x555e986ef4ac in std::_Function_handler<void (), std::_Bind<void (doris::ThreadPool::* (doris::ThreadPool*))()>>::_M_invoke(std::_Any_data const&) /mnt/disk 1//projects/ldb_toolchain/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/std_function.h:291:9 #34 0x555e96479e82 in std::function<void ()>::operator()() const /mnt/disk1//projects/ldb_toolchain/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include /c++/11/bits/std_function.h:560:9 #35 0x555e986a15de in doris::Thread::supervise_thread(void*) /mnt/disk1//projects/doris/be/src/util/thread.cpp:453:5 #36 0x7fb217340179 in start_thread pthread_create.c #37 0x7fb217bdadf2 in clone (/lib64/libc.so.6+0xfcdf2) (BuildId: 20ee73ce1b6ac38a52440bab82ec7e28f0f5c5b9) 0x604000682878 is located 0 bytes to the right of 40-byte region [0x604000682850,0x604000682878) allocated by thread T448 (FragmentMgrThre) here: #0 0x555e96349ded in operator new(unsigned long) (/mnt/disk1//projects/doris/output/be/lib/doris_be+0x13391ded) (BuildId: 4741c897ddd45e27) #1 0x555e9ebe1980 in COW<doris::vectorized::IColumn>::mutable_ptr<doris::vectorized::ColumnComplexType<doris::BitmapValue>> COWHelper<doris::vectorized::IColumn, doris::vectorized::ColumnComplexType<doris::BitmapValue>>::create<>() /mnt/disk1//projects/doris/be/src/vec/common/cow.h:412:27 #2 0x555e9ebe6169 in doris::vectorized::ColumnComplexType<doris::BitmapValue>::replicate(doris::vectorized::PODArray<unsigned int, 4096ul, Allocator<false, false >, 15ul, 16ul> const&) const /mnt/disk1//projects/doris/be/src/vec/columns/column_complex.h:394:16 #3 0x555e9e625bef in doris::vectorized::ColumnNullable::replicate(doris::vectorized::PODArray<unsigned int, 4096ul, Allocator<false, false>, 15ul, 16ul> const&) const /mnt/disk1//projects/doris/be/src/vec/columns/column_nullable.cpp:536:53 #4 0x555e9e509326 in doris::vectorized::ColumnConst::convert_to_full_column() const /mnt/disk1//projects/doris/be/src/vec/columns/column_const.cpp:48:18 #5 0x555e9e51724f in doris::vectorized::ColumnConst::convert_to_full_column_if_const() const /mnt/disk1//projects/doris/be/src/vec/columns/column_const.h: 49:73 #6 0x555e9f0be5e3 in doris::vectorized::Block::replace_by_position_if_const(unsigned long) /mnt/disk1//projects/doris/be/src/vec/core/block.h:148:42 #7 0x555ea33b9936 in void doris::vectorized::materialize_block_inplace<int*>(doris::vectorized::Block&, int*, int*) /mnt/disk1//projects/doris/be/src/vec/ core/materialize_block.h:35:15 #8 0x555ea33b0a8e in doris::vectorized::AggFnEvaluator::_calc_argment_columns(doris::vectorized::Block*) /mnt/disk1//projects/doris/be/src/vec/exprs/vecto rized_agg_fn.cpp:236:5 #9 0x555ea33b0228 in doris::vectorized::AggFnEvaluator::execute_single_add(doris::vectorized::Block*, char*, doris::vectorized::Arena*) /mnt/disk1//projec ts/doris/be/src/vec/exprs/vectorized_agg_fn.cpp:157:5 #10 0x555e9ed4a9ae in doris::vectorized::AggregationNode::_execute_without_key(doris::vectorized::Block*) /mnt/disk1//projects/doris/be/src/vec/exec/vaggr egation_node.cpp:728:9 #11 0x555e9f0b8aee in doris::Status std::__invoke_impl<doris::Status, doris::Status (doris::vectorized::AggregationNode::&)(doris::vectorized::Block), doris::v ectorized::AggregationNode*&, doris::vectorized::Block*>(std::__invoke_memfun_deref, doris::Status (doris::vectorized::AggregationNode::&)(doris::vectorized::Block ), doris::vectorized::AggregationNode*&, doris::vectorized::Block*&&) /mnt/disk1//projects/ldb_toolchain/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../includ e/c++/11/bits/invoke.h:74:14 #12 0x555e9f0b892f in std::enable_if<is_invocable_r_v<doris::Status, doris::Status (doris::vectorized::AggregationNode::&)(doris::vectorized::Block), doris::ve ctorized::AggregationNode*&, doris::vectorized::Block*>, doris::Status>::type std::__invoke_r<doris::Status, doris::Status (doris::vectorized::AggregationNode::*&)(d oris::vectorized::Block*), doris::vectorized::AggregationNode*&, doris::vectorized::Block*>(doris::Status (doris::vectorized::AggregationNode::*&)(doris::vectorized: :Block*), doris::vectorized::AggregationNode*&, doris::vectorized::Block*&&) /mnt/disk1//projects/ldb_toolchain/bin/../lib/gcc/x86_64-linux-gnu/11/../../../.. /include/c++/11/bits/invoke.h:114:9 #13 0x555e9f0b8868 in doris::Status std::_Bind_result<doris::Status, doris::Status (doris::vectorized::AggregationNode::* (doris::vectorized::AggregationNode*, s td::Placeholder<1>))(doris::vectorized::Block*)>::_call<doris::Status, doris::vectorized::Block*&&, 0ul, 1ul>(std::tuple<doris::vectorized::Block*&&>&&, std::_Inde x_tuple<0ul, 1ul>) /mnt/disk1//projects/ldb_toolchain/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/functional:570:11 #14 0x555e9f0b86bc in doris::Status std::_Bind_result<doris::Status, doris::Status (doris::vectorized::AggregationNode::* (doris::vectorized::AggregationNode*, s td::_Placeholder<1>))(doris::vectorized::Block*)>::operator()<doris::vectorized::Block*>(doris::vectorized::Block*&&) /mnt/disk1//projects/ldb_toolchain/bin/. ./lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/functional:629:17 #15 0x555e9f0b85a7 in doris::Status std::__invoke_impl<doris::Status, std::_Bind_result<doris::Status, doris::Status (doris::vectorized::AggregationNode::* (dori s::vectorized::AggregationNode*, std::Placeholder<1>))(doris::vectorized::Block*)>&, doris::vectorized::Block*>(std::_invoke_other, std::_Bind_result<doris::Status , doris::Status (doris::vectorized::AggregationNode::* (doris::vectorized::AggregationNode*, std::_Placeholder<1>))(doris::vectorized::Block*)>&, doris::vectorized:: Block*&&) /mnt/disk1//projects/ldb_toolchain/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/invoke.h:61:14 #16 0x555e9f0b8527 in std::enable_if<is_invocable_r_v<doris::Status, std::_Bind_result<doris::Status, doris::Status (doris::vectorized::AggregationNode::* (doris ::vectorized::AggregationNode*, std::Placeholder<1>))(doris::vectorized::Block*)>&, doris::vectorized::Block*>, doris::Status>::type std::_invoke_r<doris::Status, std::_Bind_result<doris::Status, doris::Status (doris::vectorized::AggregationNode::* (doris::vectorized::AggregationNode*, std::_Placeholder<1>))(doris::vectorized: :Block*)>&, doris::vectorized::Block*>(std::_Bind_result<doris::Status, doris::Status (doris::vectorized::AggregationNode::* (doris::vectorized::AggregationNode*, st d::_Placeholder<1>))(doris::vectorized::Block*)>&, doris::vectorized::Block*&&) /mnt/disk1//projects/ldb_toolchain/bin/../lib/gcc/x86_64-linux-gnu/11/../../.. /../include/c++/11/bits/invoke.h:114:9 #17 0x555e9f0b8377 in std::_Function_handler<doris::Status (doris::vectorized::Block*), std::_Bind_result<doris::Status, doris::Status (doris::vectorized::Aggreg ationNode::* (doris::vectorized::AggregationNode*, std::_Placeholder<1>))(doris::vectorized::Block*)>>::_M_invoke(std::_Any_data const&, doris::vectorized::Block*&&) /mnt/disk1//projects/ldb_toolchain/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/std_function.h:291:9 #18 0x555e9efe3033 in std::function<doris::Status (doris::vectorized::Block*)>::operator()(doris::vectorized::Block*) const /mnt/disk1//projects/ldb_toolc hain/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/std_function.h:560:9 #19 0x555e9ed555c6 in doris::vectorized::AggregationNode::sink(doris::RuntimeState*, doris::vectorized::Block*, bool) /mnt/disk1//projects/doris/be/src/ve c/exec/vaggregation_node.cpp:570:9 #20 0x555e9ed55163 in doris::vectorized::AggregationNode::open(doris::RuntimeState*) /mnt/disk1//projects/doris/be/src/vec/exec/vaggregation_node.cpp:508: 9 #21 0x555e97f0cea0 in doris::PlanFragmentExecutor::open_vectorized_internal() /mnt/disk1//projects/doris/be/src/runtime/plan_fragment_executor.cpp:280:9 #22 0x555e97f0bd4b in doris::PlanFragmentExecutor::open() /mnt/disk1//projects/doris/be/src/runtime/plan_fragment_executor.cpp:242:14 #23 0x555e97e62917 in doris::FragmentExecState::execute() /mnt/disk1//projects/doris/be/src/runtime/fragment_mgr.cpp:228:31 #24 0x555e97e6c7d2 in doris::FragmentMgr::_exec_actual(std::shared_ptr<doris::FragmentExecState>, std::function<void (doris::RuntimeState*, doris::Status*)> cons t&) /mnt/disk1//projects/doris/be/src/runtime/fragment_mgr.cpp:493:29 #25 0x555e97e8892b in doris::FragmentMgr::exec_plan_fragment(doris::TExecPlanFragmentParams const&, std::function<void (doris::RuntimeState*, doris::Status*)> co nst&)::$_3::operator()() const /mnt/disk1//projects/doris/be/src/runtime/fragment_mgr.cpp:726:21 #26 0x555e97e887e4 in void std::__invoke_impl<void, doris::FragmentMgr::exec_plan_fragment(doris::TExecPlanFragmentParams const&, std::function<void (doris::Runt imeState*, doris::Status*)> const&)::$3&>(std::_invoke_other, doris::FragmentMgr::exec_plan_fragment(doris::TExecPlanFragmentParams const&, std::function<void (dor is::RuntimeState*, doris::Status*)> const&)::$_3&) /mnt/disk1//projects/ldb_toolchain/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/invok e.h:61:14 #27 0x555e97e88784 in std::enable_if<is_invocable_r_v<void, doris::FragmentMgr::exec_plan_fragment(doris::TExecPlanFragmentParams const&, std::function<void (dor is::RuntimeState*, doris::Status*)> const&)::$3&>, void>::type std::_invoke_r<void, doris::FragmentMgr::exec_plan_fragment(doris::TExecPlanFragmentParams const&, s td::function<void (doris::RuntimeState*, doris::Status*)> const&)::$_3&>(doris::FragmentMgr::exec_plan_fragment(doris::TExecPlanFragmentParams const&, std::function< void (doris::RuntimeState*, doris::Status*)> const&)::$_3&) /mnt/disk1//projects/ldb_toolchain/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/b its/invoke.h:111:2 #28 0x555e97e884ec in std::_Function_handler<void (), doris::FragmentMgr::exec_plan_fragment(doris::TExecPlanFragmentParams const&, std::function<void (doris::Ru ntimeState*, doris::Status*)> const&)::$_3>::_M_invoke(std::_Any_data const&) /mnt/disk1//projects/ldb_toolchain/bin/../lib/gcc/x86_64-linux-gnu/11/../../../. ./include/c++/11/bits/std_function.h:291:9 #29 0x555e96479e82 in std::function<void ()>::operator()() const /mnt/disk1//projects/ldb_toolchain/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include /c++/11/bits/std_function.h:560:9 Thread T448 (FragmentMgrThre) created by T0 here: #0 0x555e962f8a9c in pthread_create (/mnt/disk1//projects/doris/output/be/lib/doris_be+0x13340a9c) (BuildId: 4741c897ddd45e27) #1 0x555e986a05e4 in doris::Thread::start_thread(std::_cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::_cxx11::basic_strin g<char, std::char_traits<char>, std::allocator<char>> const&, std::function<void ()> const&, unsigned long, scoped_refptr<doris::Thread>*) /mnt/disk1//project s/doris/be/src/util/thread.cpp:407:15 #2 0x555e986d304d in doris::Status doris::Thread::create<void (doris::ThreadPool::)(), doris::ThreadPool>(std::__cxx11::basic_string<char, std::char_traits<cha r>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, void (doris::ThreadPool::* const&)(), doris: :ThreadPool* const&, scoped_refptr<doris::Thread>*) /mnt/disk1//projects/doris/be/src/util/thread.h:57:16 #3 0x555e986c678d in doris::ThreadPool::create_thread() /mnt/disk1//projects/doris/be/src/util/threadpool.cpp:597:12 #4 0x555e986c626b in doris::ThreadPool::init() /mnt/disk1//projects/doris/be/src/util/threadpool.cpp:257:25 #4 0x555e986c626b in doris::ThreadPool::init() /mnt/disk1//projects/doris/be/src/util/threadpool.cpp:257:25 #5 0x555e9655abc6 in doris::Status doris::ThreadPoolBuilder::build<doris::ThreadPool>(std::unique_ptr<doris::ThreadPool, std::default_delete<doris::ThreadPool>>* ) const /mnt/disk1//projects/doris/be/src/util/threadpool.h:114:13 #6 0x555e97e649c2 in doris::FragmentMgr::FragmentMgr(doris::ExecEnv*) /mnt/disk1//projects/doris/be/src/runtime/fragment_mgr.cpp:294:18 #7 0x555e97c912c7 in doris::ExecEnv::_init(std::vector<doris::StorePath, std::allocator<doris::StorePath>> const&) /mnt/disk1//projects/doris/be/src/runti me/exec_env_init.cpp:124:25 #8 0x555e97c90047 in doris::ExecEnv::init(doris::ExecEnv*, std::vector<doris::StorePath, std::allocator<doris::StorePath>> const&) /mnt/disk1//projects/do ris/be/src/runtime/exec_env_init.cpp:75:17 #9 0x555e96351339 in main /mnt/disk1//projects/doris/be/src/service/doris_main.cpp:438:5 #10 0x7fb217b01492 in __libc_start_main (/lib64/libc.so.6+0x23492) (BuildId: 20ee73ce1b6ac38a52440bab82ec7e28f0f5c5b9) SUMMARY: AddressSanitizer: heap-buffer-overflow /mnt/disk1//projects/doris/be/src/util/bitmap_value.h:1243:21 in doris::BitmapValue::operator|=(doris::BitmapV alue const&) ``` The reason is that function `orthogonal_bitmap_union_count` did not handle nullable type correctly. ## Checklist(Required) * [ ] Does it affect the original behavior * [ ] Has unit tests been added * [ ] Has document been added or modified * [ ] Does it need to update dependencies * [ ] Is this PR support rollback (If NO, please explain WHY) ## Further comments If this is a relatively large or complex change, kick off the discussion at [d...@doris.apache.org](mailto:d...@doris.apache.org) by explaining why you chose the solution you did and what alternatives you considered, etc... -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org For additional commands, e-mail: commits-h...@doris.apache.org
