mapleFU opened a new issue, #46988:
URL: https://github.com/apache/arrow/issues/46988
### Describe the bug, including details regarding any error messages,
version, and platform.
```
==501==ERROR: AddressSanitizer: use-after-poison on address 0x7cb137df615b
at pc 0x58eb88398852 bp 0x7ffdf66bc750 sp 0x7ffdf66bbf10
--
| READ of size 15415454384 at 0x7cb137df615b thread T0
| SCARINESS: 36 (multi-byte-read-use-after-poison)
| #0 0x58eb88398851 in __asan_memcpy
/src/llvm-project/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cpp:63:3
| #1 0x58eb886cffe7 in parquet::(anonymous
namespace)::PlainDecoder<parquet::PhysicalType<(parquet::Type::type)7>>::DecodeArrow(int,
int, unsigned char const*, long, arrow::FixedSizeBinaryBuilder*)
arrow/cpp/src/parquet/decoder.cc:670:3
| #2 0x58eb886990c6 in parquet::internal::(anonymous
namespace)::FLBARecordReader::ReadValuesSpaced(long, long)
arrow/cpp/src/parquet/column_reader.cc:1979:51
| #3 0x58eb8869af79 in parquet::internal::(anonymous
namespace)::TypedRecordReader<parquet::PhysicalType<(parquet::Type::type)7>>::ReadSpacedForOptionalOrRepeated(long,
long*, long*) arrow/cpp/src/parquet/column_reader.cc:1839:5
| #4 0x58eb8869af79 in parquet::internal::(anonymous
namespace)::TypedRecordReader<parquet::PhysicalType<(parquet::Type::type)7>>::ReadOptionalRecords(long,
long*, long*) arrow/cpp/src/parquet/column_reader.cc:1795:7
| #5 0x58eb8869af79 in parquet::internal::(anonymous
namespace)::TypedRecordReader<parquet::PhysicalType<(parquet::Type::type)7>>::ReadRecordData(long)
arrow/cpp/src/parquet/column_reader.cc:1865:22
| #6 0x58eb886939f4 in parquet::internal::(anonymous
namespace)::TypedRecordReader<parquet::PhysicalType<(parquet::Type::type)7>>::ReadRecords(long)
arrow/cpp/src/parquet/column_reader.cc:0
| #7 0x58eb88401fac in parquet::arrow::(anonymous
namespace)::LeafReader::LoadBatch(long)
arrow/cpp/src/parquet/arrow/reader.cc:495:46
| #8 0x58eb883ff7b2 in parquet::arrow::ColumnReaderImpl::NextBatch(long,
std::__1::shared_ptr<arrow::ChunkedArray>*)
arrow/cpp/src/parquet/arrow/reader.cc:110:5
| #9 0x58eb88424e64 in parquet::arrow::(anonymous
namespace)::FileReaderImpl::ReadColumn(int, std::__1::vector<int,
std::__1::allocator<int>> const&, parquet::arrow::ColumnReader*,
std::__1::shared_ptr<arrow::ChunkedArray>*)
arrow/cpp/src/parquet/arrow/reader.cc:286:20
| #10 0x58eb8844f9df in parquet::arrow::(anonymous
namespace)::FileReaderImpl::DecodeRowGroups(std::__1::shared_ptr<parquet::arrow::(anonymous
namespace)::FileReaderImpl>, std::__1::vector<int, std::__1::allocator<int>>
const&, std::__1::vector<int, std::__1::allocator<int>> const&,
arrow::internal::Executor*)::$_0::operator()(unsigned long,
std::__1::shared_ptr<parquet::arrow::ColumnReaderImpl>) const
arrow/cpp/src/parquet/arrow/reader.cc:1282:5
| #11 0x58eb8844f9df in
arrow::Future<std::__1::vector<std::__1::shared_ptr<arrow::ChunkedArray>,
std::__1::allocator<std::__1::shared_ptr<arrow::ChunkedArray>>>>
arrow::internal::OptionalParallelForAsync<parquet::arrow::(anonymous
namespace)::FileReaderImpl::DecodeRowGroups(std::__1::shared_ptr<parquet::arrow::(anonymous
namespace)::FileReaderImpl>, std::__1::vector<int, std::__1::allocator<int>>
const&, std::__1::vector<int, std::__1::allocator<int>> const&,
arrow::internal::Executor*)::$_0&,
std::__1::shared_ptr<parquet::arrow::ColumnReaderImpl>,
std::__1::shared_ptr<arrow::ChunkedArray>>(bool,
std::__1::vector<std::__1::shared_ptr<parquet::arrow::ColumnReaderImpl>,
std::__1::allocator<std::__1::shared_ptr<parquet::arrow::ColumnReaderImpl>>>,
parquet::arrow::(anonymous
namespace)::FileReaderImpl::DecodeRowGroups(std::__1::shared_ptr<parquet::arrow::(anonymous
namespace)::FileReaderImpl>, std::__1::vector<int, std::__1::allocator<int>>
const&, std::__1::vector<int, std::__1::
allocator<int>> const&, arrow::internal::Executor*)::$_0&,
arrow::internal::Executor*, arrow::internal::TaskHints)
arrow/cpp/src/arrow/util/parallel.h:97:7
| #12 0x58eb8844f9df in parquet::arrow::(anonymous
namespace)::FileReaderImpl::DecodeRowGroups(std::__1::shared_ptr<parquet::arrow::(anonymous
namespace)::FileReaderImpl>, std::__1::vector<int, std::__1::allocator<int>>
const&, std::__1::vector<int, std::__1::allocator<int>> const&,
arrow::internal::Executor*) arrow/cpp/src/parquet/arrow/reader.cc:1300:10
| #13 0x58eb883f2221 in parquet::arrow::(anonymous
namespace)::FileReaderImpl::ReadRowGroups(std::__1::vector<int,
std::__1::allocator<int>> const&, std::__1::vector<int,
std::__1::allocator<int>> const&, std::__1::shared_ptr<arrow::Table>*)
arrow/cpp/src/parquet/arrow/reader.cc:1261:14
| #14 0x58eb883f17e0 in parquet::arrow::(anonymous
namespace)::FileReaderImpl::ReadRowGroup(int, std::__1::vector<int,
std::__1::allocator<int>> const&, std::__1::shared_ptr<arrow::Table>*)
arrow/cpp/src/parquet/arrow/reader.cc:323:12
| #15 0x58eb883f1cba in parquet::arrow::(anonymous
namespace)::FileReaderImpl::ReadRowGroup(int,
std::__1::shared_ptr<arrow::Table>*)
arrow/cpp/src/parquet/arrow/reader.cc:327:12
| #16 0x58eb883e21e8 in
parquet::arrow::internal::FuzzReader(std::__1::unique_ptr<parquet::arrow::FileReader,
std::__1::default_delete<parquet::arrow::FileReader>>)
arrow/cpp/src/parquet/arrow/reader.cc:1408:37
| #17 0x58eb883e35a6 in parquet::arrow::internal::FuzzReader(unsigned char
const*, long) arrow/cpp/src/parquet/arrow/reader.cc:1433:11
| #18 0x58eb883da8b0 in LLVMFuzzerTestOneInput
arrow/cpp/src/parquet/arrow/fuzz.cc:22:17
| #19 0x58eb883da529 in LLVMFuzzerRunDriver
/src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:423:13
| #20 0x58eb883da14d in main
/src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:311:10
| #21 0x7cb13a8e1082 in __libc_start_main
/build/glibc-LcI20x/glibc-2.31/csu/libc-start.c:308:16
| #22 0x58eb8830194d in _start
|
| 0x7cb137df615b is located 5595 bytes after 32232313728-byte region
[0x7ca9b6ad3800,0x7cb137df4b80)
| allocated by thread T0 here:
| #0 0x58eb8839b407 in ___interceptor_posix_memalign
/src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:142:3
| #1 0x58eb8a03e1d7 in arrow::(anonymous
namespace)::SystemAllocator::AllocateAligned(long, long, unsigned char**)
arrow/cpp/src/arrow/memory_pool.cc:323:9
| #2 0x58eb8a03430d in arrow::BaseMemoryPoolImpl<arrow::(anonymous
namespace)::SystemAllocator>::Allocate(long, long, unsigned char**)
arrow/cpp/src/arrow/memory_pool.cc:473:5
| #3 0x58eb8a03c7f0 in arrow::PoolBuffer::Reserve(long)
arrow/cpp/src/arrow/memory_pool.cc:893:9
| #4 0x58eb8a03b9be in arrow::PoolBuffer::Resize(long, bool)
arrow/cpp/src/arrow/memory_pool.cc:917:7
| #5 0x58eb8a033d2c in
arrow::Result<std::__1::unique_ptr<arrow::ResizableBuffer,
std::__1::default_delete<arrow::ResizableBuffer>>> arrow::(anonymous
namespace)::ResizePoolBuffer<std::__1::unique_ptr<arrow::ResizableBuffer,
std::__1::default_delete<arrow::ResizableBuffer>>,
std::__1::unique_ptr<arrow::PoolBuffer,
std::__1::default_delete<arrow::PoolBuffer>>>(std::__1::unique_ptr<arrow::PoolBuffer,
std::__1::default_delete<arrow::PoolBuffer>>&&, long)
arrow/cpp/src/arrow/memory_pool.cc:964:3
| #6 0x58eb8a033d2c in arrow::AllocateResizableBuffer(long, long,
arrow::MemoryPool*) arrow/cpp/src/arrow/memory_pool.cc:990:10
| #7 0x58eb885d7d40 in arrow::BufferBuilder::Resize(long, bool)
arrow/cpp/src/arrow/buffer_builder.h:78:7
| #8 0x58eb894fae88 in arrow::FixedSizeBinaryBuilder::Resize(long)
arrow/cpp/src/arrow/array/builder_binary.cc:165:3
| #9 0x58eb886cfeb9 in arrow::ArrayBuilder::Reserve(long)
arrow/cpp/src/arrow/array/builder_base.h:145:12
| #10 0x58eb886cfeb9 in parquet::(anonymous
namespace)::PlainDecoder<parquet::PhysicalType<(parquet::Type::type)7>>::DecodeArrow(int,
int, unsigned char const*, long, arrow::FixedSizeBinaryBuilder*)
arrow/cpp/src/parquet/decoder.cc:666:3
| #11 0x58eb886990c6 in parquet::internal::(anonymous
namespace)::FLBARecordReader::ReadValuesSpaced(long, long)
arrow/cpp/src/parquet/column_reader.cc:1979:51
| #12 0x58eb8869af79 in parquet::internal::(anonymous
namespace)::TypedRecordReader<parquet::PhysicalType<(parquet::Type::type)7>>::ReadSpacedForOptionalOrRepeated(long,
long*, long*) arrow/cpp/src/parquet/column_reader.cc:1839:5
| #13 0x58eb8869af79 in parquet::internal::(anonymous
namespace)::TypedRecordReader<parquet::PhysicalType<(parquet::Type::type)7>>::ReadOptionalRecords(long,
long*, long*) arrow/cpp/src/parquet/column_reader.cc:1795:7
| #14 0x58eb8869af79 in parquet::internal::(anonymous
namespace)::TypedRecordReader<parquet::PhysicalType<(parquet::Type::type)7>>::ReadRecordData(long)
arrow/cpp/src/parquet/column_reader.cc:1865:22
| #15 0x58eb886939f4 in parquet::internal::(anonymous
namespace)::TypedRecordReader<parquet::PhysicalType<(parquet::Type::type)7>>::ReadRecords(long)
arrow/cpp/src/parquet/column_reader.cc:0
| #16 0x58eb88401fac in parquet::arrow::(anonymous
namespace)::LeafReader::LoadBatch(long)
arrow/cpp/src/parquet/arrow/reader.cc:495:46
| #17 0x58eb883ff7b2 in parquet::arrow::ColumnReaderImpl::NextBatch(long,
std::__1::shared_ptr<arrow::ChunkedArray>*)
arrow/cpp/src/parquet/arrow/reader.cc:110:5
| #18 0x58eb88424e64 in parquet::arrow::(anonymous
namespace)::FileReaderImpl::ReadColumn(int, std::__1::vector<int,
std::__1::allocator<int>> const&, parquet::arrow::ColumnReader*,
std::__1::shared_ptr<arrow::ChunkedArray>*)
arrow/cpp/src/parquet/arrow/reader.cc:286:20
| #19 0x58eb8844f9df in parquet::arrow::(anonymous
namespace)::FileReaderImpl::DecodeRowGroups(std::__1::shared_ptr<parquet::arrow::(anonymous
namespace)::FileReaderImpl>, std::__1::vector<int, std::__1::allocator<int>>
const&, std::__1::vector<int, std::__1::allocator<int>> const&,
arrow::internal::Executor*)::$_0::operator()(unsigned long,
std::__1::shared_ptr<parquet::arrow::ColumnReaderImpl>) const
arrow/cpp/src/parquet/arrow/reader.cc:1282:5
| #20 0x58eb8844f9df in
arrow::Future<std::__1::vector<std::__1::shared_ptr<arrow::ChunkedArray>,
std::__1::allocator<std::__1::shared_ptr<arrow::ChunkedArray>>>>
arrow::internal::OptionalParallelForAsync<parquet::arrow::(anonymous
namespace)::FileReaderImpl::DecodeRowGroups(std::__1::shared_ptr<parquet::arrow::(anonymous
namespace)::FileReaderImpl>, std::__1::vector<int, std::__1::allocator<int>>
const&, std::__1::vector<int, std::__1::allocator<int>> const&,
arrow::internal::Executor*)::$_0&,
std::__1::shared_ptr<parquet::arrow::ColumnReaderImpl>,
std::__1::shared_ptr<arrow::ChunkedArray>>(bool,
std::__1::vector<std::__1::shared_ptr<parquet::arrow::ColumnReaderImpl>,
std::__1::allocator<std::__1::shared_ptr<parquet::arrow::ColumnReaderImpl>>>,
parquet::arrow::(anonymous
namespace)::FileReaderImpl::DecodeRowGroups(std::__1::shared_ptr<parquet::arrow::(anonymous
namespace)::FileReaderImpl>, std::__1::vector<int, std::__1::allocator<int>>
const&, std::__1::vector<int, std::__1::
allocator<int>> const&, arrow::internal::Executor*)::$_0&,
arrow::internal::Executor*, arrow::internal::TaskHints)
arrow/cpp/src/arrow/util/parallel.h:97:7
| #21 0x58eb8844f9df in parquet::arrow::(anonymous
namespace)::FileReaderImpl::DecodeRowGroups(std::__1::shared_ptr<parquet::arrow::(anonymous
namespace)::FileReaderImpl>, std::__1::vector<int, std::__1::allocator<int>>
const&, std::__1::vector<int, std::__1::allocator<int>> const&,
arrow::internal::Executor*) arrow/cpp/src/parquet/arrow/reader.cc:1300:10
| #22 0x58eb883f2221 in parquet::arrow::(anonymous
namespace)::FileReaderImpl::ReadRowGroups(std::__1::vector<int,
std::__1::allocator<int>> const&, std::__1::vector<int,
std::__1::allocator<int>> const&, std::__1::shared_ptr<arrow::Table>*)
arrow/cpp/src/parquet/arrow/reader.cc:1261:14
| #23 0x58eb883f17e0 in parquet::arrow::(anonymous
namespace)::FileReaderImpl::ReadRowGroup(int, std::__1::vector<int,
std::__1::allocator<int>> const&, std::__1::shared_ptr<arrow::Table>*)
arrow/cpp/src/parquet/arrow/reader.cc:323:12
| #24 0x58eb883f1cba in parquet::arrow::(anonymous
namespace)::FileReaderImpl::ReadRowGroup(int,
std::__1::shared_ptr<arrow::Table>*)
arrow/cpp/src/parquet/arrow/reader.cc:327:12
| #25 0x58eb883e21e8 in
parquet::arrow::internal::FuzzReader(std::__1::unique_ptr<parquet::arrow::FileReader,
std::__1::default_delete<parquet::arrow::FileReader>>)
arrow/cpp/src/parquet/arrow/reader.cc:1408:37
| #26 0x58eb883e35a6 in parquet::arrow::internal::FuzzReader(unsigned char
const*, long) arrow/cpp/src/parquet/arrow/reader.cc:1433:11
| #27 0x58eb883da8b0 in LLVMFuzzerTestOneInput
arrow/cpp/src/parquet/arrow/fuzz.cc:22:17
| #28 0x58eb883da529 in LLVMFuzzerRunDriver
/src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:423:13
|
| SUMMARY: AddressSanitizer: use-after-poison
(/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_arrow_e29c872a699461cda988a0933f4bebaeaafdc12a/revisions/parquet-arrow-fuzz+0x1f1851)
| Shadow bytes around the buggy address:
| 0x7cb137df5e80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
| 0x7cb137df5f00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
| 0x7cb137df5f80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
| 0x7cb137df6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
| 0x7cb137df6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
| =>0x7cb137df6100: 00 00 00 00 00 00 00 00 00 00 00[03]f7 f7 f7 f7
| 0x7cb137df6180: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
| 0x7cb137df6200: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
| 0x7cb137df6280: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
| 0x7cb137df6300: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
| 0x7cb137df6380: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
| Shadow byte legend (one shadow byte represents 8 application bytes):
| Addressable: 00
| Partially addressable: 01 02 03 04 05 06 07
| Heap left redzone: fa
| Freed heap region: fd
| Stack left redzone: f1
| Stack mid redzone: f2
| Stack right redzone: f3
| Stack after return: f5
| Stack use after scope: f8
| Global redzone: f9
| Global init order: f6
| Poisoned by user: f7
| Container overflow: fc
| Array cookie: ac
| Intra object redzone: bb
| ASan internal: fe
| Left alloca redzone: ca
| Right alloca redzone: cb
| ==501==ABORTING
|
<br class="Apple-interchange-newline">==501==ERROR: AddressSanitizer:
use-after-poison on address 0x7cb137df615b at pc 0x58eb88398852 bp
0x7ffdf66bc750 sp 0x7ffdf66bbf10
READ of size 15415454384 at 0x7cb137df615b thread T0
SCARINESS: 36 (multi-byte-read-use-after-poison)
#0 0x58eb88398851 in __asan_memcpy
/src/llvm-project/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cpp:63:3
#1 0x58eb886cffe7 in parquet::(anonymous
namespace)::PlainDecoder<parquet::PhysicalType<(parquet::Type::type)7>>::DecodeArrow(int,
int, unsigned char const*, long, arrow::FixedSizeBinaryBuilder*)
[arrow/cpp/src/parquet/decoder.cc:670](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/parquet/decoder.cc#L670):3
#2 0x58eb886990c6 in parquet::internal::(anonymous
namespace)::FLBARecordReader::ReadValuesSpaced(long, long)
[arrow/cpp/src/parquet/column_reader.cc:1979](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/parquet/column_reader.cc#L1979):51
#3 0x58eb8869af79 in parquet::internal::(anonymous
namespace)::TypedRecordReader<parquet::PhysicalType<(parquet::Type::type)7>>::ReadSpacedForOptionalOrRepeated(long,
long*, long*)
[arrow/cpp/src/parquet/column_reader.cc:1839](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/parquet/column_reader.cc#L1839):5
#4 0x58eb8869af79 in parquet::internal::(anonymous
namespace)::TypedRecordReader<parquet::PhysicalType<(parquet::Type::type)7>>::ReadOptionalRecords(long,
long*, long*)
[arrow/cpp/src/parquet/column_reader.cc:1795](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/parquet/column_reader.cc#L1795):7
#5 0x58eb8869af79 in parquet::internal::(anonymous
namespace)::TypedRecordReader<parquet::PhysicalType<(parquet::Type::type)7>>::ReadRecordData(long)
[arrow/cpp/src/parquet/column_reader.cc:1865](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/parquet/column_reader.cc#L1865):22
#6 0x58eb886939f4 in parquet::internal::(anonymous
namespace)::TypedRecordReader<parquet::PhysicalType<(parquet::Type::type)7>>::ReadRecords(long)
[arrow/cpp/src/parquet/column_reader.cc:0](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/parquet/column_reader.cc#L0)
#7 0x58eb88401fac in parquet::arrow::(anonymous
namespace)::LeafReader::LoadBatch(long)
[arrow/cpp/src/parquet/arrow/reader.cc:495](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/parquet/arrow/reader.cc#L495):46
#8 0x58eb883ff7b2 in parquet::arrow::ColumnReaderImpl::NextBatch(long,
std::__1::shared_ptr<arrow::ChunkedArray>*)
[arrow/cpp/src/parquet/arrow/reader.cc:110](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/parquet/arrow/reader.cc#L110):5
#9 0x58eb88424e64 in parquet::arrow::(anonymous
namespace)::FileReaderImpl::ReadColumn(int, std::__1::vector<int,
std::__1::allocator<int>> const&, parquet::arrow::ColumnReader*,
std::__1::shared_ptr<arrow::ChunkedArray>*)
[arrow/cpp/src/parquet/arrow/reader.cc:286](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/parquet/arrow/reader.cc#L286):20
#10 0x58eb8844f9df in parquet::arrow::(anonymous
namespace)::FileReaderImpl::DecodeRowGroups(std::__1::shared_ptr<parquet::arrow::(anonymous
namespace)::FileReaderImpl>, std::__1::vector<int, std::__1::allocator<int>>
const&, std::__1::vector<int, std::__1::allocator<int>> const&,
arrow::internal::Executor*)::$_0::operator()(unsigned long,
std::__1::shared_ptr<parquet::arrow::ColumnReaderImpl>) const
[arrow/cpp/src/parquet/arrow/reader.cc:1282](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/parquet/arrow/reader.cc#L1282):5
#11 0x58eb8844f9df in
arrow::Future<std::__1::vector<std::__1::shared_ptr<arrow::ChunkedArray>,
std::__1::allocator<std::__1::shared_ptr<arrow::ChunkedArray>>>>
arrow::internal::OptionalParallelForAsync<parquet::arrow::(anonymous
namespace)::FileReaderImpl::DecodeRowGroups(std::__1::shared_ptr<parquet::arrow::(anonymous
namespace)::FileReaderImpl>, std::__1::vector<int, std::__1::allocator<int>>
const&, std::__1::vector<int, std::__1::allocator<int>> const&,
arrow::internal::Executor*)::$_0&,
std::__1::shared_ptr<parquet::arrow::ColumnReaderImpl>,
std::__1::shared_ptr<arrow::ChunkedArray>>(bool,
std::__1::vector<std::__1::shared_ptr<parquet::arrow::ColumnReaderImpl>,
std::__1::allocator<std::__1::shared_ptr<parquet::arrow::ColumnReaderImpl>>>,
parquet::arrow::(anonymous
namespace)::FileReaderImpl::DecodeRowGroups(std::__1::shared_ptr<parquet::arrow::(anonymous
namespace)::FileReaderImpl>, std::__1::vector<int, std::__1::allocator<int>>
const&, std::__1::vector<int, std::__1::a
llocator<int>> const&, arrow::internal::Executor*)::$_0&,
arrow::internal::Executor*, arrow::internal::TaskHints)
[arrow/cpp/src/arrow/util/parallel.h:97](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/arrow/util/parallel.h#L97):7
#12 0x58eb8844f9df in parquet::arrow::(anonymous
namespace)::FileReaderImpl::DecodeRowGroups(std::__1::shared_ptr<parquet::arrow::(anonymous
namespace)::FileReaderImpl>, std::__1::vector<int, std::__1::allocator<int>>
const&, std::__1::vector<int, std::__1::allocator<int>> const&,
arrow::internal::Executor*)
[arrow/cpp/src/parquet/arrow/reader.cc:1300](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/parquet/arrow/reader.cc#L1300):10
#13 0x58eb883f2221 in parquet::arrow::(anonymous
namespace)::FileReaderImpl::ReadRowGroups(std::__1::vector<int,
std::__1::allocator<int>> const&, std::__1::vector<int,
std::__1::allocator<int>> const&, std::__1::shared_ptr<arrow::Table>*)
[arrow/cpp/src/parquet/arrow/reader.cc:1261](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/parquet/arrow/reader.cc#L1261):14
#14 0x58eb883f17e0 in parquet::arrow::(anonymous
namespace)::FileReaderImpl::ReadRowGroup(int, std::__1::vector<int,
std::__1::allocator<int>> const&, std::__1::shared_ptr<arrow::Table>*)
[arrow/cpp/src/parquet/arrow/reader.cc:323](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/parquet/arrow/reader.cc#L323):12
#15 0x58eb883f1cba in parquet::arrow::(anonymous
namespace)::FileReaderImpl::ReadRowGroup(int,
std::__1::shared_ptr<arrow::Table>*)
[arrow/cpp/src/parquet/arrow/reader.cc:327](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/parquet/arrow/reader.cc#L327):12
#16 0x58eb883e21e8 in
parquet::arrow::internal::FuzzReader(std::__1::unique_ptr<parquet::arrow::FileReader,
std::__1::default_delete<parquet::arrow::FileReader>>)
[arrow/cpp/src/parquet/arrow/reader.cc:1408](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/parquet/arrow/reader.cc#L1408):37
#17 0x58eb883e35a6 in parquet::arrow::internal::FuzzReader(unsigned char
const*, long)
[arrow/cpp/src/parquet/arrow/reader.cc:1433](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/parquet/arrow/reader.cc#L1433):11
#18 0x58eb883da8b0 in LLVMFuzzerTestOneInput
[arrow/cpp/src/parquet/arrow/fuzz.cc:22](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/parquet/arrow/fuzz.cc#L22):17
#19 0x58eb883da529 in LLVMFuzzerRunDriver
/src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:423:13
#20 0x58eb883da14d in main
/src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:311:10
#21 0x7cb13a8e1082 in __libc_start_main
/build/glibc-LcI20x/glibc-2.31/csu/libc-start.c:308:16
#22 0x58eb8830194d in _start
0x7cb137df615b is located 5595 bytes after 32232313728-byte region
[0x7ca9b6ad3800,0x7cb137df4b80)
allocated by thread T0 here:
#0 0x58eb8839b407 in ___interceptor_posix_memalign
/src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:142:3
#1 0x58eb8a03e1d7 in arrow::(anonymous
namespace)::SystemAllocator::AllocateAligned(long, long, unsigned char**)
[arrow/cpp/src/arrow/memory_pool.cc:323](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/arrow/memory_pool.cc#L323):9
#2 0x58eb8a03430d in arrow::BaseMemoryPoolImpl<arrow::(anonymous
namespace)::SystemAllocator>::Allocate(long, long, unsigned char**)
[arrow/cpp/src/arrow/memory_pool.cc:473](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/arrow/memory_pool.cc#L473):5
#3 0x58eb8a03c7f0 in arrow::PoolBuffer::Reserve(long)
[arrow/cpp/src/arrow/memory_pool.cc:893](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/arrow/memory_pool.cc#L893):9
#4 0x58eb8a03b9be in arrow::PoolBuffer::Resize(long, bool)
[arrow/cpp/src/arrow/memory_pool.cc:917](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/arrow/memory_pool.cc#L917):7
#5 0x58eb8a033d2c in
arrow::Result<std::__1::unique_ptr<arrow::ResizableBuffer,
std::__1::default_delete<arrow::ResizableBuffer>>> arrow::(anonymous
namespace)::ResizePoolBuffer<std::__1::unique_ptr<arrow::ResizableBuffer,
std::__1::default_delete<arrow::ResizableBuffer>>,
std::__1::unique_ptr<arrow::PoolBuffer,
std::__1::default_delete<arrow::PoolBuffer>>>(std::__1::unique_ptr<arrow::PoolBuffer,
std::__1::default_delete<arrow::PoolBuffer>>&&, long)
[arrow/cpp/src/arrow/memory_pool.cc:964](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/arrow/memory_pool.cc#L964):3
#6 0x58eb8a033d2c in arrow::AllocateResizableBuffer(long, long,
arrow::MemoryPool*)
[arrow/cpp/src/arrow/memory_pool.cc:990](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/arrow/memory_pool.cc#L990):10
#7 0x58eb885d7d40 in arrow::BufferBuilder::Resize(long, bool)
[arrow/cpp/src/arrow/buffer_builder.h:78](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/arrow/buffer_builder.h#L78):7
#8 0x58eb894fae88 in arrow::FixedSizeBinaryBuilder::Resize(long)
[arrow/cpp/src/arrow/array/builder_binary.cc:165](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/arrow/array/builder_binary.cc#L165):3
#9 0x58eb886cfeb9 in arrow::ArrayBuilder::Reserve(long)
[arrow/cpp/src/arrow/array/builder_base.h:145](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/arrow/array/builder_base.h#L145):12
#10 0x58eb886cfeb9 in parquet::(anonymous
namespace)::PlainDecoder<parquet::PhysicalType<(parquet::Type::type)7>>::DecodeArrow(int,
int, unsigned char const*, long, arrow::FixedSizeBinaryBuilder*)
[arrow/cpp/src/parquet/decoder.cc:666](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/parquet/decoder.cc#L666):3
#11 0x58eb886990c6 in parquet::internal::(anonymous
namespace)::FLBARecordReader::ReadValuesSpaced(long, long)
[arrow/cpp/src/parquet/column_reader.cc:1979](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/parquet/column_reader.cc#L1979):51
#12 0x58eb8869af79 in parquet::internal::(anonymous
namespace)::TypedRecordReader<parquet::PhysicalType<(parquet::Type::type)7>>::ReadSpacedForOptionalOrRepeated(long,
long*, long*)
[arrow/cpp/src/parquet/column_reader.cc:1839](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/parquet/column_reader.cc#L1839):5
#13 0x58eb8869af79 in parquet::internal::(anonymous
namespace)::TypedRecordReader<parquet::PhysicalType<(parquet::Type::type)7>>::ReadOptionalRecords(long,
long*, long*)
[arrow/cpp/src/parquet/column_reader.cc:1795](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/parquet/column_reader.cc#L1795):7
#14 0x58eb8869af79 in parquet::internal::(anonymous
namespace)::TypedRecordReader<parquet::PhysicalType<(parquet::Type::type)7>>::ReadRecordData(long)
[arrow/cpp/src/parquet/column_reader.cc:1865](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/parquet/column_reader.cc#L1865):22
#15 0x58eb886939f4 in parquet::internal::(anonymous
namespace)::TypedRecordReader<parquet::PhysicalType<(parquet::Type::type)7>>::ReadRecords(long)
[arrow/cpp/src/parquet/column_reader.cc:0](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/parquet/column_reader.cc#L0)
#16 0x58eb88401fac in parquet::arrow::(anonymous
namespace)::LeafReader::LoadBatch(long)
[arrow/cpp/src/parquet/arrow/reader.cc:495](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/parquet/arrow/reader.cc#L495):46
#17 0x58eb883ff7b2 in parquet::arrow::ColumnReaderImpl::NextBatch(long,
std::__1::shared_ptr<arrow::ChunkedArray>*)
[arrow/cpp/src/parquet/arrow/reader.cc:110](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/parquet/arrow/reader.cc#L110):5
#18 0x58eb88424e64 in parquet::arrow::(anonymous
namespace)::FileReaderImpl::ReadColumn(int, std::__1::vector<int,
std::__1::allocator<int>> const&, parquet::arrow::ColumnReader*,
std::__1::shared_ptr<arrow::ChunkedArray>*)
[arrow/cpp/src/parquet/arrow/reader.cc:286](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/parquet/arrow/reader.cc#L286):20
#19 0x58eb8844f9df in parquet::arrow::(anonymous
namespace)::FileReaderImpl::DecodeRowGroups(std::__1::shared_ptr<parquet::arrow::(anonymous
namespace)::FileReaderImpl>, std::__1::vector<int, std::__1::allocator<int>>
const&, std::__1::vector<int, std::__1::allocator<int>> const&,
arrow::internal::Executor*)::$_0::operator()(unsigned long,
std::__1::shared_ptr<parquet::arrow::ColumnReaderImpl>) const
[arrow/cpp/src/parquet/arrow/reader.cc:1282](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/parquet/arrow/reader.cc#L1282):5
#20 0x58eb8844f9df in
arrow::Future<std::__1::vector<std::__1::shared_ptr<arrow::ChunkedArray>,
std::__1::allocator<std::__1::shared_ptr<arrow::ChunkedArray>>>>
arrow::internal::OptionalParallelForAsync<parquet::arrow::(anonymous
namespace)::FileReaderImpl::DecodeRowGroups(std::__1::shared_ptr<parquet::arrow::(anonymous
namespace)::FileReaderImpl>, std::__1::vector<int, std::__1::allocator<int>>
const&, std::__1::vector<int, std::__1::allocator<int>> const&,
arrow::internal::Executor*)::$_0&,
std::__1::shared_ptr<parquet::arrow::ColumnReaderImpl>,
std::__1::shared_ptr<arrow::ChunkedArray>>(bool,
std::__1::vector<std::__1::shared_ptr<parquet::arrow::ColumnReaderImpl>,
std::__1::allocator<std::__1::shared_ptr<parquet::arrow::ColumnReaderImpl>>>,
parquet::arrow::(anonymous
namespace)::FileReaderImpl::DecodeRowGroups(std::__1::shared_ptr<parquet::arrow::(anonymous
namespace)::FileReaderImpl>, std::__1::vector<int, std::__1::allocator<int>>
const&, std::__1::vector<int, std::__1::a
llocator<int>> const&, arrow::internal::Executor*)::$_0&,
arrow::internal::Executor*, arrow::internal::TaskHints)
[arrow/cpp/src/arrow/util/parallel.h:97](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/arrow/util/parallel.h#L97):7
#21 0x58eb8844f9df in parquet::arrow::(anonymous
namespace)::FileReaderImpl::DecodeRowGroups(std::__1::shared_ptr<parquet::arrow::(anonymous
namespace)::FileReaderImpl>, std::__1::vector<int, std::__1::allocator<int>>
const&, std::__1::vector<int, std::__1::allocator<int>> const&,
arrow::internal::Executor*)
[arrow/cpp/src/parquet/arrow/reader.cc:1300](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/parquet/arrow/reader.cc#L1300):10
#22 0x58eb883f2221 in parquet::arrow::(anonymous
namespace)::FileReaderImpl::ReadRowGroups(std::__1::vector<int,
std::__1::allocator<int>> const&, std::__1::vector<int,
std::__1::allocator<int>> const&, std::__1::shared_ptr<arrow::Table>*)
[arrow/cpp/src/parquet/arrow/reader.cc:1261](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/parquet/arrow/reader.cc#L1261):14
#23 0x58eb883f17e0 in parquet::arrow::(anonymous
namespace)::FileReaderImpl::ReadRowGroup(int, std::__1::vector<int,
std::__1::allocator<int>> const&, std::__1::shared_ptr<arrow::Table>*)
[arrow/cpp/src/parquet/arrow/reader.cc:323](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/parquet/arrow/reader.cc#L323):12
#24 0x58eb883f1cba in parquet::arrow::(anonymous
namespace)::FileReaderImpl::ReadRowGroup(int,
std::__1::shared_ptr<arrow::Table>*)
[arrow/cpp/src/parquet/arrow/reader.cc:327](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/parquet/arrow/reader.cc#L327):12
#25 0x58eb883e21e8 in
parquet::arrow::internal::FuzzReader(std::__1::unique_ptr<parquet::arrow::FileReader,
std::__1::default_delete<parquet::arrow::FileReader>>)
[arrow/cpp/src/parquet/arrow/reader.cc:1408](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/parquet/arrow/reader.cc#L1408):37
#26 0x58eb883e35a6 in parquet::arrow::internal::FuzzReader(unsigned char
const*, long)
[arrow/cpp/src/parquet/arrow/reader.cc:1433](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/parquet/arrow/reader.cc#L1433):11
#27 0x58eb883da8b0 in LLVMFuzzerTestOneInput
[arrow/cpp/src/parquet/arrow/fuzz.cc:22](https://github.com/apache/arrow/blob/f3fc2975604d09355de3e3de9e1a4414b45ad3c3/cpp/src/parquet/arrow/fuzz.cc#L22):17
#28 0x58eb883da529 in LLVMFuzzerRunDriver
/src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:423:13
SUMMARY: AddressSanitizer: use-after-poison
(/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_arrow_e29c872a699461cda988a0933f4bebaeaafdc12a/revisions/parquet-arrow-fuzz+0x1f1851)
Shadow bytes around the buggy address:
0x7cb137df5e80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x7cb137df5f00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x7cb137df5f80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x7cb137df6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7cb137df6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x7cb137df6100: 00 00 00 00 00 00 00 00 00 00 00[03]f7 f7 f7 f7
0x7cb137df6180: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
0x7cb137df6200: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
0x7cb137df6280: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
0x7cb137df6300: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
0x7cb137df6380: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==501==ABORTING
```
### Component(s)
C++, Parquet
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
