Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BugFix] Fix the crash caused by JniScanner (backport #44903) #46189

Closed
wants to merge 1 commit into from
Closed

[BugFix] Fix the crash caused by JniScanner (backport #44903) #46189

wants to merge 1 commit into from

Conversation

mergify[bot]
Copy link
Contributor

@mergify mergify bot commented May 24, 2024
edited by wanpengfei-git
Loading

Why I'm doing:

A crash may occur when reading array, map<string,string> types from HiveJniScanner. Taking array as an example, the reasons are as follows:

In OffHeapColumnVector, array uses childColumns[0] to store data. For each row of array data, there are 0 to multiple rows of data corresponding to it in childColumns[0], and offsetData is used to record the Start and end positions of each row of array data in childColumns[0].

Initially, childColumns[0] has the same capacity as array. Assuming that each row of array data corresponds to multiple rows of data in childColumns[0], when appending data, childColumns[0] must be expanded first to accommodate all the data in the array.

ChildColumns[0] is an OffHeapColumnVector of String type. It directly creates a new OffHeapColumnVector when expanding, which means that the offset of the data added later will start from 0, but the offsetData of the array is still continuous. So there will be a situation where offsetData[n-1] > offsetData[n], as shown in the figure below, this will be a disaster, because offsetData will be passed to be, and be will follow offsetData[n] - offsetData[n - 1] Calculate the length of the string. The length of a negative number will be assigned to an unsigned number, so the construction of the string will go out of bounds, causing be crash.
image

What I'm doing:

When OffHeapColumnVector is expanding, check whether childColumns already exists. If it already exists, there is no need to reset it and just keep it, because the expansion will be done automatically in the appendValue function of childColumns.

What type of PR is this:

  • BugFix
  • Feature
  • Enhancement
  • Refactor
  • UT
  • Doc
  • Tool

Does this PR entail a change in behavior?

  • Yes, this PR will result in a change in behavior.
  • No, this PR will not result in a change in behavior.

If yes, please specify the type of change:

  • Interface/UI changes: syntax, type conversion, expression evaluation, display information
  • Parameter changes: default values, similar parameters but with different default values
  • Policy changes: use new policy to replace old one, functionality automatically enabled
  • Feature removed
  • Miscellaneous: upgrade & downgrade compatibility, etc.

Checklist:

  • I have added test cases for my bug fix or my new feature
  • This pr needs user documentation (for new or modified features or behaviors)
    • I have added documentation for my new feature or new function
  • This is a backport pr

Bugfix cherry-pick branch check:

  • I have checked the version labels which the pr will be auto-backported to the target branch
    • 3.3
    • 3.2
    • 3.1
    • 3.0
    • 2.5
This is an automatic backport of pull request #44903 done by [Mergify](https://mergify.com). ## Why I'm doing:

A crash may occur when reading array, map<string,string> types from HiveJniScanner. Taking array as an example, the reasons are as follows:

In OffHeapColumnVector, array uses childColumns[0] to store data. For each row of array data, there are 0 to multiple rows of data corresponding to it in childColumns[0], and offsetData is used to record the Start and end positions of each row of array data in childColumns[0].

Initially, childColumns[0] has the same capacity as array. Assuming that each row of array data corresponds to multiple rows of data in childColumns[0], when appending data, childColumns[0] must be expanded first to accommodate all the data in the array.

ChildColumns[0] is an OffHeapColumnVector of String type. It directly creates a new OffHeapColumnVector when expanding, which means that the offset of the data added later will start from 0, but the offsetData of the array is still continuous. So there will be a situation where offsetData[n-1] > offsetData[n], as shown in the figure below, this will be a disaster, because offsetData will be passed to be, and be will follow offsetData[n] - offsetData[n - 1] Calculate the length of the string. The length of a negative number will be assigned to an unsigned number, so the construction of the string will go out of bounds, causing be crash.
image

What I'm doing:

When OffHeapColumnVector is expanding, check whether childColumns already exists. If it already exists, there is no need to reset it and just keep it, because the expansion will be done automatically in the appendValue function of childColumns.

What type of PR is this:

  • BugFix
  • Feature
  • Enhancement
  • Refactor
  • UT
  • Doc
  • Tool

Does this PR entail a change in behavior?

  • Yes, this PR will result in a change in behavior.
  • No, this PR will not result in a change in behavior.

If yes, please specify the type of change:

  • Interface/UI changes: syntax, type conversion, expression evaluation, display information
  • Parameter changes: default values, similar parameters but with different default values
  • Policy changes: use new policy to replace old one, functionality automatically enabled
  • Feature removed
  • Miscellaneous: upgrade & downgrade compatibility, etc.

Checklist:

  • I have added test cases for my bug fix or my new feature
  • This pr needs user documentation (for new or modified features or behaviors)
    • I have added documentation for my new feature or new function
  • This is a backport pr

@MicePilot @mergify
[BugFix] Fix the crash caused by JniScanner (#44903)
89995f4 
Signed-off-by: changxin <[email protected]>
(cherry picked from commit b8cbc29)

# Conflicts:
#	java-extensions/hive-reader/src/test/java/com/starrocks/hive/reader/TestHiveScanner.java
@mergify mergify bot added the conflicts label May 24, 2024
@mergify Mergify
Copy link
Contributor Author

mergify bot commented May 24, 2024

Cherry-pick of b8cbc29 has failed:

On branch mergify/bp/branch-2.5/pr-44903
Your branch is up to date with 'origin/branch-2.5'.

You are currently cherry-picking commit b8cbc29f09.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Changes to be committed:
	new file:   java-extensions/hive-reader/src/test/resources/test_complex_type/complex_type_test.avro
	modified:   java-extensions/jni-connector/src/main/java/com/starrocks/jni/connector/OffHeapColumnVector.java

Unmerged paths:
  (use "git add/rm <file>..." as appropriate to mark resolution)
	deleted by us:   java-extensions/hive-reader/src/test/java/com/starrocks/hive/reader/TestHiveScanner.java

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally

@mergify mergify bot mentioned this pull request May 24, 2024
Merged
24 tasks
@mergify mergify bot closed this May 24, 2024
@mergify Mergify
Copy link
Contributor Author

mergify bot commented May 24, 2024

@mergify[bot]: Backport conflict, please reslove the conflict and resubmit the pr

@mergify mergify bot deleted the mergify/bp/branch-2.5/pr-44903 branch May 24, 2024 02:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
automerge conflicts
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@MicePilot