From 322e529b19a2c5a119ecffbdc3a7f8f06ad77bb8 Mon Sep 17 00:00:00 2001 From: Mryange <59914473+Mryange@users.noreply.github.com> Date: Wed, 9 Oct 2024 08:53:58 +0800 Subject: [PATCH] [ubsan](PODArray)Avoid applying non-zero offset to null pointer (#41525) The original code would generate a null c_end when there is no padding. before ``` static constexpr char* null = pad_left ? const_cast(empty_pod_array) + EmptyPODArraySize : nullptr; ``` now ``` static constexpr char* null = const_cast(empty_pod_array) + pad_left; ``` --- be/src/vec/common/pod_array.h | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/be/src/vec/common/pod_array.h b/be/src/vec/common/pod_array.h index 9e09afd714414c9..f798ca69bd68ddd 100644 --- a/be/src/vec/common/pod_array.h +++ b/be/src/vec/common/pod_array.h @@ -114,8 +114,7 @@ class PODArrayBase : private boost::noncopyable, /// pad_left is also rounded up to 16 bytes to maintain alignment of allocated memory. static constexpr size_t pad_left = integerRoundUp(integerRoundUp(pad_left_, ELEMENT_SIZE), 16); /// Empty array will point to this static memory as padding. - static constexpr char* null = - pad_left ? const_cast(empty_pod_array) + EmptyPODArraySize : nullptr; + static constexpr char* null = const_cast(empty_pod_array) + pad_left; static_assert(pad_left <= EmptyPODArraySize && "Left Padding exceeds EmptyPODArraySize. Is the element size too large?"); @@ -403,7 +402,7 @@ class PODArray : public PODArrayBase void push_back(U&& x, TAllocatorParams&&... allocator_params) { - if (UNLIKELY(this->c_end == nullptr || this->c_end + sizeof(T) > this->c_end_of_storage)) { + if (UNLIKELY(this->c_end + sizeof(T) > this->c_end_of_storage)) { this->reserve_for_next_size(std::forward(allocator_params)...); } @@ -445,8 +444,7 @@ class PODArray : public PODArrayBase void emplace_back(Args&&... args) { - if (UNLIKELY(this->c_end == nullptr || - (this->c_end + sizeof(T) > this->c_end_of_storage))) { + if (UNLIKELY(this->c_end + sizeof(T) > this->c_end_of_storage)) { this->reserve_for_next_size(); }