Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

The test for the package “./executor” fails when using -asan. #32952

Open
zhangfannie opened this issue Mar 9, 2022 · 6 comments
Open

The test for the package “./executor” fails when using -asan. #32952

zhangfannie opened this issue Mar 9, 2022 · 6 comments
Assignees
Labels
severity/moderate sig/sql-infra SIG: SQL Infra type/bug The issue is confirmed as a bug.

Comments

@zhangfannie
Copy link

Bug Report

Please answer these questions before submitting your issue. Thanks!

1. Minimal reproduce step (Required)

  1. download tidb source code: git clone https://github.com/pingcap/tidb.git
  2. download golang souce code: git clone https://github.com/golang/go.git
  3. build a master go
  4. cd tidb/executor and run go test -asan -c && ./executor.test

2. What did you expect to see? (Required)

pass

3. What did you see instead (Required)

==4500==ERROR: AddressSanitizer: use-after-poison on address 0x2040019e0918 at pc 0x0000024539e8 bp 0x000000000000 sp 0x204001a09670
READ of size 8 at 0x2040019e0918 thread T2
#0 0x24539e7 in github.com/pingcap/tidb/util/codec.encodeHashChunkRowIdx /home/fanzha02/sharefolder/asanprojecttest/tidb/util/chunk/column.go:542
#1 0xffff8a4b7c47 (/usr/lib/aarch64-linux-gnu/libasan.so.4+0xdac47)
#2 0x13816cf in asancall /home/fanzha02/work/go_project/gotest/src/runtime/asan_arm64.s:66

Address 0x2040019e0918 is a wild pointer.
SUMMARY: AddressSanitizer: use-after-poison /home/fanzha02/sharefolder/asanprojecttest/tidb/util/chunk/column.go:542 in github.com/pingcap/tidb/util/codec.encodeHashChunkRowIdx

4. What is your TiDB version? (Required)

@zhangfannie zhangfannie added the type/bug The issue is confirmed as a bug. label Mar 9, 2022
@zhangfannie
Copy link
Author

zhangfannie commented Mar 9, 2022

The root cause is the line 542 of the ./util/chunk/column.go: the code of return *(*int64)(unsafe.Pointer(&c.data[rowID*8])) is overflow to access the underlying array of c.data when its capacity is 7.

The option -asan added in go1.18 can detect this invalid memory access error. Thank you.

@hawkingrei
Copy link
Member

The root cause is the line 542 of the ./util/chunk/column.go: the code of return *(*int64)(unsafe.Pointer(&c.data[rowID*8])) is overflow to access the underlying array of c.data when its capacity is 7.

The option -asan added in go1.18 can detect this invalid memory access error. Thank you.

Good jobs!

@hawkingrei
Copy link
Member

@zhangfannie Are you interested in fixing this bug?

@zhangfannie
Copy link
Author

@hawkingrei I am not working on tidb project. It would be great if you were willing to fix this. 🙂

@hawkingrei
Copy link
Member

@hawkingrei I am not working on tidb project. It would be great if you were willing to fix this. 🙂

Thank you for your discovery.

@djshow832
Copy link
Contributor

Though it reports a warning, the logic itself guarantees that the capacity of c.data is not less than rowID*8. If we insist to modify it, we may need to report an error when the index is out of bound.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
severity/moderate sig/sql-infra SIG: SQL Infra type/bug The issue is confirmed as a bug.
Projects
None yet
Development

No branches or pull requests

4 participants