Backport #88605 to 25.3: Fix potential crash caused by concurrent mutation of underlying const PREWHERE columns

robot-clickhouse · robot-clickhouse · commit 973c3827f82c · 2025-10-17T08:15:12.000Z
diff --git a/src/Storages/MergeTree/MergeTreeReadTask.cpp b/src/Storages/MergeTree/MergeTreeReadTask.cpp
@@ -198,7 +198,12 @@ MergeTreeReadTask::BlockAndProgress MergeTreeReadTask::read()
     if (read_result.num_rows != 0)
     {
         for (const auto & column : read_result.columns)
-            column->assumeMutableRef().shrinkToFit();
+        {
+            /// We may have columns that has other references, usually it is a constant column that has been created during analysis
+            /// (that will not be const here anymore, i.e. after materialize()), and we do not need to shrink it anyway.
+            if (column->use_count() == 1)
+                column->assumeMutableRef().shrinkToFit();
+        }
         block = sample_block.cloneWithColumns(read_result.columns);
     }
 
diff --git a/tests/queries/0_stateless/03680_mergetree_shrink_const_from_prewhere.reference b/tests/queries/0_stateless/03680_mergetree_shrink_const_from_prewhere.reference
@@ -0,0 +1,3 @@
+1
+2
+3
diff --git a/tests/queries/0_stateless/03680_mergetree_shrink_const_from_prewhere.sql b/tests/queries/0_stateless/03680_mergetree_shrink_const_from_prewhere.sql
@@ -0,0 +1,9 @@
+DROP TABLE IF EXISTS const_node;
+CREATE TABLE const_node (`v` Nullable(UInt8)) ENGINE = MergeTree ORDER BY tuple();
+SYSTEM STOP MERGES const_node;
+INSERT INTO const_node VALUES (1);
+INSERT INTO const_node VALUES (2);
+INSERT INTO const_node VALUES (3);
+-- Here we have condition with a constant "materialize(255)", for which convertToFullColumnIfConst() will return underlying column w/o copying,
+-- and later shrinkToFit() will be called from multiple threads on this column, and leads to UB
+SELECT v FROM const_node PREWHERE and(materialize(255), *) ORDER BY v;

Original file line number	Diff line number	Diff line change
`@@ -198,7 +198,12 @@ MergeTreeReadTask::BlockAndProgress MergeTreeReadTask::read()`
`198`	`198`	`if (read_result.num_rows != 0)`
`199`	`199`	`{`
`200`	`200`	`for (const auto & column : read_result.columns)`
`201`		`- column->assumeMutableRef().shrinkToFit();`
	`201`	`+ {`
	`202`	`+ /// We may have columns that has other references, usually it is a constant column that has been created during analysis`
	`203`	`+ /// (that will not be const here anymore, i.e. after materialize()), and we do not need to shrink it anyway.`
	`204`	`+ if (column->use_count() == 1)`
	`205`	`+ column->assumeMutableRef().shrinkToFit();`
	`206`	`+ }`
`202`	`207`	`block = sample_block.cloneWithColumns(read_result.columns);`
`203`	`208`	`}`
`204`	`209`