Skip to content

MergeTreeThreadSelectBlockInputProcessor.cpp:75 member access ... which does not point to an object of type 'const DB::MergeTreeData' #15475

Closed
Closed
MergeTreeThreadSelectBlockInputProcessor.cpp:75 member access ... which does not point to an object of type 'const DB::MergeTreeData'#15475
Labels
duplicatefuzzProblem found by one of the fuzzers
@qoega

Description

@qoega
qoega
opened on Sep 30, 2020

https://clickhouse-test-reports.s3.yandex.net/0/3e99ca797b0e5a737a631e1dd95f65ea5f94d881/stress_test_(undefined).html

../src/Storages/MergeTree/MergeTreeThreadSelectBlockInputProcessor.cpp:75:28: runtime error: member access within address 0x7f457c1653a0 which does not point to an object of type 'const DB::MergeTreeData'
0x7f457c1653a0: note: object has a possibly invalid vptr: abs(offset to top) too big
 00 00 00 00  10 f3 1b 7c 45 7f 00 00  80 00 00 7c 45 7f 00 00  00 00 00 00 00 00 00 00  00 00 00 00
              ^~~~~~~~~~~~~~~~~~~~~~~
              possibly invalid vptr
    #0 0x195499dc in DB::MergeTreeThreadSelectBlockInputProcessor::getNewTask() /build/obj-x86_64-linux-gnu/../src/Storages/MergeTree/MergeTreeThreadSelectBlockInputProcessor.cpp:75:36
    #1 0x1951d607 in DB::MergeTreeBaseSelectProcessor::generate() /build/obj-x86_64-linux-gnu/../src/Storages/MergeTree/MergeTreeBaseSelectProcessor.cpp:55:47
    #2 0x19785e66 in DB::ISource::work() /build/obj-x86_64-linux-gnu/../src/Processors/ISource.cpp:48:31
    #3 0x19a13c01 in DB::SourceWithProgress::work() /build/obj-x86_64-linux-gnu/../src/Processors/Sources/SourceWithProgress.cpp:36:30
    #4 0x197d6898 in DB::executeJob(DB::IProcessor*) /build/obj-x86_64-linux-gnu/../src/Processors/Executors/PipelineExecutor.cpp:78:20
    #5 0x197d6786 in DB::PipelineExecutor::addJob(DB::ExecutingGraph::Node*)::$_0::operator()() const /build/obj-x86_64-linux-gnu/../src/Processors/Executors/PipelineExecutor.cpp:95:13
    #6 0x197d6786 in decltype(std::__1::forward<DB::PipelineExecutor::addJob(DB::ExecutingGraph::Node*)::$_0&>(fp)()) std::__1::__invoke<DB::PipelineExecutor::addJob(DB::ExecutingGraph::Node*)::$_0&>(DB::PipelineExecutor::addJob(DB::ExecutingGraph::Node*)::$_0&) /build/obj-x86_64-linux-gnu/../contrib/libcxx/include/type_traits:3519:1
    #7 0x197d5066 in std::__1::function<void ()>::operator()() const /build/obj-x86_64-linux-gnu/../contrib/libcxx/include/functional:2473:12
    #8 0x197d5066 in DB::PipelineExecutor::executeStepImpl(unsigned long, unsigned long, std::__1::atomic<bool>*) /build/obj-x86_64-linux-gnu/../src/Processors/Executors/PipelineExecutor.cpp:561:17
    #9 0x197d4112 in DB::PipelineExecutor::executeSingleThread(unsigned long, unsigned long) /build/obj-x86_64-linux-gnu/../src/Processors/Executors/PipelineExecutor.cpp:477:5
    #10 0x197d4112 in DB::PipelineExecutor::executeImpl(unsigned long) /build/obj-x86_64-linux-gnu/../src/Processors/Executors/PipelineExecutor.cpp:752:9
    #11 0x197d3c8a in DB::PipelineExecutor::execute(unsigned long) /build/obj-x86_64-linux-gnu/../src/Processors/Executors/PipelineExecutor.cpp:399:9
    #12 0x197e43dc in DB::threadFunction(DB::PullingAsyncPipelineExecutor::Data&, std::__1::shared_ptr<DB::ThreadGroupStatus>, unsigned long) /build/obj-x86_64-linux-gnu/../src/Processors/Executors/PullingAsyncPipelineExecutor.cpp:79:24
    #13 0x197e4332 in DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0::operator()() const /build/obj-x86_64-linux-gnu/../src/Processors/Executors/PullingAsyncPipelineExecutor.cpp:101:13
    #14 0x197e4332 in decltype(std::__1::forward<DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0 const&>(fp)()) std::__1::__invoke_constexpr<DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0 const&>(DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0 const&) /build/obj-x86_64-linux-gnu/../contrib/libcxx/include/type_traits:3525:1
    #15 0x197e423d in decltype(auto) std::__1::__apply_tuple_impl<DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0 const&, std::__1::tuple<> const&>(DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0 const&, std::__1::tuple<> const&, std::__1::__tuple_indices<>) /build/obj-x86_64-linux-gnu/../contrib/libcxx/include/tuple:1415:1
    #16 0x197e423d in decltype(auto) std::__1::apply<DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0 const&, std::__1::tuple<> const&>(DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0 const&, std::__1::tuple<> const&) /build/obj-x86_64-linux-gnu/../contrib/libcxx/include/tuple:1424:1
    #17 0x197e423d in ThreadFromGlobalPool::ThreadFromGlobalPool<DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0>(DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&&)::'lambda'()::operator()() const /build/obj-x86_64-linux-gnu/../src/Common/ThreadPool.h:171:17
    #18 0x197e423d in decltype(std::__1::forward<DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0>(fp)()) std::__1::__invoke<ThreadFromGlobalPool::ThreadFromGlobalPool<DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0>(DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&&)::'lambda'()&>(DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&&) /build/obj-x86_64-linux-gnu/../contrib/libcxx/include/type_traits:3519:1
    #19 0xdfe718f in std::__1::function<void ()>::operator()() const /build/obj-x86_64-linux-gnu/../contrib/libcxx/include/functional:2473:12
    #20 0xdfe718f in ThreadPoolImpl<std::__1::thread>::worker(std::__1::__list_iterator<std::__1::thread, void*>) /build/obj-x86_64-linux-gnu/../src/Common/ThreadPool.cpp:236:17
    #21 0xdfeada5 in void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>)::'lambda1'()::operator()() const /build/obj-x86_64-linux-gnu/../src/Common/ThreadPool.cpp:117:73
    #22 0xdfeada5 in decltype(std::__1::forward<void>(fp)(std::__1::forward<void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>)::'lambda1'()>(fp0)...)) std::__1::__invoke<void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>)::'lambda1'()>(void&&, void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>)::'lambda1'()&&...) /build/obj-x86_64-linux-gnu/../contrib/libcxx/include/type_traits:3519:1
    #23 0xdfeada5 in void std::__1::__thread_execute<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct> >, void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>)::'lambda1'()>(std::__1::tuple<void, void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>)::'lambda1'()>&, std::__1::__tuple_indices<>) /build/obj-x86_64-linux-gnu/../contrib/libcxx/include/thread:273:5
    #24 0xdfeada5 in void* std::__1::__thread_proxy<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct> >, void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>)::'lambda1'()> >(void*) /build/obj-x86_64-linux-gnu/../contrib/libcxx/include/thread:284:5
    #25 0x7f46f47de668 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x9668)
    #26 0x7f46f46f52b2 in clone (/lib/x86_64-linux-gnu/libc.so.6+0x1222b2)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/Storages/MergeTree/MergeTreeThreadSelectBlockInputProcessor.cpp:75:28 in

Metadata

Metadata

Assignees

No one assigned

    Labels

    duplicatefuzzProblem found by one of the fuzzers

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions