Skip to content

Fix use-of-uninitialized-value in quantileDeterministic#81062

Merged
azat merged 1 commit intoClickHouse:masterfrom
azat:fix-quantileDeterministic-serialization
Jun 1, 2025
Merged

Fix use-of-uninitialized-value in quantileDeterministic#81062
azat merged 1 commit intoClickHouse:masterfrom
azat:fix-quantileDeterministic-serialization

Conversation

@azat
Copy link
Copy Markdown
Member

@azat azat commented May 30, 2025
edited
Loading

MSan reports:

  Uninitialized value was stored to memory at
    0 0xabcb3f7bdd40 in ReservoirSamplerDeterministic<char8_t, (ReservoirSamplerDeterministicOnEmpty)1>::write(DB::WriteBuffer&) const .build-msan/./src/AggregateFunctions/ReservoirSamplerDeterministic.h:198:18
    1 0xabcb3f7bdd40 in DB::(anonymous namespace)::QuantileReservoirSamplerDeterministic<char8_t>::serialize(DB::WriteBuffer&) const .build-msan/./src/AggregateFunctions/AggregateFunctionQuantileDeterministic.cpp:57:14
    2 0xabcb3f7bdd40 in DB::AggregateFunctionQuantile<char8_t, DB::(anonymous namespace)::QuantileReservoirSamplerDeterministic<char8_t>, DB::NameQuantileDeterministic, true, double, false, false>::serialize(char const*, DB::WriteBuffer&, std::__1::optional<unsigned long>) const .build-msan/./src/AggregateFunctions/AggregateFunctionQuantile.h:242:57
    3 0xabcb4ae6e754 in DB::serializeToString(std::__1::shared_ptr<DB::IAggregateFunction const> const&, DB::IColumn const&, unsigned long, unsigned long) .build-msan/./src/DataTypes/Serializations/SerializationAggregateFunction.cpp:102:15
    4 0xabcb4ae6e47c in DB::SerializationAggregateFunction::serializeText(DB::IColumn const&, unsigned long, DB::WriteBuffer&, DB::FormatSettings const&) const .build-msan/./src/DataTypes/Serializations/SerializationAggregateFunction.cpp:132:17

  Uninitialized value was stored to memory at
    0 0xabcb3f7bdd40 in ReservoirSamplerDeterministic<char8_t, (ReservoirSamplerDeterministicOnEmpty)1>::write(DB::WriteBuffer&) const .build-msan/./src/AggregateFunctions/ReservoirSamplerDeterministic.h:198:18
    1 0xabcb3f7bdd40 in DB::(anonymous namespace)::QuantileReservoirSamplerDeterministic<char8_t>::serialize(DB::WriteBuffer&) const .build-msan/./src/AggregateFunctions/AggregateFunctionQuantileDeterministic.cpp:57:14
    2 0xabcb3f7bdd40 in DB::AggregateFunctionQuantile<char8_t, DB::(anonymous namespace)::QuantileReservoirSamplerDeterministic<char8_t>, DB::NameQuantileDeterministic, true, double, false, false>::serialize(char const*, DB::WriteBuffer&, std::__1::optional<unsigned long>) const .build-msan/./src/AggregateFunctions/AggregateFunctionQuantile.h:242:57
    3 0xabcb4ae6e754 in DB::serializeToString(std::__1::shared_ptr<DB::IAggregateFunction const> const&, DB::IColumn const&, unsigned long, unsigned long) .build-msan/./src/DataTypes/Serializations/SerializationAggregateFunction.cpp:102:15
    4 0xabcb4ae6e47c in DB::SerializationAggregateFunction::serializeText(DB::IColumn const&, unsigned long, DB::WriteBuffer&, DB::FormatSettings const&) const .build-msan/./src/DataTypes/Serializations/SerializationAggregateFunction.cpp:132:17

The problem is the assigment of the whole pair.

Fixes: #80862
Complete report: https://pastila.clickhouse.com/?0005f20c/c8363f3b9a4205781d88c2f3fe4a0841#19owb1ROpa4VkIUDulFBpw==

Changelog category (leave one):

  • Bug Fix (user-visible misbehavior in an official stable release)

Changelog entry (a user-readable short description of the changes that goes to CHANGELOG.md):

Fix use-of-uninitialized-value in quantileDeterministic

@azat azat mentioned this pull request May 30, 2025
Closed
@clickhouse-gh
Copy link
Copy Markdown
Contributor

clickhouse-gh bot commented May 30, 2025
edited
Loading

Workflow [PR], commit [0637bbe]

@clickhouse-gh clickhouse-gh bot added the pr-bugfix Pull request with bugfix, not backported by default label May 30, 2025
@azat
Fix use-of-uninitialized-value in quantileDeterministic
0637bbe 
MSan reports:

  Uninitialized value was stored to memory at
    0 0xabcb3f7bdd40 in ReservoirSamplerDeterministic<char8_t, (ReservoirSamplerDeterministicOnEmpty)1>::write(DB::WriteBuffer&) const .build-msan/./src/AggregateFunctions/ReservoirSamplerDeterministic.h:198:18
    1 0xabcb3f7bdd40 in DB::(anonymous namespace)::QuantileReservoirSamplerDeterministic<char8_t>::serialize(DB::WriteBuffer&) const .build-msan/./src/AggregateFunctions/AggregateFunctionQuantileDeterministic.cpp:57:14
    2 0xabcb3f7bdd40 in DB::AggregateFunctionQuantile<char8_t, DB::(anonymous namespace)::QuantileReservoirSamplerDeterministic<char8_t>, DB::NameQuantileDeterministic, true, double, false, false>::serialize(char const*, DB::WriteBuffer&, std::__1::optional<unsigned long>) const .build-msan/./src/AggregateFunctions/AggregateFunctionQuantile.h:242:57
    3 0xabcb4ae6e754 in DB::serializeToString(std::__1::shared_ptr<DB::IAggregateFunction const> const&, DB::IColumn const&, unsigned long, unsigned long) .build-msan/./src/DataTypes/Serializations/SerializationAggregateFunction.cpp:102:15
    4 0xabcb4ae6e47c in DB::SerializationAggregateFunction::serializeText(DB::IColumn const&, unsigned long, DB::WriteBuffer&, DB::FormatSettings const&) const .build-msan/./src/DataTypes/Serializations/SerializationAggregateFunction.cpp:132:17

  Uninitialized value was stored to memory at
    0 0xabcb3f7bdd40 in ReservoirSamplerDeterministic<char8_t, (ReservoirSamplerDeterministicOnEmpty)1>::write(DB::WriteBuffer&) const .build-msan/./src/AggregateFunctions/ReservoirSamplerDeterministic.h:198:18
    1 0xabcb3f7bdd40 in DB::(anonymous namespace)::QuantileReservoirSamplerDeterministic<char8_t>::serialize(DB::WriteBuffer&) const .build-msan/./src/AggregateFunctions/AggregateFunctionQuantileDeterministic.cpp:57:14
    2 0xabcb3f7bdd40 in DB::AggregateFunctionQuantile<char8_t, DB::(anonymous namespace)::QuantileReservoirSamplerDeterministic<char8_t>, DB::NameQuantileDeterministic, true, double, false, false>::serialize(char const*, DB::WriteBuffer&, std::__1::optional<unsigned long>) const .build-msan/./src/AggregateFunctions/AggregateFunctionQuantile.h:242:57
    3 0xabcb4ae6e754 in DB::serializeToString(std::__1::shared_ptr<DB::IAggregateFunction const> const&, DB::IColumn const&, unsigned long, unsigned long) .build-msan/./src/DataTypes/Serializations/SerializationAggregateFunction.cpp:102:15
    4 0xabcb4ae6e47c in DB::SerializationAggregateFunction::serializeText(DB::IColumn const&, unsigned long, DB::WriteBuffer&, DB::FormatSettings const&) const .build-msan/./src/DataTypes/Serializations/SerializationAggregateFunction.cpp:132:17

The problem is the assigment of the whole pair.

Fixes: ClickHouse#80862
Complete report: https://pastila.clickhouse.com/?0005f20c/c8363f3b9a4205781d88c2f3fe4a0841#19owb1ROpa4VkIUDulFBpw==
@azat azat force-pushed the fix-quantileDeterministic-serialization branch from f5d6ec4 to 0637bbe Compare May 30, 2025 14:50
@Michicosun Michicosun self-assigned this May 31, 2025
@azat azat enabled auto-merge June 1, 2025 06:08
@azat azat added this pull request to the merge queue Jun 1, 2025
Merged via the queue into ClickHouse:master with commit 22b4cf7 Jun 1, 2025
116 of 121 checks passed
@azat azat deleted the fix-quantileDeterministic-serialization branch June 1, 2025 06:27
@robot-clickhouse robot-clickhouse added the pr-synced-to-cloud The PR is synced to the cloud repo label Jun 1, 2025
@CarlosFelipeOR CarlosFelipeOR mentioned this pull request Mar 24, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Michicosun Michicosun Michicosun approved these changes

Assignees

@Michicosun Michicosun

Labels

pr-bugfix Pull request with bugfix, not backported by default pr-synced-to-cloud The PR is synced to the cloud repo

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

hex(quantileDeterministicState(1,1)) crashes server that is built with msan

3 participants

@azat @Michicosun @robot-clickhouse