ClickHouse

mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-11-22 07:31:57 +00:00

ClickHouse® is a real-time analytics DBMS

ai analytics big-data clickhouse cpp dbms distributed-database hacktoberfest mpp olap rust sql

Go to file

Azat Khuzhin 342ec02664 Fix concurrent access to LowCardinality during GROUP BY (leads to SIGSEGV) The problem is that GROUP BY can update saved_hash, which can be also updated by subsequent update of a dictionary, and this will lead to use-after-free. You will find ASan report in `details`. <details> ==24679==ERROR: AddressSanitizer: heap-use-after-free on address 0x604000615d20 at pc 0x000022cc8684 bp 0x7ffea6b5f850 sp 0x7ffea6b5f848 READ of size 8 at 0x604000615d20 thread T223 (QueryPipelineEx) 0 0x22cc8683 in DB::ReverseIndex<>::insert(StringRef const&) obj-x86_64-linux-gnu/../src/Columns/ReverseIndex.h 1 0x22cc0de1 in COW<DB::IColumn>::mutable_ptr<DB::IColumn> DB::ColumnUnique<DB::ColumnString>::uniqueInsertRangeImpl<char8_t>()::'lambda'()::operator()() const obj-x86_64-linux-gnu/../src/Columns/ColumnUnique.h:540:39 2 0x22cc0de1 in COW<DB::IColumn>::mutable_ptr<DB::IColumn> DB::ColumnUnique<DB::ColumnString>::uniqueInsertRangeImpl<char8_t>() obj-x86_64-linux-gnu/../src/Columns/ColumnUnique.h:570:23 3 0x22cb9c66 in COW<DB::IColumn>::mutable_ptr<DB::IColumn> DB::ColumnUnique<DB::ColumnString>::uniqueInsertRangeFrom()::'lambda'(auto)::operator()<char8_t>(auto) const obj-x86_64-linux-gnu/../src/Columns/ColumnUnique.h:592:26 4 0x22cb9c66 in DB::ColumnUnique<DB::ColumnString>::uniqueInsertRangeFrom() obj-x86_64-linux-gnu/../src/Columns/ColumnUnique.h:600:28 5 0x2500b897 in DB::ColumnLowCardinality::insertRangeFrom() obj-x86_64-linux-gnu/../src/Columns/ColumnLowCardinality.cpp:205:62 6 0x25a182f4 in DB::appendBlock(DB::Block const&, DB::Block&) obj-x86_64-linux-gnu/../src/Storages/StorageBuffer.cpp:470:23 7 0x25a182f4 in DB::BufferSink::insertIntoBuffer(DB::Block const&, DB::StorageBuffer::Buffer&) obj-x86_64-linux-gnu/../src/Storages/StorageBuffer.cpp:634:9 8 0x25a173cc in DB::BufferSink::consume(DB::Chunk) obj-x86_64-linux-gnu/../src/Storages/StorageBuffer.cpp:595:9 9 0x26d1c997 in DB::SinkToStorage::transform(DB::Chunk&) obj-x86_64-linux-gnu/../src/Processors/Sinks/SinkToStorage.cpp:18:5 0x604000615d20 is located 16 bytes inside of 40-byte region [0x604000615d10,0x604000615d38) freed by thread T37 (QueryPipelineEx) here: 2 0x22cb9392 in boost::intrusive_ptr<DB::ColumnVector<unsigned long> >::~intrusive_ptr() obj-x86_64-linux-gnu/../contrib/boost/boost/smart_ptr/intrusive_ptr.hpp:98:23 4 0x22cb9392 in COW<DB::IColumn>::mutable_ptr<DB::ColumnVector<unsigned long> >::operator=() obj-x86_64-linux-gnu/../src/Common/COW.h💯57 5 0x22cb9392 in DB::ReverseIndex<>::tryGetSavedHash() const obj-x86_64-linux-gnu/../src/Columns/ReverseIndex.h:362:28 6 0x22cb9392 in DB::ColumnUnique<DB::ColumnString>::tryGetSavedHash() const obj-x86_64-linux-gnu/../src/Columns/ColumnUnique.h:125:76 7 0x242eaed3 in DB::ColumnsHashing::HashMethodSingleLowCardinalityColumn<>::HashMethodSingleLowCardinalityColumn() obj-x86_64-linux-gnu/../src/Common/ColumnsHashing.h:287:50 8 0x242206c6 in void DB::Aggregator::executeImpl<>() const obj-x86_64-linux-gnu/../src/Interpreters/Aggregator.cpp:596:28 9 0x24148e99 in DB::Aggregator::executeOnBlock() const obj-x86_64-linux-gnu/../src/Interpreters/Aggregator.cpp:1004:9 10 0x26c24f3a in DB::AggregatingTransform::consume(DB::Chunk) obj-x86_64-linux-gnu/../src/Processors/Transforms/AggregatingTransform.cpp:539:33 11 0x26c2054e in DB::AggregatingTransform::work() obj-x86_64-linux-gnu/../src/Processors/Transforms/AggregatingTransform.cpp:500:9 previously allocated by thread T37 (QueryPipelineEx) here: 0 0xb6d44fd in operator new(unsigned long) (/src/ch/tmp/upstream/clickhouse-asan+0xb6d44fd) 1 0x11b78580 in COW<DB::IColumn>::mutable_ptr<> COWHelper<>::create<unsigned long&>(unsigned long&) (/src/ch/tmp/upstream/clickhouse-asan+0x11b78580) 2 0x22cbf7b1 in DB::ReverseIndex<>::calcHashes() const obj-x86_64-linux-gnu/../src/Columns/ReverseIndex.h:472:17 3 0x22cc2307 in DB::ReverseIndex<>::buildIndex() obj-x86_64-linux-gnu/../src/Columns/ReverseIndex.h:438:22 4 0x22cc658c in DB::ReverseIndex<>::insert(StringRef const&) obj-x86_64-linux-gnu/../src/Columns/ReverseIndex.h:484:9 5 0x22cc0de1 in COW<DB::IColumn>::mutable_ptr<DB::IColumn> DB::ColumnUnique<DB::ColumnString>::uniqueInsertRangeImpl<char8_t>()::'lambda'()::operator()() const obj-x86_64-linux-gnu/../src/Columns/ColumnUnique.h:540:39 6 0x22cc0de1 in COW<DB::IColumn>::mutable_ptr<DB::IColumn> DB::ColumnUnique<DB::ColumnString>::uniqueInsertRangeImpl<char8_t>() obj-x86_64-linux-gnu/../src/Columns/ColumnUnique.h:570:23 7 0x22cb9c66 in COW<DB::IColumn>::mutable_ptr<DB::IColumn> DB::ColumnUnique<DB::ColumnString>::uniqueInsertRangeFrom()::'lambda'(auto)::operator()<char8_t>(auto) const obj-x86_64-linux-gnu/../src/Columns/ColumnUnique.h:592:26 8 0x22cb9c66 in DB::ColumnUnique<DB::ColumnString>::uniqueInsertRangeFrom() obj-x86_64-linux-gnu/../src/Columns/ColumnUnique.h:600:28 9 0x2500b897 in DB::ColumnLowCardinality::insertRangeFrom() obj-x86_64-linux-gnu/../src/Columns/ColumnLowCardinality.cpp:205:62 10 0x25a182f4 in DB::appendBlock(DB::Block const&, DB::Block&) obj-x86_64-linux-gnu/../src/Storages/StorageBuffer.cpp:470:23 11 0x25a182f4 in DB::BufferSink::insertIntoBuffer(DB::Block const&, DB::StorageBuffer::Buffer&) obj-x86_64-linux-gnu/../src/Storages/StorageBuffer.cpp:634:9 12 0x25a173cc in DB::BufferSink::consume(DB::Chunk) obj-x86_64-linux-gnu/../src/Storages/StorageBuffer.cpp:595:9 13 0x26d1c997 in DB::SinkToStorage::transform(DB::Chunk&) obj-x86_64-linux-gnu/../src/Processors/Sinks/SinkToStorage.cpp:18:5 SUMMARY: AddressSanitizer: heap-use-after-free obj-x86_64-linux-gnu/../src/Columns/ReverseIndex.h in DB::ReverseIndex<unsigned long, DB::ColumnString>::insert(StringRef const&) Shadow bytes around the buggy address: 0x0c08800bab50: fa fa fd fd fd fd fd fa fa fa 00 00 00 00 00 00 0x0c08800bab60: fa fa fd fd fd fd fd fa fa fa 00 00 00 00 00 fa 0x0c08800bab70: fa fa 00 00 00 00 00 00 fa fa 00 00 00 00 00 00 0x0c08800bab80: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa 0x0c08800bab90: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fd =>0x0c08800baba0: fa fa fd fd[fd]fd fd fa fa fa fd fd fd fd fd fa 0x0c08800babb0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fa 0x0c08800babc0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fd 0x0c08800babd0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fa 0x0c08800babe0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fd 0x0c08800babf0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==24679==ABORTING </details>		2021-10-05 21:07:10 +03:00
.github	[github] we're switching to CLA based on Apache CLA	2021-09-28 10:38:53 +03:00
base	Merge pull request #29722 from kitaisreal/borrowed-object-pool-condition-variable-notify-fix	2021-10-04 21:39:59 +03:00
benchmark	.tech -> .com	2021-09-22 03:22:57 +03:00
cmake	Merge pull request #29682 from traceon/xcode-13-fix-build	2021-10-04 02:34:43 +03:00
contrib	rocksdb: fix race condition during multiple DB opening	2021-09-26 23:41:43 +03:00
debian	Add lld into Build-Depends for debian package	2021-09-25 02:18:36 +03:00
docker	better	2021-10-05 13:26:29 +00:00
docs	Add error for multiple keys without current_key_id (#29546 )	2021-10-05 14:37:54 +03:00
programs	Merge pull request #29737 from kssenii/fix-local	2021-10-05 11:34:03 +03:00
src	Fix concurrent access to LowCardinality during GROUP BY (leads to SIGSEGV)	2021-10-05 21:07:10 +03:00
tests	Fix concurrent access to LowCardinality during GROUP BY (leads to SIGSEGV)	2021-10-05 21:07:10 +03:00
utils	Manipulate with -Wreserved-identifier only if HAS_RESERVED_IDENTIFIER has been detected	2021-10-03 17:42:36 +04:00
website	Revert "repo.clickhouse.tech is not 100% ready"	2021-09-29 02:43:20 +03:00
.clang-format
.clang-tidy	Revert "Revert "Fix tidy""	2021-09-06 12:16:52 +03:00
.editorconfig	Changed tabs to spaces in editor configs and in style guide [#CLICKHOUSE-3].	2017-04-01 11:35:09 +03:00
.gitattributes	Union merge for arcadia_skip_list.txt to avoid frequent conflicts	2021-03-10 08:50:32 +03:00
.gitignore	fix style check	2021-09-21 10:28:33 +03:00
.gitmodules	Initial: replacing hardcoded toString for enums with magic_enum	2021-09-06 16:24:03 +02:00
.potato.yml	Fix yamllint issues	2021-02-20 23:25:21 +03:00
.pylintrc	Add pylintrc config	2021-01-26 23:35:56 +03:00
.vimrc
.yamllint	Drop truthy.check-keys from yamllint (does not supported on CI)	2021-02-21 06:15:36 +03:00
AUTHORS	Update AUTHORS	2021-09-22 11:38:03 +03:00
CHANGELOG.md	Add changelog for 21.10	2021-10-05 09:28:31 +03:00
CMakeLists.txt	-nostdlib++	2021-10-05 10:51:49 +00:00
CODE_OF_CONDUCT.md
CONTRIBUTING.md	Remove old CLA	2021-09-28 20:16:33 +03:00
docker-compose.yml	Change Docker org name	2021-09-20 01:52:21 +03:00
format_sources
LICENSE	Sync copyrights	2021-10-04 09:16:18 +03:00
PreLoad.cmake
README.md	Update README.md	2021-10-04 17:12:29 +03:00
release	Proper build	2021-08-24 00:09:19 +00:00
SECURITY.md	.tech -> .com	2021-09-22 03:22:57 +03:00
uncrustify.cfg

README.md

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real time.

Useful Links

Official website has quick high-level overview of ClickHouse on main page.
Tutorial shows how to set up and query small ClickHouse cluster.
Documentation provides more in-depth information.
YouTube channel has a lot of content about ClickHouse in video format.
Slack and Telegram allow to chat with ClickHouse users in real-time.
Blog contains various ClickHouse-related articles, as well as announcements and reports about events.
Code Browser with syntax highlight and navigation.
Contacts can help to get your questions answered if there are any.