Skip to content

Commit

Permalink
[fix](column_array)fix filter_generic in column_array func (#41990)
Browse files Browse the repository at this point in the history 
filter_generic in column_array is wrong calculate in
nested_result_hint_size which may cause heap_buffer_overflow
  • Loading branch information
@amorynan @yiguolei
amorynan authored and yiguolei committed Dec 10, 2024
1 parent e29d125 commit 3556a1c
Show file tree
Hide file tree
Showing 4 changed files with 542 additions and 10 deletions.
15 changes: 5 additions & 10 deletions be/src/vec/columns/column_array.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -776,22 +776,17 @@ ColumnPtr ColumnArray::filter_generic(const Filter& filt, ssize_t result_size_hi
if (size == 0) return ColumnArray::create(data);

Filter nested_filt(get_offsets().back());
ssize_t nested_result_size_hint = 0;
for (size_t i = 0; i < size; ++i) {
if (filt[i])
if (filt[i]) {
memset(&nested_filt[offset_at(i)], 1, size_at(i));
else
nested_result_size_hint += size_at(i);
} else {
memset(&nested_filt[offset_at(i)], 0, size_at(i));
}
}

auto res = ColumnArray::create(data->clone_empty());

ssize_t nested_result_size_hint = 0;
if (result_size_hint < 0)
nested_result_size_hint = result_size_hint;
else if (result_size_hint && result_size_hint < 1000000000 &&
data->size() < 1000000000) /// Avoid overflow.
nested_result_size_hint = result_size_hint * data->size() / size;

res->data = data->filter(nested_filt, nested_result_size_hint);

auto& res_offsets = res->get_offsets();
Expand Down
Loading

0 comments on commit 3556a1c

Please sign in to comment.