Skip to content

[Bug] heap-buffer-overflow error in canPreload() due to freed pointers #85

New issue
New issue
Open
#86
Open
[Bug] heap-buffer-overflow error in canPreload() due to freed pointers#85
#86
Assignees
fzhedu
Labels
bugSomething isn't workingneeds triage
@fzhedu

Description

@fzhedu
fzhedu
opened on Jan 7, 2026

Component Selection

  • Core Engine (Expression eval, Memory, Vector)
  • Connectors / File Formats (Hive, Parquet, etc.)
  • API / Bindings (Python, etc.)
  • Build
  • Other

Describe the Bug

asan report

Address 0x61d0003ad218 is a wild pointer.
SUMMARY: AddressSanitizer: heap-buffer-overflow  in dwio::common::DirectBufferedInput::AsyncLoadHolder::canPreload() const
Shadow bytes around the buggy address:
  0x0c3a8006d9f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3a8006da00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3a8006da10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3a8006da20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3a8006da30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c3a8006da40: fa fa fa[fa]fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3a8006da50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3a8006da60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3a8006da70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3a8006da80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3a8006da90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc

Reproduction Steps

run asan binary can occasionally occur this issue.

Bolt Version / Commit ID

main

System Configuration

- **OS**: (e.g. Ubuntu 22.04, CentOS 7)
- **Compiler**: (e.g. GCC 11, Clang 14)
- **Build Type**: (Debug / Release / RelWithDebInfo)
- **CPU Arch**: (e.g. x86_64 AVX2, ARM64)
- **Framework**: (e.g. Spark 3.3, PrestoDB)

Ubuntu 22.04 on x86

Logs / Stack Trace

asan stack
 
dwio::common::DirectBufferedInput::AsyncLoadHolder::canPreload() const
dwio::common::DirectBufferedInput::readRegions()
folly::ThreadPoolExecutor::runTask()

Expected Behavior

No response

Additional context

No response

Metadata

Metadata

Assignees

Labels

bugSomething isn't workingneeds triage

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions