Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

runtime error: index out of range [3960] with length 3952 in chunk.(*Column).GetDecimal #53733

Closed
r33s3n6 opened this issue Jun 1, 2024 · 1 comment
Closed

runtime error: index out of range [3960] with length 3952 in chunk.(*Column).GetDecimal #53733

r33s3n6 opened this issue Jun 1, 2024 · 1 comment
Labels
impact/panic may-affects-5.4 This bug maybe affects 5.4.x versions. may-affects-6.1 may-affects-6.5 may-affects-7.1 may-affects-7.5 may-affects-8.1 severity/major sig/execution SIG execution type/bug The issue is confirmed as a bug.

Comments

@r33s3n6
Copy link

r33s3n6 commented Jun 1, 2024

Bug Report

Please answer these questions before submitting your issue. Thanks!

1. Minimal reproduce step (Required)

create table t_ldpj7bp ( 
c_w_jr14qm2 int ,
c_t3nd927 int ,
c_ts int ,
c_s text ,
c_qchmg double ,
c_r int ,
c_olb3fsg6 text ,
c_zkbe tinyint ,
primary key(c_w_jr14qm2) NONCLUSTERED) shard_row_id_bits=8 pre_split_regions=5;

insert into t_ldpj7bp (c_w_jr14qm2, c_t3nd927, c_ts, c_s, c_qchmg, c_r, c_olb3fsg6, c_zkbe) values 
  (730552758, -682774206, 1698439632, 'lrvil359', 18446744073709551616.5, cast(cast(null as signed) as signed), 'oj1', (-1367510804 in (
    2123597870, 1485484027))), 
  (-1001332962, -1396443960, cast(cast(null as signed) as signed), 'e43lh', 15.54, -1568307927, 'i', (-1162033997 not in (
    -1850570375, -781179836, -1281662147, -431391092, cast(null as signed)))), 
  (-727295464, 1998529670, -1873237194, 'lps56o', 70.81, 1380690610, cast(null as char), ((NOT NOT(cast( (cast(cast(null as signed) as signed) && cast(2536017375093623800 as signed)) as unsigned)))) 
    and ((NOT NOT(cast( (cast(2051320819 as signed) <=> cast(-8632453786780487783 as signed)) as unsigned))))), 
  (2133408768, 736339957, -1486317339, 'f', 62.97, -1444096406, 'tj', (NOT NOT(cast( (cast(cast(null as char) as char) = cast(cast(null as char) as char)) as unsigned))));

SELECT DISTINCT
  cast(ref_4.c_w_jr14qm2 as signed) as c6,
  cast(ref_4.c_w_jr14qm2 as decimal) as c8
FROM
  t_ldpj7bp as ref_4;

2. What did you expect to see? (Required)

Expect no crashes

3. What did you see instead (Required)

"runtime error: index out of range [3960] with length 3952
github.com/pingcap/errors.AddStack
	/root/go/pkg/mod/github.com/pingcap/[email protected]/errors.go:178
github.com/pingcap/errors.Trace
	/root/go/pkg/mod/github.com/pingcap/[email protected]/juju_adaptor.go:15
github.com/pingcap/tidb/pkg/util.GetRecoverError
	/workspace/source/tidb/pkg/util/util.go:304
github.com/pingcap/tidb/pkg/executor/aggregate.recoveryHashAgg
	/workspace/source/tidb/pkg/executor/aggregate/agg_util.go:53
github.com/pingcap/tidb/pkg/executor/aggregate.(*HashAggPartialWorker).run.func1
	/workspace/source/tidb/pkg/executor/aggregate/agg_hash_partial_worker.go:194
runtime.gopanic
	/usr/local/go/src/runtime/panic.go:914
runtime.goPanicIndex
	/usr/local/go/src/runtime/panic.go:114
github.com/pingcap/tidb/pkg/util/chunk.(*Column).GetDecimal
	/workspace/source/tidb/pkg/util/chunk/column.go:583
github.com/pingcap/tidb/pkg/util/chunk.Row.GetMyDecimal
	/workspace/source/tidb/pkg/util/chunk/row.go:110
github.com/pingcap/tidb/pkg/expression.(*Column).EvalDecimal
	/workspace/source/tidb/pkg/expression/column.go:478
github.com/pingcap/tidb/pkg/executor/aggfuncs.(*firstRow4Decimal).UpdatePartialResult
	/workspace/source/tidb/pkg/executor/aggfuncs/func_first_row.go:601
github.com/pingcap/tidb/pkg/executor/aggregate.(*HashAggPartialWorker).updatePartialResult
	/workspace/source/tidb/pkg/executor/aggregate/agg_hash_partial_worker.go:275
github.com/pingcap/tidb/pkg/executor/aggregate.(*HashAggPartialWorker).fetchChunkAndProcess
	/workspace/source/tidb/pkg/executor/aggregate/agg_hash_partial_worker.go:108
github.com/pingcap/tidb/pkg/executor/aggregate.(*HashAggPartialWorker).run
	/workspace/source/tidb/pkg/executor/aggregate/agg_hash_partial_worker.go:208
runtime.goexit
	/usr/local/go/src/runtime/asm_amd64.s:1650"]

4. What is your TiDB version? (Required)

Release Version: v8.1.0
Edition: Community
Git Commit Hash: 945d07c5d5c7a1ae212f6013adfb187f2de24b23
Git Branch: HEAD
UTC Build Time: 2024-05-21 03:51:57
GoVersion: go1.21.10
Race Enabled: false
Check Table Before Drop: false
Store: tikv

We are the BASS team from the School of Cyber Science and Technology at Beihang University. Our main focus is on system software security, operating systems, and program analysis research, as well as the development of automated program testing frameworks for detecting software defects. Using our self-developed database vulnerability testing tool, we have identified the above-mentioned vulnerabilities in TiDB that may lead to database crashes.
@r33s3n6 r33s3n6 added the type/bug The issue is confirmed as a bug. label Jun 1, 2024
@r33s3n6 r33s3n6 changed the title runtime error: index out of range [3960] with length 3952 in chunk.(*Column).GetDecimal runtime error: index out of range [3960] with length 3952 in chunk.(*Column).GetDecimal Jun 1, 2024
@hawkingrei
Copy link
Member

it has been fixed by #54067

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
impact/panic may-affects-5.4 This bug maybe affects 5.4.x versions. may-affects-6.1 may-affects-6.5 may-affects-7.1 may-affects-7.5 may-affects-8.1 severity/major sig/execution SIG execution type/bug The issue is confirmed as a bug.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hawkingrei @jebter @r33s3n6