[Bug](function) fix to_ipv6 cause stack-buffer-overflow error#53713

zhangstar333 · 2025-07-22T11:06:47Z

What problem does this PR solve?

Problem Summary:

memcpy(dst, &result, sizeof(result));
when use memcpy, it's size if sizeof(result), so use int64 maybe overflow of dst

==3524968==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f18404e1d73 at pc 0x559e2c162b01 bp 0x7f18439e5dc0 sp 0x7f18439e5db8
WRITE of size 8 at 0x7f18404e1d73 thread T1265 (brpc_light)
    #0 0x559e2c162b00 in bool doris::vectorized::parse_ipv4<char const, doris::vectorized::parse_ipv6(char const*, char const*, unsigned char*)::'lambda'()>(char const*&, doris::vectorized::parse_ipv6(char const*, char const*, unsigned char*)::'lambda'(), unsigned char*, long) /mnt/disk8/zhangsida/doris/be/src/vec/common/format_ip.h:165:5
    #1 0x559e2c161eb3 in bool doris::vectorized::parse_ipv6<char const, doris::vectorized::parse_ipv6(char const*, char const*, unsigned char*)::'lambda'()>(char const*&, doris::vectorized::parse_ipv6(char const*, char const*, unsigned char*)::'lambda'(), unsigned char*, int) /mnt/disk8/zhangsida/doris/be/src/vec/common/format_ip.h:416:18
    #2 0x559e2c160c44 in doris::vectorized::parse_ipv6(char const*, char const*, unsigned char*) /mnt/disk8/zhangsida/doris/be/src/vec/common/format_ip.h:467:9
    #3 0x559e2c160c44 in doris::vectorized::parse_ipv6_whole(char const*, char const*, unsigned char*) /mnt/disk8/zhangsida/doris/be/src/vec/common/format_ip.h:475:12
    #4 0x559e2c160c44 in doris::IPv6Value::from_string(unsigned __int128&, char const*, unsigned long) /mnt/disk8/zhangsida/doris/be/src/vec/runtime/ipv6_value.h:71:16
    #5 0x559e4fdb05f3 in doris::vectorized::FunctionToIP<(doris::vectorized::IPConvertExceptionMode)0, (doris::PrimitiveType)37>::execute_impl(doris::FunctionContext*, doris::vectorized::Block&, std::vector<unsigned int, std::allocator<unsigned int>> const&, unsigned int, unsigned long) const /mnt/disk8/zhangsida/doris/be/src/vec/functions/function_ip.h:1180:21
    #6 0x559e4c233b1e in doris::vectorized::DefaultExecutable::execute_impl(doris::FunctionContext*, doris::vectorized::Block&, std::vector<unsigned int, std::allocator<unsigned int>> const&, unsigned int, unsigned long) const /mnt/disk8/zhangsida/doris/be/src/vec/functions/function.h:447:26
    #7 0x559e4eebcef3 in doris::vectorized::PreparedFunctionImpl::_execute_skipped_constant_deal(doris::FunctionContext*, doris::vectorized::Block&, std::vector<unsigned int, std::allocator<unsigned int>> const&, unsigned int, unsigned long, bool) const /mnt/disk8/zhangsida/doris/be/src/vec/functions/function.cpp
    #8 0x559e4eeb68c4 in doris::vectorized::PreparedFunctionImpl::default_implementation_for_constant_arguments(doris::FunctionContext*, doris::vectorized::Block&, std::vector<unsigned int, std::allocator<unsigned int>> const&, unsigned int, unsigned long, bool, bool*) const /mnt/disk8/zhangsida/doris/be/src/vec/functions/function.cpp:168:5
    #9 0x559e4eeb8fc4 in doris::vectorized::PreparedFunctionImpl::execute_without_low_cardinality_columns(doris::FunctionContext*, doris::vectorized::Block&, std::vector<unsigned int, std::allocator<unsigned int>> const&, unsigned int, unsigned long, bool) const /mnt/disk8/zhangsida/doris/be/src/vec/functions/function.cpp:237:5

Release note

None

Check List (For Author)

Test
- Regression test
- Unit Test
- Manual test (add detailed scripts or steps below)
- No need to test or manual test. Explain why:
  - This is a refactor/code format and no logic has been changed.
  - Previous test can cover this change.
  - No code files have been changed.
  - Other reason
Behavior changed:
- No.
- Yes.
Does this need documentation?
- No.
- Yes.

Check List (For Reviewer who merge this PR)

Confirm the release note
Confirm test cases
Confirm document
Add branch pick label

hello-stephen · 2025-07-22T11:06:53Z

Thank you for your contribution to Apache Doris.
Don't know what should be done next? See How to process your PR.

Please clearly describe your PR:

What problem was fixed (it's best to include specific error reporting information). How it was fixed.
Which behaviors were modified. What was the previous behavior, what is it now, why was it modified, and what possible impacts might there be.
What features were added. Why was this function added?
Which code was refactored and why was this part of the code refactored?
Which functions were optimized and what is the difference before and after the optimization?

zhangstar333 · 2025-07-22T11:07:15Z

run buildall

doris-robot · 2025-07-22T12:32:34Z

TPC-H: Total hot run time: 34835 ms

machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/tpch-tools
Tpch sf100 test result on commit 200c33a00e5f9ba361c58bb74e8d4658563e7520, data reload: false

------ Round 1 ----------------------------------
q1	17585	5378	5217	5217
q2	1944	312	195	195
q3	10254	1366	723	723
q4	10221	1074	509	509
q5	7544	2525	2505	2505
q6	197	171	132	132
q7	977	767	597	597
q8	9300	1515	1265	1265
q9	7495	5353	5307	5307
q10	6954	2423	1961	1961
q11	519	297	272	272
q12	358	386	213	213
q13	17755	3838	3076	3076
q14	245	240	227	227
q15	545	489	487	487
q16	426	428	367	367
q17	614	918	379	379
q18	7698	7239	7115	7115
q19	1203	1098	614	614
q20	370	356	227	227
q21	4367	3883	2489	2489
q22	1084	1062	958	958
Total cold run time: 107655 ms
Total hot run time: 34835 ms

----- Round 2, with runtime_filter_mode=off -----
q1	5454	5411	5413	5411
q2	257	335	231	231
q3	2217	2690	2322	2322
q4	1409	1857	1507	1507
q5	4562	4477	4580	4477
q6	268	186	132	132
q7	2116	1996	1819	1819
q8	2915	2802	2886	2802
q9	7477	7305	7314	7305
q10	3285	3341	2868	2868
q11	601	530	500	500
q12	729	767	616	616
q13	3703	4021	3340	3340
q14	292	302	297	297
q15	524	487	473	473
q16	472	528	463	463
q17	1284	1654	1532	1532
q18	8120	7917	7520	7520
q19	867	881	1091	881
q20	1969	1955	1808	1808
q21	4919	4416	4277	4277
q22	1117	1049	971	971
Total cold run time: 54557 ms
Total hot run time: 51552 ms

doris-robot · 2025-07-22T12:44:07Z

TPC-DS: Total hot run time: 187558 ms

machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/tpcds-tools
TPC-DS sf100 test result on commit 200c33a00e5f9ba361c58bb74e8d4658563e7520, data reload: false

query1	1009	389	428	389
query2	6538	1783	1794	1783
query3	6738	233	222	222
query4	26827	23521	23442	23442
query5	4337	616	470	470
query6	336	232	210	210
query7	4631	502	292	292
query8	282	234	230	230
query9	8609	2830	2841	2830
query10	477	343	282	282
query11	15748	15010	14753	14753
query12	157	116	118	116
query13	1664	528	423	423
query14	8691	5840	5786	5786
query15	212	183	162	162
query16	7316	618	476	476
query17	1199	771	567	567
query18	1966	397	307	307
query19	191	186	166	166
query20	131	120	113	113
query21	212	117	108	108
query22	3986	4225	4264	4225
query23	34025	33170	33179	33170
query24	8247	2338	2355	2338
query25	538	506	402	402
query26	1240	267	152	152
query27	2759	508	340	340
query28	4371	2186	2149	2149
query29	744	551	464	464
query30	286	223	189	189
query31	913	833	753	753
query32	77	73	73	73
query33	556	363	335	335
query34	790	830	503	503
query35	819	803	751	751
query36	986	1009	925	925
query37	114	110	85	85
query38	4253	4022	4082	4022
query39	1452	1601	1414	1414
query40	224	152	115	115
query41	59	56	53	53
query42	124	110	110	110
query43	513	534	461	461
query44	1301	827	811	811
query45	182	174	167	167
query46	836	999	631	631
query47	1766	1833	1754	1754
query48	375	431	313	313
query49	742	495	391	391
query50	631	679	411	411
query51	5475	5501	5430	5430
query52	114	116	98	98
query53	223	259	197	197
query54	591	597	522	522
query55	88	91	85	85
query56	318	317	313	313
query57	1232	1222	1158	1158
query58	272	270	275	270
query59	2636	2812	2659	2659
query60	342	332	333	332
query61	135	125	123	123
query62	797	707	653	653
query63	223	190	190	190
query64	4359	1066	685	685
query65	4291	4194	4180	4180
query66	1173	415	335	335
query67	15721	15662	15471	15471
query68	5186	898	561	561
query69	493	320	281	281
query70	1204	1113	1134	1113
query71	474	347	300	300
query72	5530	4757	4746	4746
query73	637	578	338	338
query74	8914	9009	8673	8673
query75	3139	3096	2602	2602
query76	3159	1118	722	722
query77	520	393	335	335
query78	9968	10024	9344	9344
query79	2045	826	576	576
query80	736	577	512	512
query81	485	257	233	233
query82	389	134	109	109
query83	266	259	244	244
query84	250	107	84	84
query85	859	531	320	320
query86	330	319	299	299
query87	4378	4377	4331	4331
query88	2790	2218	2210	2210
query89	377	315	283	283
query90	1815	218	218	218
query91	141	140	111	111
query92	72	69	61	61
query93	1101	947	617	617
query94	677	404	298	298
query95	393	308	299	299
query96	475	599	273	273
query97	2653	2754	2578	2578
query98	233	215	219	215
query99	1338	1419	1337	1337
Total cold run time: 269197 ms
Total hot run time: 187558 ms

doris-robot · 2025-07-22T12:49:35Z

ClickBench: Total hot run time: 32.14 s

machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/clickbench-tools
ClickBench test result on commit 200c33a00e5f9ba361c58bb74e8d4658563e7520, data reload: false

query1	0.04	0.03	0.03
query2	0.07	0.04	0.04
query3	0.25	0.08	0.07
query4	1.62	0.11	0.11
query5	0.44	0.43	0.42
query6	1.16	0.67	0.67
query7	0.03	0.02	0.02
query8	0.04	0.04	0.04
query9	0.59	0.52	0.51
query10	0.58	0.57	0.58
query11	0.16	0.11	0.11
query12	0.16	0.12	0.12
query13	0.63	0.62	0.62
query14	0.80	0.84	0.83
query15	0.90	0.86	0.87
query16	0.40	0.39	0.40
query17	1.08	1.01	1.05
query18	0.21	0.20	0.20
query19	1.93	1.90	1.87
query20	0.02	0.01	0.01
query21	15.41	0.93	0.55
query22	0.77	1.18	0.74
query23	14.83	1.40	0.62
query24	6.37	1.49	0.28
query25	0.33	0.10	0.18
query26	0.55	0.17	0.14
query27	0.06	0.05	0.05
query28	10.13	0.98	0.43
query29	12.65	3.96	3.32
query30	3.05	3.01	2.93
query31	2.81	0.59	0.38
query32	3.22	0.54	0.49
query33	3.02	3.04	3.11
query34	16.07	5.46	4.88
query35	4.85	4.93	4.84
query36	0.70	0.51	0.50
query37	0.08	0.06	0.07
query38	0.05	0.04	0.04
query39	0.03	0.02	0.03
query40	0.17	0.14	0.15
query41	0.08	0.02	0.03
query42	0.04	0.03	0.03
query43	0.03	0.04	0.04
Total cold run time: 106.41 s
Total hot run time: 32.14 s

hello-stephen · 2025-07-22T15:50:29Z

BE UT Coverage Report

Increment line coverage 100.00% (3/3) 🎉

Increment coverage report
Complete coverage report

Category	Coverage
Function Coverage	57.47% (15920/27701)
Line Coverage	46.26% (142981/309055)
Region Coverage	35.80% (107918/301444)
Branch Coverage	38.25% (47552/124310)

hello-stephen · 2025-07-22T15:56:08Z

BE Regression && UT Coverage Report

Increment line coverage 100.00% (3/3) 🎉

Increment coverage report
Complete coverage report

Category	Coverage
Function Coverage	81.15% (22062/27187)
Line Coverage	73.80% (227726/308584)
Region Coverage	61.43% (189919/309178)
Branch Coverage	65.24% (82005/125704)

zhangstar333 · 2025-07-23T04:41:41Z

run buildall

doris-robot · 2025-07-23T05:51:57Z

TPC-H: Total hot run time: 35598 ms

machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/tpch-tools
Tpch sf100 test result on commit 720a6cabaf7d517042b56323a6d598b0513b16e1, data reload: false

------ Round 1 ----------------------------------
q1	17567	5456	5272	5272
q2	1936	314	182	182
q3	10402	1421	755	755
q4	10266	1080	523	523
q5	7790	2510	2500	2500
q6	179	169	134	134
q7	961	758	612	612
q8	9335	1540	1324	1324
q9	7144	5379	5347	5347
q10	6936	2423	1972	1972
q11	512	287	264	264
q12	359	374	215	215
q13	17784	3798	3100	3100
q14	242	238	216	216
q15	567	476	501	476
q16	439	434	387	387
q17	607	937	369	369
q18	7563	7172	7197	7172
q19	1204	1100	604	604
q20	359	357	229	229
q21	4255	3349	2965	2965
q22	1091	1017	980	980
Total cold run time: 107498 ms
Total hot run time: 35598 ms

----- Round 2, with runtime_filter_mode=off -----
q1	5398	5396	5465	5396
q2	252	335	222	222
q3	2255	2735	2339	2339
q4	1371	1849	1571	1571
q5	4742	4563	4601	4563
q6	252	182	130	130
q7	2093	2006	1851	1851
q8	2900	2878	2749	2749
q9	7388	7252	7285	7252
q10	3200	3520	2865	2865
q11	603	508	497	497
q12	690	742	617	617
q13	3769	4120	3432	3432
q14	291	311	300	300
q15	535	474	469	469
q16	474	528	506	506
q17	1251	1687	1506	1506
q18	7884	7839	7587	7587
q19	910	888	989	888
q20	2138	2033	1861	1861
q21	4866	4373	4358	4358
q22	1093	1052	1002	1002
Total cold run time: 54355 ms
Total hot run time: 51961 ms

doris-robot · 2025-07-23T06:03:39Z

TPC-DS: Total hot run time: 187702 ms

machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/tpcds-tools
TPC-DS sf100 test result on commit 720a6cabaf7d517042b56323a6d598b0513b16e1, data reload: false

query1	987	402	404	402
query2	6534	1703	1730	1703
query3	6743	232	234	232
query4	26434	23531	22988	22988
query5	4372	627	510	510
query6	311	220	213	213
query7	4620	495	295	295
query8	284	243	218	218
query9	8623	2894	2862	2862
query10	485	323	287	287
query11	15615	15034	14783	14783
query12	162	119	110	110
query13	1647	541	423	423
query14	9200	5973	5952	5952
query15	224	206	178	178
query16	7731	653	467	467
query17	1211	749	600	600
query18	2052	425	321	321
query19	195	196	182	182
query20	125	119	118	118
query21	215	125	112	112
query22	4171	4156	4116	4116
query23	34019	33009	32963	32963
query24	8119	2414	2376	2376
query25	578	473	410	410
query26	1233	269	157	157
query27	2713	496	346	346
query28	4324	2171	2145	2145
query29	737	559	473	473
query30	281	232	194	194
query31	932	839	782	782
query32	88	79	78	78
query33	557	375	350	350
query34	796	856	520	520
query35	791	843	743	743
query36	968	1000	920	920
query37	115	100	84	84
query38	4182	4177	4046	4046
query39	1486	1409	1399	1399
query40	220	130	115	115
query41	61	56	56	56
query42	119	108	114	108
query43	484	491	472	472
query44	1312	832	821	821
query45	178	173	166	166
query46	827	1001	631	631
query47	1808	1851	1755	1755
query48	373	417	316	316
query49	744	473	384	384
query50	644	687	419	419
query51	5484	5684	5459	5459
query52	110	105	109	105
query53	233	267	188	188
query54	588	594	520	520
query55	93	84	85	84
query56	318	323	322	322
query57	1182	1214	1129	1129
query58	280	287	274	274
query59	2519	2608	2542	2542
query60	359	345	346	345
query61	128	128	134	128
query62	787	736	679	679
query63	224	190	191	190
query64	4257	1016	688	688
query65	4282	4187	4228	4187
query66	1088	471	344	344
query67	15758	15732	15466	15466
query68	8247	899	542	542
query69	484	320	297	297
query70	1286	1138	1147	1138
query71	487	326	309	309
query72	5600	4874	4946	4874
query73	758	671	355	355
query74	9035	9093	8951	8951
query75	3902	3125	2694	2694
query76	3729	1158	749	749
query77	788	393	318	318
query78	10118	10166	9278	9278
query79	2156	827	590	590
query80	618	545	496	496
query81	479	266	225	225
query82	451	141	106	106
query83	248	258	237	237
query84	252	107	96	96
query85	791	443	338	338
query86	386	338	288	288
query87	4401	4384	4337	4337
query88	3452	2238	2197	2197
query89	379	312	291	291
query90	1937	230	221	221
query91	137	145	112	112
query92	82	74	69	69
query93	1570	994	626	626
query94	660	397	301	301
query95	400	318	316	316
query96	488	578	275	275
query97	2730	2740	2635	2635
query98	233	223	215	215
query99	1652	1407	1275	1275
Total cold run time: 276256 ms
Total hot run time: 187702 ms

doris-robot · 2025-07-23T06:09:07Z

ClickBench: Total hot run time: 32.73 s

machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/clickbench-tools
ClickBench test result on commit 720a6cabaf7d517042b56323a6d598b0513b16e1, data reload: false

query1	0.04	0.03	0.04
query2	0.08	0.05	0.04
query3	0.25	0.08	0.07
query4	1.63	0.11	0.11
query5	0.42	0.42	0.42
query6	1.17	0.66	0.68
query7	0.03	0.02	0.01
query8	0.05	0.04	0.04
query9	0.60	0.54	0.51
query10	0.58	0.58	0.57
query11	0.15	0.11	0.12
query12	0.15	0.12	0.11
query13	0.62	0.61	0.61
query14	0.80	0.82	0.82
query15	0.89	0.87	0.88
query16	0.37	0.37	0.40
query17	1.04	1.02	1.07
query18	0.21	0.19	0.20
query19	1.90	1.85	1.85
query20	0.02	0.01	0.02
query21	15.39	0.89	0.54
query22	0.79	1.12	0.77
query23	14.90	1.40	0.63
query24	7.23	1.43	0.95
query25	0.52	0.09	0.16
query26	0.53	0.18	0.13
query27	0.06	0.06	0.05
query28	9.48	0.97	0.44
query29	12.56	3.85	3.24
query30	3.13	3.09	2.99
query31	2.81	0.59	0.38
query32	3.24	0.55	0.47
query33	3.12	3.06	3.14
query34	15.90	5.46	4.83
query35	4.86	4.91	4.92
query36	0.70	0.51	0.49
query37	0.09	0.07	0.07
query38	0.06	0.04	0.04
query39	0.04	0.02	0.03
query40	0.17	0.14	0.15
query41	0.08	0.02	0.03
query42	0.03	0.03	0.02
query43	0.04	0.03	0.03
Total cold run time: 106.73 s
Total hot run time: 32.73 s

doris-robot · 2025-07-23T09:15:58Z

BE UT Coverage Report

Increment line coverage 75.00% (3/4) 🎉

Increment coverage report
Complete coverage report

Category	Coverage
Function Coverage	57.49% (15925/27701)
Line Coverage	46.27% (143014/309062)
Region Coverage	35.75% (107771/301444)
Branch Coverage	38.25% (47551/124310)

hello-stephen · 2025-07-23T09:27:44Z

BE Regression && UT Coverage Report

Increment line coverage 100.00% (4/4) 🎉

Increment coverage report
Complete coverage report

Category	Coverage
Function Coverage	81.11% (22052/27187)
Line Coverage	73.72% (227479/308591)
Region Coverage	61.32% (189582/309178)
Branch Coverage	65.06% (81784/125704)

HappenLee

LGTM

github-actions · 2025-07-24T07:19:54Z

PR approved by at least one committer and no changes requested.

github-actions · 2025-07-24T07:19:57Z

PR approved by anyone and no changes requested.

…#53713) Problem Summary: memcpy(dst, &result, sizeof(result)); when use memcpy, it's size if sizeof(result), so use int64 maybe overflow of dst ``` ==3524968==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f18404e1d73 at pc 0x559e2c162b01 bp 0x7f18439e5dc0 sp 0x7f18439e5db8 WRITE of size 8 at 0x7f18404e1d73 thread T1265 (brpc_light) #0 0x559e2c162b00 in bool doris::vectorized::parse_ipv4<char const, doris::vectorized::parse_ipv6(char const*, char const*, unsigned char*)::'lambda'()>(char const*&, doris::vectorized::parse_ipv6(char const*, char const*, unsigned char*)::'lambda'(), unsigned char*, long) /mnt/disk8/zhangsida/doris/be/src/vec/common/format_ip.h:165:5 apache#1 0x559e2c161eb3 in bool doris::vectorized::parse_ipv6<char const, doris::vectorized::parse_ipv6(char const*, char const*, unsigned char*)::'lambda'()>(char const*&, doris::vectorized::parse_ipv6(char const*, char const*, unsigned char*)::'lambda'(), unsigned char*, int) /mnt/disk8/zhangsida/doris/be/src/vec/common/format_ip.h:416:18 apache#2 0x559e2c160c44 in doris::vectorized::parse_ipv6(char const*, char const*, unsigned char*) /mnt/disk8/zhangsida/doris/be/src/vec/common/format_ip.h:467:9 apache#3 0x559e2c160c44 in doris::vectorized::parse_ipv6_whole(char const*, char const*, unsigned char*) /mnt/disk8/zhangsida/doris/be/src/vec/common/format_ip.h:475:12 apache#4 0x559e2c160c44 in doris::IPv6Value::from_string(unsigned __int128&, char const*, unsigned long) /mnt/disk8/zhangsida/doris/be/src/vec/runtime/ipv6_value.h:71:16 apache#5 0x559e4fdb05f3 in doris::vectorized::FunctionToIP<(doris::vectorized::IPConvertExceptionMode)0, (doris::PrimitiveType)37>::execute_impl(doris::FunctionContext*, doris::vectorized::Block&, std::vector<unsigned int, std::allocator<unsigned int>> const&, unsigned int, unsigned long) const /mnt/disk8/zhangsida/doris/be/src/vec/functions/function_ip.h:1180:21 apache#6 0x559e4c233b1e in doris::vectorized::DefaultExecutable::execute_impl(doris::FunctionContext*, doris::vectorized::Block&, std::vector<unsigned int, std::allocator<unsigned int>> const&, unsigned int, unsigned long) const /mnt/disk8/zhangsida/doris/be/src/vec/functions/function.h:447:26 apache#7 0x559e4eebcef3 in doris::vectorized::PreparedFunctionImpl::_execute_skipped_constant_deal(doris::FunctionContext*, doris::vectorized::Block&, std::vector<unsigned int, std::allocator<unsigned int>> const&, unsigned int, unsigned long, bool) const /mnt/disk8/zhangsida/doris/be/src/vec/functions/function.cpp apache#8 0x559e4eeb68c4 in doris::vectorized::PreparedFunctionImpl::default_implementation_for_constant_arguments(doris::FunctionContext*, doris::vectorized::Block&, std::vector<unsigned int, std::allocator<unsigned int>> const&, unsigned int, unsigned long, bool, bool*) const /mnt/disk8/zhangsida/doris/be/src/vec/functions/function.cpp:168:5 apache#9 0x559e4eeb8fc4 in doris::vectorized::PreparedFunctionImpl::execute_without_low_cardinality_columns(doris::FunctionContext*, doris::vectorized::Block&, std::vector<unsigned int, std::allocator<unsigned int>> const&, unsigned int, unsigned long, bool) const /mnt/disk8/zhangsida/doris/be/src/vec/functions/function.cpp:237:5 ```

…rror #53713 (#54012) Cherry-picked from #53423

…#53713) ### What problem does this PR solve? Problem Summary: memcpy(dst, &result, sizeof(result)); when use memcpy, it's size if sizeof(result), so use int64 maybe overflow of dst ``` ==3524968==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f18404e1d73 at pc 0x559e2c162b01 bp 0x7f18439e5dc0 sp 0x7f18439e5db8 WRITE of size 8 at 0x7f18404e1d73 thread T1265 (brpc_light) #0 0x559e2c162b00 in bool doris::vectorized::parse_ipv4<char const, doris::vectorized::parse_ipv6(char const*, char const*, unsigned char*)::'lambda'()>(char const*&, doris::vectorized::parse_ipv6(char const*, char const*, unsigned char*)::'lambda'(), unsigned char*, long) /mnt/disk8/zhangsida/doris/be/src/vec/common/format_ip.h:165:5 apache#1 0x559e2c161eb3 in bool doris::vectorized::parse_ipv6<char const, doris::vectorized::parse_ipv6(char const*, char const*, unsigned char*)::'lambda'()>(char const*&, doris::vectorized::parse_ipv6(char const*, char const*, unsigned char*)::'lambda'(), unsigned char*, int) /mnt/disk8/zhangsida/doris/be/src/vec/common/format_ip.h:416:18 apache#2 0x559e2c160c44 in doris::vectorized::parse_ipv6(char const*, char const*, unsigned char*) /mnt/disk8/zhangsida/doris/be/src/vec/common/format_ip.h:467:9 apache#3 0x559e2c160c44 in doris::vectorized::parse_ipv6_whole(char const*, char const*, unsigned char*) /mnt/disk8/zhangsida/doris/be/src/vec/common/format_ip.h:475:12 apache#4 0x559e2c160c44 in doris::IPv6Value::from_string(unsigned __int128&, char const*, unsigned long) /mnt/disk8/zhangsida/doris/be/src/vec/runtime/ipv6_value.h:71:16 apache#5 0x559e4fdb05f3 in doris::vectorized::FunctionToIP<(doris::vectorized::IPConvertExceptionMode)0, (doris::PrimitiveType)37>::execute_impl(doris::FunctionContext*, doris::vectorized::Block&, std::vector<unsigned int, std::allocator<unsigned int>> const&, unsigned int, unsigned long) const /mnt/disk8/zhangsida/doris/be/src/vec/functions/function_ip.h:1180:21 apache#6 0x559e4c233b1e in doris::vectorized::DefaultExecutable::execute_impl(doris::FunctionContext*, doris::vectorized::Block&, std::vector<unsigned int, std::allocator<unsigned int>> const&, unsigned int, unsigned long) const /mnt/disk8/zhangsida/doris/be/src/vec/functions/function.h:447:26 apache#7 0x559e4eebcef3 in doris::vectorized::PreparedFunctionImpl::_execute_skipped_constant_deal(doris::FunctionContext*, doris::vectorized::Block&, std::vector<unsigned int, std::allocator<unsigned int>> const&, unsigned int, unsigned long, bool) const /mnt/disk8/zhangsida/doris/be/src/vec/functions/function.cpp apache#8 0x559e4eeb68c4 in doris::vectorized::PreparedFunctionImpl::default_implementation_for_constant_arguments(doris::FunctionContext*, doris::vectorized::Block&, std::vector<unsigned int, std::allocator<unsigned int>> const&, unsigned int, unsigned long, bool, bool*) const /mnt/disk8/zhangsida/doris/be/src/vec/functions/function.cpp:168:5 apache#9 0x559e4eeb8fc4 in doris::vectorized::PreparedFunctionImpl::execute_without_low_cardinality_columns(doris::FunctionContext*, doris::vectorized::Block&, std::vector<unsigned int, std::allocator<unsigned int>> const&, unsigned int, unsigned long, bool) const /mnt/disk8/zhangsida/doris/be/src/vec/functions/function.cpp:237:5 ```

…#53713) ### What problem does this PR solve? Problem Summary: memcpy(dst, &result, sizeof(result)); when use memcpy, it's size if sizeof(result), so use int64 maybe overflow of dst ``` ==3524968==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f18404e1d73 at pc 0x559e2c162b01 bp 0x7f18439e5dc0 sp 0x7f18439e5db8 WRITE of size 8 at 0x7f18404e1d73 thread T1265 (brpc_light) #0 0x559e2c162b00 in bool doris::vectorized::parse_ipv4<char const, doris::vectorized::parse_ipv6(char const*, char const*, unsigned char*)::'lambda'()>(char const*&, doris::vectorized::parse_ipv6(char const*, char const*, unsigned char*)::'lambda'(), unsigned char*, long) /mnt/disk8/zhangsida/doris/be/src/vec/common/format_ip.h:165:5 #1 0x559e2c161eb3 in bool doris::vectorized::parse_ipv6<char const, doris::vectorized::parse_ipv6(char const*, char const*, unsigned char*)::'lambda'()>(char const*&, doris::vectorized::parse_ipv6(char const*, char const*, unsigned char*)::'lambda'(), unsigned char*, int) /mnt/disk8/zhangsida/doris/be/src/vec/common/format_ip.h:416:18 #2 0x559e2c160c44 in doris::vectorized::parse_ipv6(char const*, char const*, unsigned char*) /mnt/disk8/zhangsida/doris/be/src/vec/common/format_ip.h:467:9 #3 0x559e2c160c44 in doris::vectorized::parse_ipv6_whole(char const*, char const*, unsigned char*) /mnt/disk8/zhangsida/doris/be/src/vec/common/format_ip.h:475:12 apache#4 0x559e2c160c44 in doris::IPv6Value::from_string(unsigned __int128&, char const*, unsigned long) /mnt/disk8/zhangsida/doris/be/src/vec/runtime/ipv6_value.h:71:16 apache#5 0x559e4fdb05f3 in doris::vectorized::FunctionToIP<(doris::vectorized::IPConvertExceptionMode)0, (doris::PrimitiveType)37>::execute_impl(doris::FunctionContext*, doris::vectorized::Block&, std::vector<unsigned int, std::allocator<unsigned int>> const&, unsigned int, unsigned long) const /mnt/disk8/zhangsida/doris/be/src/vec/functions/function_ip.h:1180:21 apache#6 0x559e4c233b1e in doris::vectorized::DefaultExecutable::execute_impl(doris::FunctionContext*, doris::vectorized::Block&, std::vector<unsigned int, std::allocator<unsigned int>> const&, unsigned int, unsigned long) const /mnt/disk8/zhangsida/doris/be/src/vec/functions/function.h:447:26 apache#7 0x559e4eebcef3 in doris::vectorized::PreparedFunctionImpl::_execute_skipped_constant_deal(doris::FunctionContext*, doris::vectorized::Block&, std::vector<unsigned int, std::allocator<unsigned int>> const&, unsigned int, unsigned long, bool) const /mnt/disk8/zhangsida/doris/be/src/vec/functions/function.cpp apache#8 0x559e4eeb68c4 in doris::vectorized::PreparedFunctionImpl::default_implementation_for_constant_arguments(doris::FunctionContext*, doris::vectorized::Block&, std::vector<unsigned int, std::allocator<unsigned int>> const&, unsigned int, unsigned long, bool, bool*) const /mnt/disk8/zhangsida/doris/be/src/vec/functions/function.cpp:168:5 apache#9 0x559e4eeb8fc4 in doris::vectorized::PreparedFunctionImpl::execute_without_low_cardinality_columns(doris::FunctionContext*, doris::vectorized::Block&, std::vector<unsigned int, std::allocator<unsigned int>> const&, unsigned int, unsigned long, bool) const /mnt/disk8/zhangsida/doris/be/src/vec/functions/function.cpp:237:5 ```

…or (#53713) (#54011) ### What problem does this PR solve? Problem Summary: cherry-pick from (#53713) ### Release note None ### Check List (For Author) - Test  - [ ] Regression test - [ ] Unit Test - [ ] Manual test (add detailed scripts or steps below) - [ ] No need to test or manual test. Explain why: - [ ] This is a refactor/code format and no logic has been changed. - [ ] Previous test can cover this change. - [ ] No code files have been changed. - [ ] Other reason  - Behavior changed: - [ ] No. - [ ] Yes.  - Does this need documentation? - [ ] No. - [ ] Yes.  ### Check List (For Reviewer who merge this PR) - [ ] Confirm the release note - [ ] Confirm test cases - [ ] Confirm document - [ ] Add branch pick label

[Bug](function) fix to_ipv6 cause stack-buffer-overflow error

200c33a

dataroaring added p0_c dev/3.0.x dev/3.1.x labels Jul 22, 2025

update

720a6ca

HappenLee approved these changes Jul 24, 2025

View reviewed changes

github-actions bot added the approved Indicates a PR has been approved by one committer. label Jul 24, 2025

github-actions bot added the reviewed label Jul 24, 2025

Mryange approved these changes Jul 25, 2025

View reviewed changes

zhangstar333 merged commit 78b0c60 into apache:master Jul 25, 2025
27 of 29 checks passed

github-actions bot added dev/3.0.x-conflict dev/3.1.x-conflict labels Jul 25, 2025

zhangstar333 mentioned this pull request Jul 29, 2025

branch-30:[Bug](function) fix to_ipv6 cause stack-buffer-overflow error (#53713) #54011

Merged

16 tasks

morrySnow pushed a commit that referenced this pull request Jul 30, 2025

branch-3.1: [Bug](function) fix to_ipv6 cause stack-buffer-overflow e…

aa4db3d

…rror #53713 (#54012) Cherry-picked from #53423

morrySnow mentioned this pull request Jul 31, 2025

branch-3.1: [Bug](function) fix to_ipv6 cause stack-buffer-overflow error #53713 #54012

Merged

morrySnow added dev/3.1.0-merged and removed dev/3.1.x dev/3.1.x-conflict labels Jul 31, 2025

dataroaring added dev/3.0.8-merged and removed dev/3.0.x dev/3.0.x-conflict labels Aug 12, 2025

gavinchou mentioned this pull request Sep 1, 2025

Release Note 3.0.8 #55553

Open

Conversation

zhangstar333 commented Jul 22, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

What problem does this PR solve?

Release note

Check List (For Author)

Check List (For Reviewer who merge this PR)

Uh oh!

hello-stephen commented Jul 22, 2025

Uh oh!

zhangstar333 commented Jul 22, 2025

Uh oh!

doris-robot commented Jul 22, 2025

Uh oh!

doris-robot commented Jul 22, 2025

Uh oh!

doris-robot commented Jul 22, 2025

Uh oh!

hello-stephen commented Jul 22, 2025

BE UT Coverage Report

Uh oh!

hello-stephen commented Jul 22, 2025

BE Regression && UT Coverage Report

Uh oh!

zhangstar333 commented Jul 23, 2025

Uh oh!

doris-robot commented Jul 23, 2025

Uh oh!

doris-robot commented Jul 23, 2025

Uh oh!

doris-robot commented Jul 23, 2025

Uh oh!

doris-robot commented Jul 23, 2025

BE UT Coverage Report

Uh oh!

hello-stephen commented Jul 23, 2025

BE Regression && UT Coverage Report

Uh oh!

HappenLee left a comment

Choose a reason for hiding this comment

Uh oh!

github-actions bot commented Jul 24, 2025

Uh oh!

github-actions bot commented Jul 24, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

7 participants

zhangstar333 commented Jul 22, 2025 •

edited

Loading