apache · luffy-zh · Jan 20, 2025 · Jan 20, 2025 · Jan 23, 2025 · Jan 23, 2025
diff --git a/.github/workflows/asan_test.yml b/.github/workflows/asan_test.yml
@@ -15,7 +15,7 @@
 # specific language governing permissions and limitations
 # under the License.
 
-name: Address Sanitizer Tests
+name: Address/Undefined Sanitizer Tests
 
 on:
   pull_request:
@@ -47,18 +47,19 @@ jobs:
     steps:
     - name: Checkout
       uses: actions/checkout@v4
-    - name: Configure and Build with ASAN
+    - name: Configure and Build with ASAN and UBSAN
       env:
         CC: ${{ matrix.cc }}
         CXX: ${{ matrix.cxx }}
       run: |
         mkdir build && cd build
-        cmake .. -DCMAKE_BUILD_TYPE=Debug -DENABLE_ASAN=ON -DBUILD_JAVA=OFF
+        cmake .. -DCMAKE_BUILD_TYPE=Debug -DENABLE_ASAN=ON -DENABLE_UBSAN=ON -DBUILD_ENABLE_AVX512=ON -DBUILD_CPP_ENABLE_METRICS=ON -DBUILD_JAVA=OFF
         make
     - name: Run Tests
       working-directory: build
       env:
         ASAN_OPTIONS: detect_leaks=1:symbolize=1:strict_string_checks=1:halt_on_error=0:detect_container_overflow=0
         LSAN_OPTIONS: suppressions=${{ github.workspace }}/.github/lsan-suppressions.txt
+        UBSAN_OPTIONS: print_stacktrace=1
       run: |
         ctest --output-on-failure
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -89,6 +89,10 @@ option(ORC_ENABLE_CLANG_TOOLS
     "Enable Clang tools"
     ON)
 
+option(ENABLE_UBSAN
+    "Enable Undefined Behavior Sanitizer"
+    OFF)
+
 # Make sure that a build type is selected
 if (NOT CMAKE_BUILD_TYPE)
   message(STATUS "No build type selected, default to ReleaseWithDebugInfo")
@@ -171,6 +175,17 @@ if (ENABLE_ASAN)
   endif()
 endif()
 
+# Configure Undefined Behavior Sanitizer if enabled
+if (ENABLE_UBSAN)
+  if (CMAKE_CXX_COMPILER_ID MATCHES "GNU|Clang")
+    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=undefined -fno-sanitize=alignment,vptr,function  -fno-sanitize-recover=all")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=undefined -fno-sanitize=alignment,vptr,function  -fno-sanitize-recover=all")
+    message(STATUS "Undefined Behavior Sanitizer enabled")
+  else()
+    message(WARNING "Undefined Behavior Sanitizer is only supported for GCC and Clang compilers")
+  endif()
+endif()
+
 enable_testing()
 
 INCLUDE(GNUInstallDirs)  # Put it before ThirdpartyToolchain to make CMAKE_INSTALL_LIBDIR available.

diff --git a/c++/include/orc/Int128.hh b/c++/include/orc/Int128.hh
@@ -1,4 +1,4 @@
 /**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
@@ -193,6 +193,7 @@
      * Shift left by the given number of bits.
      * Values larger than 2**127 will shift into the sign bit.
      */
+    __attribute__((no_sanitize("shift")))
     Int128& operator<<=(uint32_t bits) {
       if (bits != 0) {
         if (bits < 64) {
@@ -214,6 +215,7 @@
      * Shift right by the given number of bits. Negative values will
      * sign extend and fill with one bits.
      */
+    __attribute__((no_sanitize("shift")))
     Int128& operator>>=(uint32_t bits) {
       if (bits != 0) {
         if (bits < 64) {

diff --git a/c++/src/BloomFilter.cc b/c++/src/BloomFilter.cc
@@ -1,4 +1,4 @@
 /**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
@@ -209,6 +209,7 @@
 
   DIAGNOSTIC_POP
 
+  __attribute__((no_sanitize("signed-integer-overflow","shift")))
   void BloomFilterImpl::addHash(int64_t hash64) {
     int32_t hash1 = static_cast<int32_t>(hash64 & 0xffffffff);
     // In Java codes, we use "hash64 >>> 32" which is an unsigned shift op.
@@ -226,6 +227,7 @@
     }
   }
 
+  __attribute__((no_sanitize("signed-integer-overflow","shift")))
   bool BloomFilterImpl::testHash(int64_t hash64) const {
     int32_t hash1 = static_cast<int32_t>(hash64 & 0xffffffff);
     // In Java codes, we use "hash64 >>> 32" which is an unsigned shift op.

diff --git a/c++/src/BloomFilter.hh b/c++/src/BloomFilter.hh
@@ -1,4 +1,4 @@
 /**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
@@ -194,6 +194,7 @@
   // Thomas Wang's integer hash function
   // http://web.archive.org/web/20071223173210/http://www.concentric.net/~Ttwang/tech/inthash.htm
   // Put this in header file so tests can use it as well.
+  __attribute__((no_sanitize("signed-integer-overflow","shift")))
   inline int64_t getLongHash(int64_t key) {
     key = (~key) + (key << 21);  // key = (key << 21) - key - 1;
     key = key ^ (key >> 24);

diff --git a/c++/src/ColumnReader.cc b/c++/src/ColumnReader.cc
@@ -726,6 +726,9 @@ namespace orc {
     if (totalBytes <= lastBufferLength_) {
       // subtract the needed bytes from the ones left over
       lastBufferLength_ -= totalBytes;
+      if (lastBuffer_ == nullptr) {
+        throw ParseError("StringDirectColumnReader::skip: lastBuffer_ is null");
+      }
       lastBuffer_ += totalBytes;
     } else {
       // move the stream forward after accounting for the buffered bytes
@@ -780,7 +783,9 @@ namespace orc {
     byteBatch.blob.resize(totalLength);
     char* ptr = byteBatch.blob.data();
     while (bytesBuffered + lastBufferLength_ < totalLength) {
-      memcpy(ptr + bytesBuffered, lastBuffer_, lastBufferLength_);
+      if (lastBuffer_ != nullptr) {
+        memcpy(ptr + bytesBuffered, lastBuffer_, lastBufferLength_);
+      }
       bytesBuffered += lastBufferLength_;
       const void* readBuffer;
       int readLength;

diff --git a/c++/src/ConvertColumnReader.cc b/c++/src/ConvertColumnReader.cc
@@ -126,13 +126,13 @@ namespace orc {
                                            bool shouldThrow) {
     constexpr bool isFileTypeFloatingPoint(std::is_floating_point<FileType>::value);
     constexpr bool isReadTypeFloatingPoint(std::is_floating_point<ReadType>::value);
-    int64_t longValue = static_cast<int64_t>(srcValue);
+
     if (isFileTypeFloatingPoint) {
       if (isReadTypeFloatingPoint) {
         destValue = static_cast<ReadType>(srcValue);
       } else {
         if (!canFitInLong(static_cast<double>(srcValue)) ||
-            !downCastToInteger(destValue, longValue)) {
+            !downCastToInteger(destValue, static_cast<int64_t>(srcValue))) {
           handleOverflow<FileType, ReadType>(destBatch, idx, shouldThrow);
         }
       }

diff --git a/c++/src/RLE.cc b/c++/src/RLE.cc
@@ -1,4 +1,4 @@
 /**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
@@ -77,6 +77,7 @@
     add<int16_t>(data, numValues, notNull);
   }
 
+  __attribute__((no_sanitize("shift")))
   void RleEncoder::writeVslong(int64_t val) {
     writeVulong((val << 1) ^ (val >> 63));
   }

diff --git a/c++/src/RLE.hh b/c++/src/RLE.hh
@@ -1,4 +1,4 @@
 /**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
@@ -26,6 +26,7 @@
 
 namespace orc {
 
+  __attribute__((no_sanitize("shift")))
   inline int64_t zigZag(int64_t value) {
     return (value << 1) ^ (value >> 63);
   }