Trafodion

The heap owned by CmpStatement may be deleted twice

Bug #1349990 reported by QF Chen on 2014-07-29

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Trafodion	Fix Released	High	QF Chen	Trafodion r0.9

Bug Description

This is found during the investigation of a core file found during seabase/TEST015.

#40 <signal handler called>
#41 0x0000000000000571 in ?? ()
#42 0x00007ffff4cfd91b in NATableDB::resetAfterStatement (this=0x7fffe8800678)
    at ../optimizer/NATable.cpp:7529
#43 0x00007ffff4f4cbe4 in SchemaDB::cleanupPerStatement (this=0x7fffe8800668)
    at ../optimizer/SchemaDB.cpp:186
#44 0x00007ffff3e02cc7 in CmpContext::cleanup (this=0x7fffe87fb090, exception=0)
    at ../arkcmp/CmpContext.cpp:488
#45 0x00007ffff3e02bbe in CmpContext::unsetStatement (this=0x7fffe87fb090, s=
    0x7fffded33f48, exceptionRaised=0) at ../arkcmp/CmpContext.cpp:452
#46 0x00007ffff3e0de4b in CmpStatement::~CmpStatement (this=0x7fffded33f48,
    __in_chrg=<value optimized out>) at ../arkcmp/CmpStatement.cpp:224
#47 0x00007ffff3e0dee2 in CmpStatement::~CmpStatement (this=0x7fffded33f48,
    __in_chrg=<value optimized out>) at ../arkcmp/CmpStatement.cpp:227
#48 0x00007ffff3dfd7a0 in ExCmpMessage::actOnReceive (this=0x7fffffffbb70)
    at ../arkcmp/CmpConnection.cpp:588
#49 0x00007ffff723e191 in IpcMessageStream::internalActOnReceive (
    this=0x7fffffffbb70, buffer=0xba8bd0, connection=0xbb0920)
    at ../common/Ipc.cpp:3553
#50 0x00007ffff723c0b7 in IpcMessageBuffer::callReceiveCallback (this=0xba8bd0,
    conn=0xbb0920) at ../common/Ipc.cpp:2427
#51 0x00007ffff72501a0 in GuaConnectionToClient::acceptBuffer (this=0xbb0920,
    buffer=0xba8bd0, receivedDataLength=504) at ../common/IpcGuardian.cpp:2467
#52 0x00007ffff7251bb7 in GuaReceiveControlConnection::wait (this=0xba0150,
    timeout=-1, eventConsumed=0x0, ipcAwaitiox=0x0)
    at ../common/IpcGuardian.cpp:3164
#53 0x00007ffff724f5be in GuaConnectionToClient::wait (this=0xbb0920,

Root cause analysis.

CmpStatement::~CmpStatement() deletes the heap (statement heap) before makes a call to
context_->unsetStatement(this,exceptionRaised_), which indirectly call NATableDB::resetAfterStatement(),
which deletes the contained heap_ object for each NATable on cached statement list and tabeToDeleteList.
When the contained heap is the statement heap, the compiler cores.

Tags:

QF Chen (qifan-chen) on 2014-07-29

Changed in trafodion:
status:	New → In Progress

QF Chen (qifan-chen) on 2014-07-30

Changed in trafodion:
status:	In Progress → Fix Committed

Stacey Johnson (sjohnson-w) on 2014-10-16

Changed in trafodion:
milestone:	none → r0.9
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.