search

spaolacci / murmur3

Native MurmurHash3 Go implementation
BSD 3-Clause "New" or "Revised" License
947 stars 127 forks source link

fatal error: checkptr: pointer arithmetic result points to invalid allocation #34

Open XuHuaiyu opened 2 years ago

XuHuaiyu commented 2 years ago

related issue: https://github.com/pingcap/tidb/issues/29086

We got the following error when running go test -race on Go1.15 and go test -race -d=checkptr on Go1.13. Does anyone know why this happens?

fatal error: checkptr: pointer arithmetic result points to invalid allocation

goroutine 1052 [running]:
runtime.throw(0x44c01fb, 0x40)
    /root/go/src/runtime/panic.go:1116 +0x72 fp=0xc000c9fc70 sp=0xc000c9fc40 pc=0x10e8892
runtime.checkptrArithmetic(0xc000c9fd78, 0x0, 0x0, 0x0)
    /root/go/src/runtime/checkptr.go:43 +0xbe fp=0xc000c9fca0 sp=0xc000c9fc70 pc=0x10b755e
github.com/spaolacci/murmur3.Sum32WithSeed(0xc000c9fd78, 0x14, 0x20, 0xc000000000, 0x14)
    /root/go/pkg/mod/github.com/spaolacci/murmur3@v1.1.0/murmur32.go:129 +0x8a fp=0xc000c9fd08 sp=0xc000c9fca0 pc=0x29cbe0a
github.com/spaolacci/murmur3.Sum32(...)
fracasula commented 2 years ago

Same here with go 1.18

fatal error: checkptr: pointer arithmetic result points to invalid allocation

goroutine 619 [running]:
runtime.throw({0x2bf0282?, 0x4a08f9?})
        /usr/local/go/src/runtime/panic.go:992 +0x71 fp=0xc001876b68 sp=0xc001876b38 pc=0x469d71
runtime.checkptrArithmetic(0x0?, {0x0, 0x0, 0x0?})
        /usr/local/go/src/runtime/checkptr.go:69 +0xaa fp=0xc001876b98 sp=0xc001876b68 pc=0x43a40a
github.com/spaolacci/murmur3.Sum32WithSeed({0xc001876cc0, 0x11, 0x20}, 0x0)
        /home/francesco/go/pkg/mod/github.com/spaolacci/murmur3@v1.1.0/murmur32.go:129 +0x90 fp=0xc001876c00 sp=0xc001876b98 pc=0x23d7b90
github.com/spaolacci/murmur3.Sum32(...)
        /home/francesco/go/pkg/mod/github.com/spaolacci/murmur3@v1.1.0/murmur32.go:111
github.com/rudderlabs/rudder-server/services/pgnotifier.(*PgNotifierT).RunMaintenanceWorker(0x49337c0, {0x39f0c10, 0xc00095e280})
        /home/francesco/Code/rudderstack/rudder-server/services/pgnotifier/pgnotifier.go:427 +0x8c fp=0xc001876e60 sp=0xc001876c00 pc=0x23dd42c

https://github.com/rudderlabs/rudder-server/blob/ae46b0443dc4ef5c094c0f96842db1e9ef45a4da/services/pgnotifier/pgnotifier.go#L427

slingamn commented 2 years ago

Here's the offending line:

https://github.com/spaolacci/murmur3/blob/f09979ecbc725b9e6d41a297405f65e7e8804acc/murmur32.go#L129

My understanding of the issue: the sanitizer expects that an unsafe.Pointer should be valid for a full word-sized read. So on a 64-bit arch, a word is 8 bytes long, so when processing the last 4-byte block of the buffer, the 8 bytes starting from the unsafe.Pointer extend 4 bytes past the end of the buffer (even though only the first four bytes will be read, since the unsafe.Pointer is immediately cast to *uint32). So this is a false positive.

The cleanest thing would be to use binary.LittleEndian.Uint32 in place of pointer arithmetic here, but it imposes a slowdown (maybe 20%). I'm surprised the compiler isn't better at handling this...

mec07 commented 1 year ago

I'm getting the same issue. Here is a really simple test to reproduce it (I'm running golang version 1.19):

package tmp_test

import (
        "testing"

        "github.com/spaolacci/murmur3"
)

func TestMurmur3(t *testing.T) {
        _ = murmur3.Sum32([]byte("deadletter"))
}
sheregeda commented 9 months ago

Do you have any updates?

See https://github.com/spaolacci/murmur3/issues/29#issuecomment-1822864930