Heap use after free is catched in AnnIterator - Githubissues

zilliztech / knowhere

Knowhere is an open-source vector search engine, integrating FAISS, HNSW, etc.

Apache License 2.0

180 stars 76 forks source link

Heap use after free is catched in AnnIterator #900

Closed chyezh closed 1 minute ago

chyezh commented 2 hours ago

The full report can be found in related milvus issue: https://github.com/milvus-io/milvus/issues/36974 Introduced by https://github.com/zilliztech/knowhere/pull/659

ConvertFromDataTypeIfNeeded create a new dataset for query.

https://github.com/zilliztech/knowhere/blob/538e4165a29606cea6581ecace4c0084ce8e57bc/src/index/index_node_data_mock_wrapper.cc#L60C1-L66C2

And the raw pointer binary of DataSet is hold by the workspace of ivf iterator. https://github.com/zilliztech/knowhere/blob/538e4165a29606cea6581ecace4c0084ce8e57bc/src/index/ivf/ivf.cc#L337

Then the Dataset is freed after AnnIterator function returned, so the raw pointer is dangling.

liliu-z commented 2 hours ago

/assign @alwayslove2013 /assign @PwzXxm

PwzXxm commented 1 minute ago

Fixed