fix: SIGSEGV when path variable referenced inside a list-lambda#621
Merged
Conversation
The ProjectionPushDownOptimizer::collectExpressionsInUse did not handle LambdaExpression. A LambdaExpression stores its body (functionExpr) separately from its regular expression children, so the default case -- which uses ExpressionChildrenCollector::collectChildren -- never traversed into the lambda body. As a result, expressions referenced only inside a list-lambda (e.g. any(x IN [...] WHERE p IS NOT NULL)) were not marked "in use". When the lambda body references a path variable p assembled from multiple recursive-rel segments (MATCH p = (a)-[*1..2]-(b)-[*1..2]-(c)), the recursive rel segments weren't kept in scope by the projection push-down optimizer. The first recursive rel's vector got pruned from the schema feeding the lambda's expression mapper. Later, when ExpressionMapper::getPathEvaluator mapped the path's children inside the lambda body, the pruned RECURSIVE_REL children were not in scope, were not matched by isNodePattern/isRelPattern (which only cover NODE/REL), and -- because parentEvaluator != nullptr inside a lambda -- fell through to getLambdaParamEvaluator. ListLambdaEvaluator::init then replaced those evaluators' resultVectors with the data vector of the list input (an INT64 vector with no StructAuxiliaryBuffer). PathExpressionEvaluator::init called StructVector::getFieldVector on that non-struct vector and dereferenced a null struct auxiliary buffer -> SIGSEGV. Fix: add an explicit LAMBDA case to collectExpressionsInUse that recursively collects the lambda's functionExpr, so path segments referenced inside a lambda body are kept materialized. Verified: the repro queries any/all/none/single/list_transform/list_reduce over MATCH p = (a)-[*1..2]-(b)-[*1..2]-(c) no longer crash and return correct results; single-segment paths, RETURN p, length(p)/nodes(p)/rels(p) still work.
adsharma
force-pushed
the
ladybug-619
branch
2 times, most recently
from
45633d9 to
417e7f8
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes: #619