ORC-2123: Fix heap-use-after-free in ORC SearchArgument rewriteLeaves.

[hubgeter]

What changes were proposed in this pull request?

This PR aims to fix heap-use-after-free in ORC SearchArgument rewriteLeaves.

Why are the changes needed?

this is a heap-use-after-free bug.

==1649778==ERROR: AddressSanitizer: heap-use-after-free on address 0x7d0addc552f8 at pc 0x5561f1da808c bp 0x79e18a173b40 sp 0x79e18a173b38
READ of size 8 at 0x7d0addc552f8 thread T621 (rs_normal [work)
    #0 0x5561f1da808b in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::__shared_count(std::__shared_count<(__gnu_cxx::_Lock_policy)2> const&) /mnt/disk2/tengjianping/local/ldb_toolchain/bin/../lib/gcc/x86_64-pc-linux-gnu/15/include/g++-v15/bits/shared_ptr_base.h:1073:19
    #1 0x55622c94b9ce in std::__shared_ptr<orc::ExpressionTree, (__gnu_cxx::_Lock_policy)2>::__shared_ptr(std::__shared_ptr<orc::ExpressionTree, (__gnu_cxx::_Lock_policy)2> const&) (/mnt/disk2/tengjianping/doris-master/output/be/lib/doris_be+0x8b6e99ce)
    #2 0x55622c94849c in std::shared_ptr<orc::ExpressionTree>::shared_ptr(std::shared_ptr<orc::ExpressionTree> const&) (/mnt/disk2/tengjianping/doris-master/output/be/lib/doris_be+0x8b6e649c)
    #3 0x55622c94d976 in std::__detail::_Hash_node<std::shared_ptr<orc::ExpressionTree>, false>* std::__detail::_Hashtable_alloc<std::allocator<std::__detail::_Hash_node<std::shared_ptr<orc::ExpressionTree>, false>>>::_M_allocate_node<std::shared_ptr<orc::ExpressionTree> const&>(std::shared_ptr<orc::ExpressionTree> const&) (/mnt/disk2/tengjianping/doris-master/output/be/lib/doris_be+0x8b6eb976)
    #4 0x55622c94d7cb in std::pair<std::__detail::_Node_iterator<std::shared_ptr<orc::ExpressionTree>, true, false>, bool> std::_Hashtable<std::shared_ptr<orc::ExpressionTree>, std::shared_ptr<orc::ExpressionTree>, std::allocator<std::shared_ptr<orc::ExpressionTree>>, std::__detail::_Identity, std::equal_to<std::shared_ptr<orc::ExpressionTree>>, std::hash<std::shared_ptr<orc::ExpressionTree>>, std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash, std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits<false, true, true>>::_M_emplace_uniq<std::shared_ptr<orc::ExpressionTree> const&>(std::shared_ptr<orc::ExpressionTree> const&) (/mnt/disk2/tengjianping/doris-master/output/be/lib/doris_be+0x8b6eb7cb)
    #5 0x55622c94d62c in std::_Hashtable<std::shared_ptr<orc::ExpressionTree>, std::shared_ptr<orc::ExpressionTree>, std::allocator<std::shared_ptr<orc::ExpressionTree>>, std::__detail::_Identity, std::equal_to<std::shared_ptr<orc::ExpressionTree>>, std::hash<std::shared_ptr<orc::ExpressionTree>>, std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash, std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits<false, true, true>>::insert(std::shared_ptr<orc::ExpressionTree> const&) (/mnt/disk2/tengjianping/doris-master/output/be/lib/doris_be+0x8b6eb62c)
    #6 0x55622c94d3dc in std::unordered_set<std::shared_ptr<orc::ExpressionTree>, std::hash<std::shared_ptr<orc::ExpressionTree>>, std::equal_to<std::shared_ptr<orc::ExpressionTree>>, std::allocator<std::shared_ptr<orc::ExpressionTree>>>::insert(std::shared_ptr<orc::ExpressionTree> const&) (/mnt/disk2/tengjianping/doris-master/output/be/lib/doris_be+0x8b6eb3dc)
    #7 0x55622c947db0 in orc::rewriteLeaves(std::shared_ptr<orc::ExpressionTree>, unsigned long*) SearchArgument.cc
    #8 0x55622c947809 in orc::SearchArgumentBuilderImpl::build() (/mnt/disk2/tengjianping/doris-master/output/be/lib/doris_be+0x8b6e5809)

How was this patch tested?

Pass the CIs.

Was this patch authored or co-authored using generative AI tooling?

NO

[wgtmac]

Thanks for reporting the issue and submitting a PR! We still use JIRA to track issues. Could you help create one via https://issues.apache.org/jira/projects/ORC/issues?

[dongjoon-hyun]

Thank you, @hubgeter and @wgtmac . I updated the PR title and description after creating the official ORC JIRA issue.