Posted at: 2023-06-20, 16:27
==32258==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6110003d9b80 at pc 0x5629fbd51096 bp 0x7f933d946840 sp 0x7f933d946830
READ of size 8 at 0x6110003d9b80 thread T12
#0 0x5629fbd51095 in Widelands::ShipFleet::remove_ship(Widelands::EditorGameBase&, Widelands::Ship*) /home/markusgopfert/Git/widelands_debug/src/economy/ship_fleet.cc:469
#1 0x5629fb843381 in Widelands::Ship::cleanup(Widelands::EditorGameBase&) /home/markusgopfert/Git/widelands_debug/src/logic/map_objects/tribes/ship.cc:200
#2 0x5629fb7597d0 in Widelands::MapObject::remove(Widelands::EditorGameBase&) /home/markusgopfert/Git/widelands_debug/src/logic/map_objects/map_object.cc:538
#3 0x5629fb7598e4 in Widelands::MapObject::destroy(Widelands::EditorGameBase&) /home/markusgopfert/Git/widelands_debug/src/logic/map_objects/map_object.cc:554
#4 0x5629fbed1bc3 in LuaMaps::LuaMapObject::destroy(lua_State*) /home/markusgopfert/Git/widelands_debug/src/scripting/lua_map.cc:4754
#5 0x5629fbf6a575 in int method_dispatch<LuaMaps::LuaShip, LuaMaps::LuaMapObject>(lua_State*) /home/markusgopfert/Git/widelands_debug/src/scripting/luna_impl.h:176
#6 0x5629fc3157c4 in luaD_precall /home/markusgopfert/Git/widelands_debug/src/third_party/eris/ldo.c:434
#7 0x5629fc333661 in luaV_execute /home/markusgopfert/Git/widelands_debug/src/third_party/eris/lvm.c:1134
#8 0x5629fc315d30 in unroll /home/markusgopfert/Git/widelands_debug/src/third_party/eris/ldo.c:556
#9 0x5629fc31602a in resume /home/markusgopfert/Git/widelands_debug/src/third_party/eris/ldo.c:643
#10 0x5629fc314af8 in luaD_rawrunprotected /home/markusgopfert/Git/widelands_debug/src/third_party/eris/ldo.c:142
#11 0x5629fc316148 in lua_resume /home/markusgopfert/Git/widelands_debug/src/third_party/eris/ldo.c:664
#12 0x5629fc177a10 in LuaCoroutine::resume() /home/markusgopfert/Git/widelands_debug/src/scripting/lua_coroutine.cc:83
#13 0x5629fbe482d9 in Widelands::CmdLuaCoroutine::execute(Widelands::Game&) /home/markusgopfert/Git/widelands_debug/src/logic/cmd_luacoroutine.cc:39
#14 0x5629fbe4fcdd in Widelands::CmdQueue::run_queue(Duration const&, Time&) /home/markusgopfert/Git/widelands_debug/src/logic/cmd_queue.cc:121
#15 0x5629face52cc in Widelands::Game::think() /home/markusgopfert/Git/widelands_debug/src/logic/game.cc:871
#16 0x5629fb31e92c in InteractiveBase::game_logic_think() /home/markusgopfert/Git/widelands_debug/src/wui/interactive_base.cc:874
#17 0x5629fb03a06d in UI::Panel::logic_thread() /home/markusgopfert/Git/widelands_debug/src/ui_basic/panel.cc:198
#18 0x5629fa8c76ae in void std::__invoke_impl<void, void (*)()>(std::__invoke_other, void (*&&)()) (/home/markusgopfert/Git/widelands_debug/widelands+0x6f56ae)
#19 0x5629fa8c6363 in std::__invoke_result<void (*)()>::type std::__invoke<void (*)()>(void (*&&)()) (/home/markusgopfert/Git/widelands_debug/widelands+0x6f4363)
#20 0x5629fa8c528f in void std::thread::_Invoker<std::tuple<void (*)()> >::_M_invoke<0ul>(std::_Index_tuple<0ul>) (/home/markusgopfert/Git/widelands_debug/widelands+0x6f328f)
#21 0x5629fa8c4463 in std::thread::_Invoker<std::tuple<void (*)()> >::operator()() (/home/markusgopfert/Git/widelands_debug/widelands+0x6f2463)
#22 0x5629fa8c3da5 in std::thread::_State_impl<std::thread::_Invoker<std::tuple<void (*)()> > >::_M_run() (/home/markusgopfert/Git/widelands_debug/widelands+0x6f1da5)
#23 0x7f934fadc2b2 (/lib/x86_64-linux-gnu/libstdc++.so.6+0xdc2b2)
#24 0x7f934f694b42 in start_thread nptl/pthread_create.c:442
#25 0x7f934f7269ff (/lib/x86_64-linux-gnu/libc.so.6+0x1269ff)
0x6110003d9b80 is located 72 bytes to the right of 248-byte region [0x6110003d9a40,0x6110003d9b38)
allocated by thread T0 here:
#0 0x7f93522b61c7 in operator new(unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:99
#1 0x5629fb97ce5c in Widelands::CritterDescr::create_object() const /home/markusgopfert/Git/widelands_debug/src/logic/map_objects/world/critter.cc:482
#2 0x5629fb97d249 in Widelands::Critter::load(Widelands::EditorGameBase&, Widelands::MapObjectLoader&, FileRead&) /home/markusgopfert/Git/widelands_debug/src/logic/map_objects/world/critter.cc:528
#3 0x5629fba4b0bf in Widelands::MapObjectPacket::read(FileSystem&, Widelands::EditorGameBase&, Widelands::MapObjectLoader&) /home/markusgopfert/Git/widelands_debug/src/map_io/map_object_packet.cc:70
#4 0x5629fae72606 in Widelands::WidelandsMapLoader::load_map_complete(Widelands::EditorGameBase&, Widelands::MapLoader::LoadType) /home/markusgopfert/Git/widelands_debug/src/map_io/widelands_map_loader.cc:254
#5 0x5629fbe0f464 in Widelands::GameMapPacket::read_complete(Widelands::Game&) /home/markusgopfert/Git/widelands_debug/src/game_io/game_map_packet.cc:53
#6 0x5629fbe0a0fc in Widelands::GameLoader::load_game(bool) /home/markusgopfert/Git/widelands_debug/src/game_io/game_loader.cc:130
#7 0x5629fad8e872 in Widelands::ReplayWriter::ReplayWriter(Widelands::Game&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/markusgopfert/Git/widelands_debug/src/logic/replay.cc:302
#8 0x5629face31d1 in Widelands::Game::run(Widelands::Game::StartGameType, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/markusgopfert/Git/widelands_debug/src/logic/game.cc:736
#9 0x5629fae965f0 in GameHost::run_callback() /home/markusgopfert/Git/widelands_debug/src/network/gamehost.cc:569
#10 0x5629fae943ff in operator() /home/markusgopfert/Git/widelands_debug/src/network/gamehost.cc:468
#11 0x5629faeb522b in __invoke_impl<void, GameHost::run()::<lambda()>&> /usr/include/c++/11/bits/invoke.h:61
#12 0x5629faeb4a83 in __invoke_r<void, GameHost::run()::<lambda()>&> /usr/include/c++/11/bits/invoke.h:111
#13 0x5629faeb452c in _M_invoke /usr/include/c++/11/bits/std_function.h:290
#14 0x5629faab0167 in std::function<void ()>::operator()() const /usr/include/c++/11/bits/std_function.h:590
#15 0x5629fb0d6d24 in FsMenu::LaunchMPG::clicked_ok() /home/markusgopfert/Git/widelands_debug/src/ui_fsmenu/launch_mpg.cc:243
#16 0x5629fb140d57 in operator() /home/markusgopfert/Git/widelands_debug/src/ui_fsmenu/menu.cc:146
#17 0x5629fb146117 in __invoke_impl<void, FsMenu::TwoColumnsFullNavigationMenu::TwoColumnsFullNavigationMenu(FsMenu::MenuCapsule&, const string&, double)::<lambda()>&> /usr/include/c++/11/bits/invoke.h:61
#18 0x5629fb145ac7 in __invoke_r<void, FsMenu::TwoColumnsFullNavigationMenu::TwoColumnsFullNavigationMenu(FsMenu::MenuCapsule&, const string&, double)::<lambda()>&> /usr/include/c++/11/bits/invoke.h:111
#19 0x5629fb145494 in _M_invoke /usr/include/c++/11/bits/std_function.h:290
#20 0x5629faab0167 in std::function<void ()>::operator()() const /usr/include/c++/11/bits/std_function.h:590
#21 0x5629faaabb17 in Notifications::Signal<>::operator()() const /home/markusgopfert/Git/widelands_debug/src/notifications/signal.h:62
#22 0x5629fb0035b6 in UI::Button::handle_mouserelease(unsigned char, int, int) /home/markusgopfert/Git/widelands_debug/src/ui_basic/button.cc:381
#23 0x5629fb04530b in UI::Panel::do_mouserelease(unsigned char, int, int) /home/markusgopfert/Git/widelands_debug/src/ui_basic/panel.cc:1331
#24 0x5629fb046c85 in UI::Panel::ui_mouserelease(unsigned char, int, int) /home/markusgopfert/Git/widelands_debug/src/ui_basic/panel.cc:1544
#25 0x5629fa8129e4 in WLApplication::handle_mousebutton(SDL_Event&, InputCallback const*) /home/markusgopfert/Git/widelands_debug/src/wlapplication.cc:1053
#26 0x5629fa811668 in WLApplication::handle_input(InputCallback const*) /home/markusgopfert/Git/widelands_debug/src/wlapplication.cc:960
#27 0x5629fb03bc10 in UI::Panel::do_run() /home/markusgopfert/Git/widelands_debug/src/ui_basic/panel.cc:383
#28 0x5629fb134fe3 in int UI::Panel::run<int>() /home/markusgopfert/Git/widelands_debug/src/ui_basic/panel.h:147
#29 0x5629fb116744 in FsMenu::MainMenu::main_loop() /home/markusgopfert/Git/widelands_debug/src/ui_fsmenu/main.cc:226
Thread T12 created by T0 here:
#0 0x7f9352258685 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:216
#1 0x7f934fadc388 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) (/lib/x86_64-linux-gnu/libstdc++.so.6+0xdc388)
#2 0x5629fa80370f in GameLogicThread /home/markusgopfert/Git/widelands_debug/src/wlapplication.cc:232
#3 0x5629fa80e288 in WLApplication::run() /home/markusgopfert/Git/widelands_debug/src/wlapplication.cc:776
#4 0x5629fa801deb in main /home/markusgopfert/Git/widelands_debug/src/main.cc:44
#5 0x7f934f629d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/markusgopfert/Git/widelands_debug/src/economy/ship_fleet.cc:469 in Widelands::ShipFleet::remove_ship(Widelands::EditorGameBase&, Widelands::Ship*)
Shadow bytes around the buggy address:
0x0c2280073320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2280073330: 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa fa
0x0c2280073340: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c2280073350: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2280073360: 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa fa
=>0x0c2280073370:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2280073380: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2280073390: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c22800733a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c22800733b0: 00 00 00 00 fa fa fa fa fa fa fa fa fa fa fa fa
0x0c22800733c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==32258==ABORTING
My widelands addons: https://drive.google.com/file/d/1jopANlODo41T2reHJ0zaCOMYxq_rxXP-/view?usp=sharing
Top
Quote
|
