View Revisions: Issue #5031
[ Back to Issue ]
| Summary | 0005031: crash at exit in rts/Rendering/Env/Decals/GroundDecalHandler.cpp:114 | ||
|---|---|---|---|
| Revision | 2016-01-13 00:45 by abma | ||
| Additional Information | ==20686==ERROR: AddressSanitizer: heap-use-after-free on address 0x604000f4e850 at pc 0x000000bec8d8 bp 0x7ffd8e71f610 sp 0x7ffd8e71f600 WRITE of size 8 at 0x604000f4e850 thread T0 (unknown) #0 0xbec8d7 in CGroundDecalHandler::~CGroundDecalHandler() rts/Rendering/Env/Decals/GroundDecalHandler.cpp:114 #1 0xbece63 in CGroundDecalHandler::~CGroundDecalHandler() rts/Rendering/Env/Decals/GroundDecalHandler.cpp:134 #2 0xb838a0 in void SafeDelete<IGroundDecalDrawer*>(IGroundDecalDrawer*&) rts/System/Util.h:227 0000003 0xb83201 in IGroundDecalDrawer::FreeInstance() rts/Rendering/Env/IGroundDecalDrawer.cpp:50 0000004 0xd94583 in CWorldDrawer::~CWorldDrawer() rts/Rendering/WorldDrawer.cpp:85 0000005 0x649b08 in void SafeDelete<CWorldDrawer*>(CWorldDrawer*&) rts/System/Util.h:227 #6 0x633825 in CGame::KillRendering() rts/Game/Game.cpp:769 #7 0x62dd7d in CGame::~CGame() rts/Game/Game.cpp:328 #8 0x62de7b in CGame::~CGame() rts/Game/Game.cpp:342 #9 0x649504 in void SafeDelete<IArchiveFactory*>(IArchiveFactory*&) rts/System/Util.h:227 0000010 0xeaca58 in SpringApp::ShutDown() rts/System/SpringApp.cpp:1034 #11 0xeac0f2 in SpringApp::Run() rts/System/SpringApp.cpp:1003 0000012 0xe49dee in Run(int, char**) rts/System/Main.cpp:48 0000013 0xe4aac1 in main rts/System/Main.cpp:107 0000014 0x7f60e4e11a3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f) #15 0x5d5aa8 in _start (/usr/local/bin/spring+0x5d5aa8) 0x604000f4e850 is located 0 bytes inside of 48-byte region [0x604000f4e850,0x604000f4e880) freed by thread T0 (unknown) here: #0 0x7f60e902aeaa in operator delete(void*) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99eaa) #1 0xd75215 in CUnitDrawer::~CUnitDrawer() rts/Rendering/UnitDrawer.cpp:261 #2 0xd75569 in CUnitDrawer::~CUnitDrawer() rts/Rendering/UnitDrawer.cpp:284 0000003 0x64a12f in void SafeDelete<SharedLib*>(SharedLib*&) rts/System/Util.h:227 0000004 0xd944b9 in CWorldDrawer::~CWorldDrawer() rts/Rendering/WorldDrawer.cpp:72 0000005 0x649b08 in void SafeDelete<CWorldDrawer*>(CWorldDrawer*&) rts/System/Util.h:227 #6 0x633825 in CGame::KillRendering() rts/Game/Game.cpp:769 #7 0x62dd7d in CGame::~CGame() rts/Game/Game.cpp:328 #8 0x62de7b in CGame::~CGame() rts/Game/Game.cpp:342 #9 0x649504 in void SafeDelete<IArchiveFactory*>(IArchiveFactory*&) rts/System/Util.h:227 0000010 0xeaca58 in SpringApp::ShutDown() rts/System/SpringApp.cpp:1034 #11 0xeac0f2 in SpringApp::Run() rts/System/SpringApp.cpp:1003 0000012 0xe49dee in Run(int, char**) rts/System/Main.cpp:48 0000013 0xe4aac1 in main rts/System/Main.cpp:107 0000014 0x7f60e4e11a3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f) previously allocated by thread T0 (unknown) here: #0 0x7f60e902a8b2 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x998b2) #1 0xd7e8bb in CUnitDrawer::RenderUnitDestroyed(CUnit const*) rts/Rendering/UnitDrawer.cpp:1729 #2 0x16f3d8e in CEventHandler::RenderUnitDestroyed(CUnit const*) rts/System/EventHandler.h:658 0000003 0x16f0dc6 in CUnitHandler::DeleteUnitNow(CUnit*) rts/Sim/Units/UnitHandler.cpp:148 0000004 0x16f0cfe in CUnitHandler::DeleteUnitsNow() rts/Sim/Units/UnitHandler.cpp:139 0000005 0x16f1820 in CUnitHandler::Update() rts/Sim/Units/UnitHandler.cpp:203 #6 0x63aecd in CGame::SimFrame() rts/Game/Game.cpp:1475 #7 0x8b0629 in CGame::ClientReadNet() rts/Net/NetCommands.cpp:507 #8 0x63499c in CGame::Update() rts/Game/Game.cpp:957 #9 0xeabcdf in SpringApp::Update() rts/System/SpringApp.cpp:960 0000010 0xeac0d9 in SpringApp::Run() rts/System/SpringApp.cpp:996 #11 0xe49dee in Run(int, char**) rts/System/Main.cpp:48 0000012 0xe4aac1 in main rts/System/Main.cpp:107 0000013 0x7f60e4e11a3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f) SUMMARY: AddressSanitizer: heap-use-after-free rts/Rendering/Env/Decals/GroundDecalHandler.cpp:114 CGroundDecalHandler::~CGroundDecalHandler() Shadow bytes around the buggy address: 0x0c08801e1cb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c08801e1cc0: fa fa fa fa fa fa fa fa fa fa fd fd fd fd fd fd 0x0c08801e1cd0: fa fa fa fa fa fa fa fa fa fa fd fd fd fd fd fd 0x0c08801e1ce0: fa fa fd fd fd fd fd fd fa fa fa fa fa fa fa fa 0x0c08801e1cf0: fa fa fa fa fa fa fa fa fa fa fd fd fd fd fd fd =>0x0c08801e1d00: fa fa fd fd fd fd fd fa fa fa[fd]fd fd fd fd fd 0x0c08801e1d10: fa fa fd fd fd fd fd fd fa fa fa fa fa fa fa fa 0x0c08801e1d20: fa fa fa fa fa fa fa fa fa fa fd fd fd fd fd fd 0x0c08801e1d30: fa fa fd fd fd fd fd fd fa fa fa fa fa fa fa fa 0x0c08801e1d40: fa fa fa fa fa fa fa fa fa fa fd fd fd fd fd fd 0x0c08801e1d50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe ==20686==ABORTING |
||
| Revision | 2016-01-13 00:46 by abma | ||
| Additional Information | ==20686==ERROR: AddressSanitizer: heap-use-after-free on address 0x604000f4e850 at pc 0x000000bec8d8 bp 0x7ffd8e71f610 sp 0x7ffd8e71f600 WRITE of size 8 at 0x604000f4e850 thread T0 (unknown) 0 0xbec8d7 in CGroundDecalHandler::~CGroundDecalHandler() rts/Rendering/Env/Decals/GroundDecalHandler.cpp:114 1 0xbece63 in CGroundDecalHandler::~CGroundDecalHandler() rts/Rendering/Env/Decals/GroundDecalHandler.cpp:134 2 0xb838a0 in void SafeDelete<IGroundDecalDrawer*>(IGroundDecalDrawer*&) rts/System/Util.h:227 3 0xb83201 in IGroundDecalDrawer::FreeInstance() rts/Rendering/Env/IGroundDecalDrawer.cpp:50 4 0xd94583 in CWorldDrawer::~CWorldDrawer() rts/Rendering/WorldDrawer.cpp:85 5 0x649b08 in void SafeDelete<CWorldDrawer*>(CWorldDrawer*&) rts/System/Util.h:227 6 0x633825 in CGame::KillRendering() rts/Game/Game.cpp:769 7 0x62dd7d in CGame::~CGame() rts/Game/Game.cpp:328 8 0x62de7b in CGame::~CGame() rts/Game/Game.cpp:342 9 0x649504 in void SafeDelete<IArchiveFactory*>(IArchiveFactory*&) rts/System/Util.h:227 10 0xeaca58 in SpringApp::ShutDown() rts/System/SpringApp.cpp:1034 11 0xeac0f2 in SpringApp::Run() rts/System/SpringApp.cpp:1003 12 0xe49dee in Run(int, char**) rts/System/Main.cpp:48 13 0xe4aac1 in main rts/System/Main.cpp:107 14 0x7f60e4e11a3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f) 15 0x5d5aa8 in _start (/usr/local/bin/spring+0x5d5aa8) 0x604000f4e850 is located 0 bytes inside of 48-byte region [0x604000f4e850,0x604000f4e880) freed by thread T0 (unknown) here: 0 0x7f60e902aeaa in operator delete(void*) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99eaa) 1 0xd75215 in CUnitDrawer::~CUnitDrawer() rts/Rendering/UnitDrawer.cpp:261 2 0xd75569 in CUnitDrawer::~CUnitDrawer() rts/Rendering/UnitDrawer.cpp:284 3 0x64a12f in void SafeDelete<SharedLib*>(SharedLib*&) rts/System/Util.h:227 4 0xd944b9 in CWorldDrawer::~CWorldDrawer() rts/Rendering/WorldDrawer.cpp:72 5 0x649b08 in void SafeDelete<CWorldDrawer*>(CWorldDrawer*&) rts/System/Util.h:227 6 0x633825 in CGame::KillRendering() rts/Game/Game.cpp:769 7 0x62dd7d in CGame::~CGame() rts/Game/Game.cpp:328 8 0x62de7b in CGame::~CGame() rts/Game/Game.cpp:342 9 0x649504 in void SafeDelete<IArchiveFactory*>(IArchiveFactory*&) rts/System/Util.h:227 10 0xeaca58 in SpringApp::ShutDown() rts/System/SpringApp.cpp:1034 11 0xeac0f2 in SpringApp::Run() rts/System/SpringApp.cpp:1003 12 0xe49dee in Run(int, char**) rts/System/Main.cpp:48 13 0xe4aac1 in main rts/System/Main.cpp:107 14 0x7f60e4e11a3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f) previously allocated by thread T0 (unknown) here: 0 0x7f60e902a8b2 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x998b2) 1 0xd7e8bb in CUnitDrawer::RenderUnitDestroyed(CUnit const*) rts/Rendering/UnitDrawer.cpp:1729 2 0x16f3d8e in CEventHandler::RenderUnitDestroyed(CUnit const*) rts/System/EventHandler.h:658 3 0x16f0dc6 in CUnitHandler::DeleteUnitNow(CUnit*) rts/Sim/Units/UnitHandler.cpp:148 4 0x16f0cfe in CUnitHandler::DeleteUnitsNow() rts/Sim/Units/UnitHandler.cpp:139 5 0x16f1820 in CUnitHandler::Update() rts/Sim/Units/UnitHandler.cpp:203 6 0x63aecd in CGame::SimFrame() rts/Game/Game.cpp:1475 7 0x8b0629 in CGame::ClientReadNet() rts/Net/NetCommands.cpp:507 8 0x63499c in CGame::Update() rts/Game/Game.cpp:957 9 0xeabcdf in SpringApp::Update() rts/System/SpringApp.cpp:960 10 0xeac0d9 in SpringApp::Run() rts/System/SpringApp.cpp:996 11 0xe49dee in Run(int, char**) rts/System/Main.cpp:48 12 0xe4aac1 in main rts/System/Main.cpp:107 13 0x7f60e4e11a3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f) SUMMARY: AddressSanitizer: heap-use-after-free rts/Rendering/Env/Decals/GroundDecalHandler.cpp:114 CGroundDecalHandler::~CGroundDecalHandler() Shadow bytes around the buggy address: 0x0c08801e1cb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c08801e1cc0: fa fa fa fa fa fa fa fa fa fa fd fd fd fd fd fd 0x0c08801e1cd0: fa fa fa fa fa fa fa fa fa fa fd fd fd fd fd fd 0x0c08801e1ce0: fa fa fd fd fd fd fd fd fa fa fa fa fa fa fa fa 0x0c08801e1cf0: fa fa fa fa fa fa fa fa fa fa fd fd fd fd fd fd =>0x0c08801e1d00: fa fa fd fd fd fd fd fa fa fa[fd]fd fd fd fd fd 0x0c08801e1d10: fa fa fd fd fd fd fd fd fa fa fa fa fa fa fa fa 0x0c08801e1d20: fa fa fa fa fa fa fa fa fa fa fd fd fd fd fd fd 0x0c08801e1d30: fa fa fd fd fd fd fd fd fa fa fa fa fa fa fa fa 0x0c08801e1d40: fa fa fa fa fa fa fa fa fa fa fd fd fd fd fd fd 0x0c08801e1d50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe ==20686==ABORTING |
||