0005223: global-buffer-overflow in rts/Rendering/Env/IWater.cpp:96

View Issue Details [ Jump to Notes ]

[ Issue History ] [ Print ]

Project

Category

View Status

Date Submitted

Last Update

0005223

Spring engine

General

public

2016-05-02 23:30

2016-05-02 23:58

Reporter

abma

Assigned To

abma

Priority

normal

Severity

crash

Reproducibility

always

Status

resolved

Resolution

fixed

Product Version

101.0+git

Target Version

102.0

Fixed in Version

Summary

0005223: global-buffer-overflow in rts/Rendering/Env/IWater.cpp:96

Description

[f=-000001] Connection attempt from UnnamedPlayer
[f=-000001] -> Version: 101.0.1-317-g7c2c25a develop (Debug)
[f=-000001] -> Connection established (given id 0)
[f=-000001] Player UnnamedPlayer finished loading and is now ingame
[f=0000343] Debug: /water
[f=0000344] Statistics for RectangleOptimizer: 0%
=================================================================
==21203==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00000213a465 at pc 0x000000b973dc bp 0x7ffee86e84b0 sp 0x7ffee86e84a0
READ of size 1 at 0x00000213a465 thread T0 (unknown)
    #0 0xb973db in IWater::GetWater(IWater*, int) rts/Rendering/Env/IWater.cpp:96
    #1 0xb96b63 in IWater::ApplyPushedChanges(CGame*) rts/Rendering/Env/IWater.cpp:49
    #2 0xe0ea08 in CWorldDrawer::Update(bool) rts/Rendering/WorldDrawer.cpp:150
    0000003 0x6283e8 in CGame::UpdateUnsynced(spring_time) rts/Game/Game.cpp:1062
    0000004 0x6293f0 in CGame::Draw() rts/Game/Game.cpp:1140
    0000005 0xf25008 in SpringApp::Update() rts/System/SpringApp.cpp:984
    #6 0xf25357 in SpringApp::Run() rts/System/SpringApp.cpp:1016
    #7 0xec361c in Run(int, char**) rts/System/Main.cpp:48
    #8 0xec42ef in main rts/System/Main.cpp:107
    #9 0x7f192f34582f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    0000010 0x5c3618 in _start (/mnt/tmp/home/dev/spring/develop/spring+0x5c3618)

0x00000213a465 is located 0 bytes to the right of global variable 'allowedModes' defined in 'rts/Rendering/Env/IWater.cpp:59:14' (0x213a460) of size 5
SUMMARY: AddressSanitizer: global-buffer-overflow rts/Rendering/Env/IWater.cpp:96 IWater::GetWater(IWater*, int)
Shadow bytes around the buggy address:
  0x00008041f430: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x00008041f440: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x00008041f450: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x00008041f460: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x00008041f470: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x00008041f480: 00 00 00 00 00 00 00 00 00 00 00 00[05]f9 f9 f9
  0x00008041f490: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
  0x00008041f4a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x00008041f4b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x00008041f4c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x00008041f4d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable: 00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone: fa
  Heap right redzone: fb
  Freed heap region: fd
  Stack left redzone: f1
  Stack mid redzone: f2
  Stack right redzone: f3
  Stack partial redzone: f4
  Stack after return: f5
  Stack use after scope: f8
  Global redzone: f9
  Global init order: f6
  Poisoned by user: f7
  Container overflow: fc
  Array cookie: ac
  Intra object redzone: bb
  ASan internal: fe
==21203==ABORTING

Steps To Reproduce

type /water until it crashes

Date Modified	Username	Field	Change
Issue History
2016-05-02 23:30	abma	New Issue
2016-05-02 23:44	abma	Relationship added	related to 0005168
2016-05-02 23:57	abma	Changeset attached	=> spring develop e579234e
2016-05-02 23:58	abma	Note Added: 0016246
2016-05-02 23:58	abma	Assigned To	=> abma
2016-05-02 23:58	abma	Status	new => resolved
2016-05-02 23:58	abma	Resolution	open => fixed