2024-04-18 10:56 CEST
  

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0004998Spring engineGeneralpublic2015-11-22 13:452016-01-14 01:44
Reporterabma 
Assigned Tohokomoko 
PrioritynormalSeveritycrashReproducibilityhave not tried
StatusresolvedResolutionfixed 
Product Version100.0+git 
Target Version101.0Fixed in Version 
Summary0004998: use after free in rts/Game/GameHelper.cpp:662
Descriptionhttp://buildbot.springrts.com/builders/validationtests/builds/4941/steps/validation%20test_4/logs/stdio
Additional InformationREAD of size 4 at 0x605203805a78 thread T0 (unknown)
0x60ccff
0x1366735
0x1366dfe
0x12bea88
/home/buildbot/zydox-fedora/build/build/validation/../../rts/Game/GameHelper.cpp:662
/home/buildbot/zydox-fedora/build/build/validation/../../rts/Sim/Weapons/Weapon.cpp:640 (discriminator 3)
/home/buildbot/zydox-fedora/build/build/validation/../../rts/Sim/Weapons/Weapon.cpp:715
/home/buildbot/zydox-fedora/build/build/validation/../../rts/Sim/Units/Unit.cpp:1168
0x1313735
/home/buildbot/zydox-fedora/build/build/validation/../../rts/Sim/Units/UnitHandler.cpp:265
0x5ec144
/home/buildbot/zydox-fedora/build/build/validation/../../rts/Game/Game.cpp:1560
0x858be9
/home/buildbot/zydox-fedora/build/build/validation/../../rts/Net/NetCommands.cpp:506
0x600ddd
/home/buildbot/zydox-fedora/build/build/validation/../../rts/Game/Game.cpp:1005
0xddb62b
/home/buildbot/zydox-fedora/build/build/validation/../../rts/System/SpringApp.cpp:952
0xde59c7
/home/buildbot/zydox-fedora/build/build/validation/../../rts/System/SpringApp.cpp:988
0xd75c84
/home/buildbot/zydox-fedora/build/build/validation/../../rts/System/Main.cpp:48
0x57c393
??:?

freed by thread T0 (unknown) here:
0x131286d
/home/buildbot/zydox-fedora/build/build/validation/../../rts/Sim/Units/UnitHandler.cpp:155
0x1312d85
/home/buildbot/zydox-fedora/build/build/validation/../../rts/Sim/Units/UnitHandler.cpp:193
0x5ec144
/home/buildbot/zydox-fedora/build/build/validation/../../rts/Game/Game.cpp:1560
0x858be9
/home/buildbot/zydox-fedora/build/build/validation/../../rts/Net/NetCommands.cpp:506
0x600ddd
/home/buildbot/zydox-fedora/build/build/validation/../../rts/Game/Game.cpp:1005
0xddb62b
/home/buildbot/zydox-fedora/build/build/validation/../../rts/System/SpringApp.cpp:952
0xde59c7
/home/buildbot/zydox-fedora/build/build/validation/../../rts/System/SpringApp.cpp:988
0xd75c84
/home/buildbot/zydox-fedora/build/build/validation/../../rts/System/Main.cpp:48


previously allocated by thread T0 (unknown) here:
0x131c988
/home/buildbot/zydox-fedora/build/build/validation/../../rts/Sim/Units/UnitLoader.cpp:78
0x13233e0
/home/buildbot/zydox-fedora/build/build/validation/../../rts/Sim/Units/UnitTypes/Builder.cpp:698
0x122a5fb
#/home/buildbot/zydox-fedora/build/build/validation/../../rts/Sim/Units/CommandAI/BuilderCAI.cpp:636
TagsNo tags attached.
Checked infolog.txt for Errors
Attached Files

-Relationships
+Relationships

-Notes

~0015339

abma (administrator)

2015-11-22 14:23

 https://springrts.com/dl/buildbot/validation/develop/100.0.1-337-gc51dbda/validation/%5bvalidation%5d%7bdevelop%7d100.0.1-337-gc51dbda2015-11-22_06-37-24-dbg.7z

~0015340

abma (administrator)

2015-11-22 14:48

 can't reproduce with demo :-|

~0015341

Kloot (developer)

2015-11-22 14:54

Last edited: 2015-11-22 15:04

View 2 revisions

 There is no use-after-free possible here afaics, unless quadfield contains stale pointers.

~0015342

abma (administrator)

2015-11-22 15:20

 for the reference:
https://github.com/spring/spring/blob/100.0.1-337-gc51dbda/rts/Game/GameHelper.cpp#L662

~0015343

abma (administrator)

2015-11-22 15:20

 i guess more info is needed to be useful, i'll leave this open for a while, maybe it can be somehow reproduced.

~0015366

abma (administrator)

2015-12-08 11:54

Last edited: 2015-12-08 11:56

View 3 revisions

 seems to still happen:

http://buildbot.springrts.com/builders/validationtests/builds/4961/steps/validation%20test_4/logs/stdio

https://github.com/spring/spring/blob/f7915581746b941cd319c0e5b63c0799c2c1face/rts/Game/GameHelper.cpp#L665

https://springrts.com/dl/buildbot/validation/develop/100.0.1-444-gf791558/validation/%5bvalidation%5d%7bdevelop%7d100.0.1-444-gf7915582015-12-08_11-29-43-dbg.7z



damn, demo files are 0 bytes! :-|

~0015442

abma (administrator)

2016-01-04 09:59

 last time this error happened was here:

http://buildbot.springrts.com/builders/validationtests/builds/5007/steps/validation%20test_6/logs/stdio

sadly without any new info :-|

i've updated to gcc 5.2.1 on the buildslave, let's see what happens.

~0015509

hokomoko (developer)

2016-01-14 01:05

 I suspect the issue was that when a unit was given to another team, it was only removed from the quadfield after its allyteam was changed, so it tried to remove itself from the wrong vector.

Fixed in https://github.com/spring/spring/commit/ec7b78616b20a8052186d77e203d33a0406d0ea4
+Notes

-Issue History
Date Modified Username Field Change
2015-11-22 13:45 abma New Issue
2015-11-22 14:23 abma Note Added: 0015339
2015-11-22 14:48 abma Note Added: 0015340
2015-11-22 14:49 Kloot Assigned To => Kloot
2015-11-22 14:49 Kloot Status new => assigned
2015-11-22 14:52 Kloot Assigned To Kloot =>
2015-11-22 14:54 Kloot Note Added: 0015341
2015-11-22 15:04 Kloot Note Edited: 0015341 View Revisions
2015-11-22 15:20 abma Note Added: 0015342
2015-11-22 15:20 abma Note Added: 0015343
2015-11-22 15:20 abma Status assigned => feedback
2015-12-08 11:54 abma Note Added: 0015366
2015-12-08 11:54 abma Status feedback => new
2015-12-08 11:55 abma Note Edited: 0015366 View Revisions
2015-12-08 11:56 abma Note Edited: 0015366 View Revisions
2016-01-04 09:59 abma Note Added: 0015442
2016-01-14 01:02 hokomoko Changeset attached => spring develop ec7b7861
2016-01-14 01:05 hokomoko Note Added: 0015509
2016-01-14 01:44 hokomoko Status new => resolved
2016-01-14 01:44 hokomoko Resolution open => fixed
2016-01-14 01:44 hokomoko Assigned To => hokomoko
+Issue History