2019-08-24 22:24 CEST

View Issue Details Jump to Notes ] Related Changesets ]
IDProjectCategoryView StatusLast Update
0005031Spring engineGeneralpublic2016-01-13 01:24
Reporterabma 
Assigned Tohokomoko 
PrioritynormalSeveritycrashReproducibilityalways
StatusresolvedResolutionfixed 
Product Version100.0+git 
Target Version101.0Fixed in Version 
Summary0005031: crash at exit in rts/Rendering/Env/Decals/GroundDecalHandler.cpp:114
Descriptionimo was recently introduced
Additional Information==20686==ERROR: AddressSanitizer: heap-use-after-free on address 0x604000f4e850 at pc 0x000000bec8d8 bp 0x7ffd8e71f610 sp 0x7ffd8e71f600
WRITE of size 8 at 0x604000f4e850 thread T0 (unknown)
    0 0xbec8d7 in CGroundDecalHandler::~CGroundDecalHandler() rts/Rendering/Env/Decals/GroundDecalHandler.cpp:114
    1 0xbece63 in CGroundDecalHandler::~CGroundDecalHandler() rts/Rendering/Env/Decals/GroundDecalHandler.cpp:134
    2 0xb838a0 in void SafeDelete<IGroundDecalDrawer*>(IGroundDecalDrawer*&) rts/System/Util.h:227
    3 0xb83201 in IGroundDecalDrawer::FreeInstance() rts/Rendering/Env/IGroundDecalDrawer.cpp:50
    4 0xd94583 in CWorldDrawer::~CWorldDrawer() rts/Rendering/WorldDrawer.cpp:85
    5 0x649b08 in void SafeDelete<CWorldDrawer*>(CWorldDrawer*&) rts/System/Util.h:227
    6 0x633825 in CGame::KillRendering() rts/Game/Game.cpp:769
    7 0x62dd7d in CGame::~CGame() rts/Game/Game.cpp:328
    8 0x62de7b in CGame::~CGame() rts/Game/Game.cpp:342
    9 0x649504 in void SafeDelete<IArchiveFactory*>(IArchiveFactory*&) rts/System/Util.h:227
    10 0xeaca58 in SpringApp::ShutDown() rts/System/SpringApp.cpp:1034
    11 0xeac0f2 in SpringApp::Run() rts/System/SpringApp.cpp:1003
    12 0xe49dee in Run(int, char**) rts/System/Main.cpp:48
    13 0xe4aac1 in main rts/System/Main.cpp:107
    14 0x7f60e4e11a3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f)
    15 0x5d5aa8 in _start (/usr/local/bin/spring+0x5d5aa8)

0x604000f4e850 is located 0 bytes inside of 48-byte region [0x604000f4e850,0x604000f4e880)
freed by thread T0 (unknown) here:
    0 0x7f60e902aeaa in operator delete(void*) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99eaa)
    1 0xd75215 in CUnitDrawer::~CUnitDrawer() rts/Rendering/UnitDrawer.cpp:261
    2 0xd75569 in CUnitDrawer::~CUnitDrawer() rts/Rendering/UnitDrawer.cpp:284
    3 0x64a12f in void SafeDelete<SharedLib*>(SharedLib*&) rts/System/Util.h:227
    4 0xd944b9 in CWorldDrawer::~CWorldDrawer() rts/Rendering/WorldDrawer.cpp:72
    5 0x649b08 in void SafeDelete<CWorldDrawer*>(CWorldDrawer*&) rts/System/Util.h:227
    6 0x633825 in CGame::KillRendering() rts/Game/Game.cpp:769
    7 0x62dd7d in CGame::~CGame() rts/Game/Game.cpp:328
    8 0x62de7b in CGame::~CGame() rts/Game/Game.cpp:342
    9 0x649504 in void SafeDelete<IArchiveFactory*>(IArchiveFactory*&) rts/System/Util.h:227
    10 0xeaca58 in SpringApp::ShutDown() rts/System/SpringApp.cpp:1034
    11 0xeac0f2 in SpringApp::Run() rts/System/SpringApp.cpp:1003
    12 0xe49dee in Run(int, char**) rts/System/Main.cpp:48
    13 0xe4aac1 in main rts/System/Main.cpp:107
    14 0x7f60e4e11a3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f)

previously allocated by thread T0 (unknown) here:
    0 0x7f60e902a8b2 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x998b2)
    1 0xd7e8bb in CUnitDrawer::RenderUnitDestroyed(CUnit const*) rts/Rendering/UnitDrawer.cpp:1729
    2 0x16f3d8e in CEventHandler::RenderUnitDestroyed(CUnit const*) rts/System/EventHandler.h:658
    3 0x16f0dc6 in CUnitHandler::DeleteUnitNow(CUnit*) rts/Sim/Units/UnitHandler.cpp:148
    4 0x16f0cfe in CUnitHandler::DeleteUnitsNow() rts/Sim/Units/UnitHandler.cpp:139
    5 0x16f1820 in CUnitHandler::Update() rts/Sim/Units/UnitHandler.cpp:203
    6 0x63aecd in CGame::SimFrame() rts/Game/Game.cpp:1475
    7 0x8b0629 in CGame::ClientReadNet() rts/Net/NetCommands.cpp:507
    8 0x63499c in CGame::Update() rts/Game/Game.cpp:957
    9 0xeabcdf in SpringApp::Update() rts/System/SpringApp.cpp:960
    10 0xeac0d9 in SpringApp::Run() rts/System/SpringApp.cpp:996
    11 0xe49dee in Run(int, char**) rts/System/Main.cpp:48
    12 0xe4aac1 in main rts/System/Main.cpp:107
    13 0x7f60e4e11a3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f)

SUMMARY: AddressSanitizer: heap-use-after-free rts/Rendering/Env/Decals/GroundDecalHandler.cpp:114 CGroundDecalHandler::~CGroundDecalHandler()
Shadow bytes around the buggy address:
  0x0c08801e1cb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c08801e1cc0: fa fa fa fa fa fa fa fa fa fa fd fd fd fd fd fd
  0x0c08801e1cd0: fa fa fa fa fa fa fa fa fa fa fd fd fd fd fd fd
  0x0c08801e1ce0: fa fa fd fd fd fd fd fd fa fa fa fa fa fa fa fa
  0x0c08801e1cf0: fa fa fa fa fa fa fa fa fa fa fd fd fd fd fd fd
=>0x0c08801e1d00: fa fa fd fd fd fd fd fa fa fa[fd]fd fd fd fd fd
  0x0c08801e1d10: fa fa fd fd fd fd fd fd fa fa fa fa fa fa fa fa
  0x0c08801e1d20: fa fa fa fa fa fa fa fa fa fa fd fd fd fd fd fd
  0x0c08801e1d30: fa fa fd fd fd fd fd fd fa fa fa fa fa fa fa fa
  0x0c08801e1d40: fa fa fa fa fa fa fa fa fa fa fd fd fd fd fd fd
  0x0c08801e1d50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable: 00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone: fa
  Heap right redzone: fb
  Freed heap region: fd
  Stack left redzone: f1
  Stack mid redzone: f2
  Stack right redzone: f3
  Stack partial redzone: f4
  Stack after return: f5
  Stack use after scope: f8
  Global redzone: f9
  Global init order: f6
  Poisoned by user: f7
  Container overflow: fc
  Array cookie: ac
  Intra object redzone: bb
  ASan internal: fe
==20686==ABORTING
TagsNo tags attached.
Checked infolog.txt for lua Errors
Attached Files

-Relationships
+Relationships

-Notes

~0015500

Kloot (developer)

think I see the issue, will fix

~0015501

hokomoko (developer)

Fix 9075c9418eca4d8aca06da005e6f57a5f5109c5f committed to develop branch: Fix 0005031, repo: spring changeset id: 6231
+Notes

+Related Changesets

-Issue History
Date Modified Username Field Change
2016-01-13 00:45 abma New Issue
2016-01-13 00:45 abma File Added: infolog.txt
2016-01-13 00:46 abma Additional Information Updated View Revisions
2016-01-13 00:47 abma Product Version 101.0 => 100.0+git
2016-01-13 01:18 Kloot Note Added: 0015500
2016-01-13 01:24 hokomoko Changeset attached => spring develop 9075c941
2016-01-13 01:24 hokomoko Note Added: 0015501
2016-01-13 01:24 hokomoko Assigned To => hokomoko
2016-01-13 01:24 hokomoko Status new => resolved
2016-01-13 01:24 hokomoko Resolution open => fixed
+Issue History