| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
|---|---|---|---|---|---|---|---|---|---|
| 0005152 | Spring engine | General | public | 2016-03-08 00:17 | 2016-03-08 00:25 | ||||
| Reporter | abma | ||||||||
| Assigned To | hokomoko | ||||||||
| Priority | normal | Severity | minor | Reproducibility | have not tried | ||||
| Status | resolved | Resolution | fixed | ||||||
| Product Version | 101.0+git | ||||||||
| Target Version | 102.0 | Fixed in Version | |||||||
| Summary | 0005152: AddressSanitizer: heap-use-after-free rts/Game/LoadScreen.cpp:377 when loading a game | ||||||||
| Description | to reproduce enable UseCREGSaveLoad = 1 /save game and start the game. Spring 101.0.1-67-gf2edf4c develop | ||||||||
| Additional Information | ================================================================= ==11072==ERROR: AddressSanitizer: heap-use-after-free on address 0x6120000652c0 at pc 0x00000059dd95 bp 0x7ffd83d35840 sp 0x7ffd83d35830 READ of size 8 at 0x6120000652c0 thread T0 (unknown) #0 0x59dd94 in CLoadScreen::SetLoadMessage(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, bool) rts/Game/LoadScreen.cpp:377 #1 0x54f401 in CGame::LoadGame(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, bool) rts/Game/Game.cpp:402 #2 0x5a0a82 in CLoadScreen::Init() rts/Game/LoadScreen.cpp:131 0000003 0x5a1daf in CLoadScreen::CreateInstance(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, ILoadSaveHandler*) rts/Game/LoadScreen.cpp:197 0000004 0x5bdf2f in CPreGame::UpdateClientNet() rts/Game/PreGame.cpp:340 0000005 0x5bfa25 in CPreGame::Update() rts/Game/PreGame.cpp:172 #6 0xdad76e in SpringApp::Update() rts/System/SpringApp.cpp:967 #7 0xdb83bf in SpringApp::Run() rts/System/SpringApp.cpp:1003 #8 0xd4ded6 in Run(int, char**) rts/System/Main.cpp:48 #9 0x4a6aff in main rts/System/Main.cpp:107 0000010 0x7fa1800779ff in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x209ff) #11 0x4e3d38 in _start (/usr/local/bin/spring+0x4e3d38) 0x6120000652c0 is located 0 bytes inside of 304-byte region [0x6120000652c0,0x6120000653f0) freed by thread T0 (unknown) here: #0 0x7fa184280a0a in operator delete(void*) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99a0a) #1 0x59d7bd in CLoadScreen::DeleteInstance() rts/Game/LoadScreen.cpp:207 #2 0x59d7bd in CLoadScreen::Update() rts/Game/LoadScreen.cpp:250 previously allocated by thread T0 (unknown) here: #0 0x7fa184280412 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99412) #1 0x5a1d8c in CLoadScreen::CreateInstance(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, ILoadSaveHandler*) rts/Game/LoadScreen.cpp:194 #2 0x1f (<unknown module>) SUMMARY: AddressSanitizer: heap-use-after-free rts/Game/LoadScreen.cpp:377 CLoadScreen::SetLoadMessage(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, bool) Shadow bytes around the buggy address: 0x0c2480004a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c2480004a10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 fa 0x0c2480004a20: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 0x0c2480004a30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c2480004a40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 fa =>0x0c2480004a50: fa fa fa fa fa fa fa fa[fd]fd fd fd fd fd fd fd 0x0c2480004a60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2480004a70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa 0x0c2480004a80: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 0x0c2480004a90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c2480004aa0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe ==11072==ABORTING | ||||||||
| Tags | No tags attached. | ||||||||
| Checked infolog.txt for Errors | |||||||||
| Attached Files |
| ||||||||
 Relationships |
|
 Relationships |
| Notes |
|
|
hokomoko (developer) 2016-03-08 00:25 |
Fix 968aba7d312c389be40e28ced2edecc882c29d2f committed to develop branch: Should fix 0005152, repo: spring changeset id: 6785 |
| Notes |
| Issue History |
|||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2016-03-08 00:17 | abma | New Issue | |
| 2016-03-08 00:24 | abma | File Added: infolog.txt | |
| 2016-03-08 00:25 | hokomoko | Changeset attached | => spring develop 968aba7d |
| 2016-03-08 00:25 | hokomoko | Note Added: 0016017 | |
| 2016-03-08 00:25 | hokomoko | Assigned To | => hokomoko |
| 2016-03-08 00:25 | hokomoko | Status | new => resolved |
| 2016-03-08 00:25 | hokomoko | Resolution | open => fixed |
| Issue History |