| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
|---|---|---|---|---|---|---|---|---|---|
| 0005342 | Spring engine | General | public | 2016-09-08 01:29 | 2016-09-08 01:38 | ||||
| Reporter | abma | ||||||||
| Assigned To | abma | ||||||||
| Priority | normal | Severity | minor | Reproducibility | have not tried | ||||
| Status | resolved | Resolution | fixed | ||||||
| Product Version | 103.0 +git | ||||||||
| Target Version | 104.0 | Fixed in Version | |||||||
| Summary | 0005342: buffer overflow in rts/Rendering/Textures/ColorMap.cpp:84 | ||||||||
| Description | ... | ||||||||
| Additional Information | ==12075==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000002484c08 at pc 0x000000de8d83 bp 0x7fffba5d0af0 sp 0x7fffba5d0ae0 READ of size 8 at 0x000002484c08 thread T0 (unknown) #0 0xde8d82 in CColorMap::LoadFromBitmapFile(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) rts/Rendering/Textures/ColorMap.cpp:84 #1 0xde9124 in CColorMap::LoadFromDefString(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) rts/Rendering/Textures/ColorMap.cpp:115 #2 0x17a9d41 in WeaponDef::WeaponDef(LuaTable const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int) rts/Sim/Weapons/WeaponDef.cpp:492 0000003 0x17cfae1 in void __gnu_cxx::new_allocator<WeaponDef>::construct<WeaponDef, LuaTable const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int&>(WeaponDef*, LuaTable const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int&) /usr/include/c++/5/ext/new_allocator.h:120 0000004 0x17cf560 in void std::allocator_traits<std::allocator<WeaponDef> >::construct<WeaponDef, LuaTable const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int&>(std::allocator<WeaponDef>&, WeaponDef*, LuaTable const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int&) /usr/include/c++/5/bits/alloc_traits.h:530 0000005 0x17cf1b0 in void std::vector<WeaponDef, std::allocator<WeaponDef> >::emplace_back<LuaTable const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int&>(LuaTable const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int&) /usr/include/c++/5/bits/vector.tcc:96 #6 0x17ce59e in CWeaponDefHandler::CWeaponDefHandler(LuaParser*) rts/Sim/Weapons/WeaponDefHandler.cpp:35 #7 0x61f143 in CGame::PostLoadSimulation() rts/Game/Game.cpp:499 #8 0x61cc65 in CGame::LoadGame(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, bool) rts/Game/Game.cpp:386 #9 0x69b4a5 in CLoadScreen::Init() rts/Game/LoadScreen.cpp:133 0000010 0x69c016 in CLoadScreen::CreateInstance(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, ILoadSaveHandler*) rts/Game/LoadScreen.cpp:194 #11 0x6b8ddc in CPreGame::UpdateClientNet() rts/Game/PreGame.cpp:345 0000012 0x6b74b2 in CPreGame::Update() rts/Game/PreGame.cpp:172 0000013 0xf53314 in SpringApp::Update() rts/System/SpringApp.cpp:912 0000014 0xf5378f in SpringApp::Run() rts/System/SpringApp.cpp:950 #15 0xef1d6c in Run(int, char**) rts/System/Main.cpp:48 #16 0xef2a41 in main rts/System/Main.cpp:107 #17 0x7fd658c5382f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #18 0x5c0178 in _start (/usr/local/bin/spring+0x5c0178) 0x000002484c08 is located 24 bytes to the right of global variable 'colorMapsMap' defined in 'rts/Rendering/Textures/ColorMap.cpp:13:35' (0x2484bc0) of size 48 0x000002484c08 is located 24 bytes to the left of global variable 'creg_hasVTable' defined in 'rts/Rendering/Textures/ColorMap.cpp:15:6' (0x2484c20) of size 1 'creg_hasVTable' is ascii string '' SUMMARY: AddressSanitizer: global-buffer-overflow rts/Rendering/Textures/ColorMap.cpp:84 CColorMap::LoadFromBitmapFile(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) Shadow bytes around the buggy address: 0x000080488930: 00 04 f9 f9 f9 f9 f9 f9 00 04 f9 f9 f9 f9 f9 f9 0x000080488940: 00 04 f9 f9 f9 f9 f9 f9 00 04 f9 f9 f9 f9 f9 f9 0x000080488950: 00 04 f9 f9 f9 f9 f9 f9 00 04 f9 f9 f9 f9 f9 f9 0x000080488960: 00 04 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 0x000080488970: 00 00 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 f9 f9 =>0x000080488980: f9[f9]f9 f9 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 0x000080488990: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0000804889a0: 00 00 00 00 00 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 0x0000804889b0: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 0x0000804889c0: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 0x0000804889d0: f9 f9 f9 f9 00 04 f9 f9 f9 f9 f9 f9 00 04 f9 f9 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe ==12075==ABORTING | ||||||||
| Tags | No tags attached. | ||||||||
| Checked infolog.txt for Errors | |||||||||
| Attached Files |
| ||||||||
 Relationships |
|
 Relationships |
| Notes |
|
|
abma (administrator) 2016-09-08 01:30 |
i got this when trying to reproduce JAL's crash. |
|
abma (administrator) 2016-09-08 01:38 |
Fix e5905dbe0fbbb6ed4d6cb73436c0426a5b49734b committed to develop branch: fix 0005342: crash in ColorMap.cpp:84, repo: spring changeset id: 7331 |
| Notes |
| Issue History |
|||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2016-09-08 01:29 | abma | New Issue | |
| 2016-09-08 01:30 | abma | File Added: infolog.txt | |
| 2016-09-08 01:30 | abma | Note Added: 0016636 | |
| 2016-09-08 01:38 | abma | Changeset attached | => spring develop e5905dbe |
| 2016-09-08 01:38 | abma | Note Added: 0016637 | |
| 2016-09-08 01:38 | abma | Assigned To | => abma |
| 2016-09-08 01:38 | abma | Status | new => resolved |
| 2016-09-08 01:38 | abma | Resolution | open => fixed |
| Issue History |