Description | ASAN report:
=================================================================
==32127==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fffffffc929 at pc 0x7ffff6eda20b
bp 0x7fffffffc610 sp 0x7fffffffbdb8
READ of size 13 at 0x7fffffffc929 thread T0
#0 0x7ffff6eda20a in __interceptor_strlen (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x7020a)
#1 0xb72711 in MakeKey(char const*) /home/edward-san/zdoom/gzdoom/trunk/src/c_dispatch.cpp:414
0000002 0x118fb86
in FTextureManager::CheckForTexture(char const*, int, unsigned int) /home/edward-san/zdoom/gzdoom/trunk/src/textures/texturemanager.cpp:170
0000003 0x8e42b1 in AdjustSpriteOffsets()
/home/edward-san/zdoom/gzdoom/trunk/src/gl/data/gl_data.cpp:112
0000004
0x8e75c2 in gl_InitData() /home/edward-san/zdoom/gzdoom/trunk/src/gl/data/gl_data.cpp:573
0000005
0xabb40b in FGLInterface::Init() /home/edward-san/zdoom/gzdoom/trunk/src/gl/scene/gl_scene.cpp:1321
0000006 0xfad698
in R_Init() /home/edward-san/zdoom/gzdoom/trunk/src/r_utility.cpp:347
0000007
0xbae6e9 in D_DoomMain() /home/edward-san/zdoom/gzdoom/trunk/src/d_main.cpp:2508
0000008 0x634bdb
in main /home/edward-san/zdoom/gzdoom/trunk/src/posix/sdl/i_main.cpp:259
0000009 0x7ffff479582f
in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
0000010
0x625db8 in _start (/home/edward-san/zdoom/gzdoom/trunk/debug-asan/gzdoom+0x625db8)
Address 0x7fffffffc929 is located in stack of thread T0 at offset 585 in frame
#0 0x8e40ea in AdjustSpriteOffsets() /home/edward-san/zdoom/gzdoom/trunk/src/gl/data/gl_data.cpp:98
This frame has 6 object(s):
[32, 36) 'texno'
[96, 100) 'lastlump'
[160, 164) 'sprid'
[224, 248) 'donotprocess'
[288, 544) 'sc'
[576, 585) 'str' <== Memory access at offset 585 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow ??:0 __interceptor_strlen
Shadow bytes around the buggy address:
0x10007fff78d0: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
0x10007fff78e0: 04 f4 f4 f4 f2 f2 f2 f2 04 f4 f4 f4 f2 f2 f2 f2
0x10007fff78f0: 04 f4 f4 f4 f2 f2 f2 f2 00 00 00 f4 f2 f2 f2 f2
0x10007fff7900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7910: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x10007fff7920: f2 f2 f2 f2 00[01]f4 f4 f3 f3 f3 f3 00 00 00 00
0x10007fff7930: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7940: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7950: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7960: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7970: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==32127==ABORTING
gdb backtrace:
0000007
0x0000000000b72712 in MakeKey (s=0x7fffffffc920 "MANFA8A2\300/C\001") at /home/edward-san/zdoom/gzdoom/trunk/src/c_dispatch.cpp:414
No locals.
0000008 0x000000000118fb87
in FTextureManager::CheckForTexture (this=0x322be20 <TexMan>, name=0x7fffffffc920 "MANFA8A2\300/C\001",
usetype=3, flags=0) at /home/edward-san/zdoom/gzdoom/trunk/src/textures/texturemanager.cpp:170
i = -14688
firstfound = -1
firsttype = 13
0000009 0x00000000008e42b2
in AdjustSpriteOffsets () at /home/edward-san/zdoom/gzdoom/trunk/src/gl/data/gl_data.cpp:112
str = "MANFA8A2\300"
texid = {texnum = 305}
i = 1660
lump = -14448
lastlump = 0
sprid = -13136
donotprocess = {Nodes = 0x6020000f2af0, LastFree = 0x6020000f2b00, Size = 1, NumUsed = 0}
numtex = 3618
0000010
0x00000000008e75c3 in gl_InitData () at /home/edward-san/zdoom/gzdoom/trunk/src/gl/data/gl_data.cpp:573
No locals.
0000011
0x0000000000abb40c in FGLInterface::Init (this=0x602000032610) at /home/edward-san/zdoom/gzdoom/trunk/src/gl/scene/gl_scene.cpp:1321
No locals.
0000012
0x0000000000fad699 in R_Init () at /home/edward-san/zdoom/gzdoom/trunk/src/r_utility.cpp:347
No locals.
Looks like 'str' in function 'AdjustSpriteOffsets' isn't terminated properly, or in any case 'strlen' shouldn't be called on that name. It's a regression from this commit. |
---|