Viewing Issue Advanced Details Jump to Notes ] supracan.cpp
ID Category [?] Severity [?] Reproducibility Date Submitted Last Update
05511 Misc. Critical (emulator) Always Apr 10, 2014, 22:20 Jan 3, 2015, 20:25
Tester Firewave View Status Public Platform MESS (Self-compiled)
Assigned To AWJ Resolution Fixed OS Linux
Status [?] Resolved   Driver supracan.cpp
Version 0.153 Fixed in Version 0.154 Build 64-bit
Summary MESS-specific 05511: supracan: AddressSanitizer: stack-buffer-overflow
Description
==1685==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fffe8c77140 at pc 0xcf6bba bp 0x7fffe8c76ed0 sp 0x7fffe8c76690
READ of size 256 at 0x7fffe8c77140 thread T0
    #0 0xcf6bb9 in memcpy /home/ben/development/llvm/3.4/final/llvm.src/projects/compiler-rt/lib/asan/asan_interceptors.cc:377
    #1 0x543c2ce in device_gfx_interface::decode_gfx(gfx_decode_entry const*) /home/notroot/trunk/src/emu/digfx.c:197
    #2 0x542e213 in device_t::start() /home/notroot/trunk/src/emu/device.c:407
    #3 0x55fc92b in running_machine::start_all_devices() /home/notroot/trunk/src/emu/machine.c:1095
    #4 0x55fa0dd in running_machine::start() /home/notroot/trunk/src/emu/machine.c:281
    #5 0x55fd18d in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:349
    #6 0x55f46d7 in mame_execute(emu_options&, osd_interface&) /home/notroot/trunk/src/emu/mame.c:194
    #7 0x53f5518 in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:237
    #8 0x2c0fba5 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:379
    #9 0x7f69b475bde4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260
    #10 0xd1cb8c in _start (/home/notroot/trunk/mess64d+0xd1cb8c)

Address 0x7fffe8c77140 is located in stack of thread T0 at offset 352 in frame
    #0 0x543bb0f in device_gfx_interface::decode_gfx(gfx_decode_entry const*) /home/notroot/trunk/src/emu/digfx.c:117

  This frame has 1 object(s):
    [32, 352) 'glcopy' <== Memory access at offset 352 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
Steps To Reproduce
Additional Information
Flags
Regression Version
Affected Sets / Systems supracan
Attached Files
 


-  Notes
User avatar
No.10695
Firewave
(Senior Tester)
May 13, 2014, 09:25
Fixed in either r30339 or r30360.