Viewing Issue Advanced Details Jump to Notes ] sg1000.cpp
ID Category [?] Severity [?] Reproducibility Date Submitted Last Update
05512 Misc. Critical (emulator) Always Apr 10, 2014, 22:24 Jan 3, 2015, 20:25
Tester Firewave View Status Public Platform MESS (Self-compiled)
Assigned To etabeta Resolution Fixed OS Linux
Status [?] Resolved   Driver sg1000.cpp
Version 0.153 Fixed in Version 0.154 Build 64-bit
Summary MESS-specific 05512: All sg1000.c sets: AddressSanitizer: heap-use-after-free - with 8K carts
Description This happens with all carts, that have a rom size of 8192 since it will always try to copy at least 0x4000 bytes.

==1720==ERROR: AddressSanitizer: heap-use-after-free on address 0x6250000838ff at pc 0x3147505 bp 0x7fffd66cb100 sp 0x7fffd66cb0f8
READ of size 16384 at 0x6250000838ff thread T0
    #0 0x3147504 in sega8_cart_slot_device::call_load() /home/notroot/trunk/src/emu/bus/sega8/sega8_slot.c:378
    #1 0x5445a16 in device_image_interface::finish_load() /home/notroot/trunk/src/emu/diimage.c:1048
    #2 0x54cc1a7 in image_postdevice_init(running_machine&) /home/notroot/trunk/src/emu/image.c:268
    #3 0x54ae01d in driver_device::device_start() /home/notroot/trunk/src/emu/driver.c:230
    #4 0x542e063 in device_t::start() /home/notroot/trunk/src/emu/device.c:392
    #5 0x55fc92b in running_machine::start_all_devices() /home/notroot/trunk/src/emu/machine.c:1095
    #6 0x55fa0dd in running_machine::start() /home/notroot/trunk/src/emu/machine.c:281
    #7 0x55fd18d in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:349
    #8 0x55f46d7 in mame_execute(emu_options&, osd_interface&) /home/notroot/trunk/src/emu/mame.c:194
    #9 0x53f5518 in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:237
    #10 0x2c0fba5 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:379
    #11 0x7febc8b19de4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260
    #12 0xd1cb8c in _start (/home/notroot/trunk/mess64d+0xd1cb8c)

0x6250000846c0 is located 0 bytes to the right of 9664-byte region [0x625000082100,0x6250000846c0)
freed by thread T0 here:
    #0 0xd06929 in free /home/ben/development/llvm/3.4/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:64
    #1 0x56fbc58 in operator delete[](void*) /home/notroot/trunk/src/lib/util/corealloc.h:78
    #2 0x56fbc58 in softlist_parser::expat_free(void*) /home/notroot/trunk/src/emu/softlist.c:802
    #3 0x5a0013c in XML_ParserFree /home/notroot/trunk/src/lib/expat/xmlparse.c:1175
    #4 0x56fb9f5 in softlist_parser::softlist_parser(software_list_device&, astring&) /home/notroot/trunk/src/emu/softlist.c:777
    #5 0x56f9ea5 in software_list_device::parse() /home/notroot/trunk/src/emu/softlist.c:569
    #6 0x56f9cc8 in software_list_device::first_software_info() /home/notroot/trunk/src/emu/softlist.h:209
    #7 0x56f9cc8 in software_list_device::find(char const*, software_info*) /home/notroot/trunk/src/emu/softlist.c:543
    #8 0x5446d8b in device_image_interface::find_software_item(char const*, bool) /home/notroot/trunk/src/emu/diimage.c:1222
    #9 0x5444b48 in device_image_interface::load_software_part(char const*, software_part*&) /home/notroot/trunk/src/emu/diimage.c:1252
    #10 0x5443866 in device_image_interface::load_internal(char const*, bool, int, option_resolution*, bool) /home/notroot/trunk/src/emu/diimage.c:888
    #11 0x54cb753 in image_device_init(running_machine&) /home/notroot/trunk/src/emu/image.c:221
    #12 0x54cc5f5 in image_init(running_machine&) /home/notroot/trunk/src/emu/image.c:297
    #13 0x55f9caf in running_machine::start() /home/notroot/trunk/src/emu/machine.c:263
    #14 0x55fd18d in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:349
    #15 0x55f46d7 in mame_execute(emu_options&, osd_interface&) /home/notroot/trunk/src/emu/mame.c:194
    #16 0x53f5518 in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:237
    #17 0x2c0fba5 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:379
    #18 0x7febc8b19de4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260

previously allocated by thread T0 here:
    #0 0xd06aa9 in __interceptor_malloc /home/ben/development/llvm/3.4/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:74
    #1 0x59ae2ea in malloc_file_line(unsigned long, char const*, int, bool, bool, bool) /home/notroot/trunk/src/lib/util/corealloc.c:104
    #2 0x56fbba5 in operator new[](unsigned long, char const*, int, zeromem_t const&) /home/notroot/trunk/src/lib/util/corealloc.h:90
    #3 0x56fbba5 in softlist_parser::expat_malloc(unsigned long) /home/notroot/trunk/src/emu/softlist.c:791
    #4 0x5a02ee5 in XML_GetBuffer /home/notroot/trunk/src/lib/expat/xmlparse.c:1713
    #5 0x5a0289d in XML_Parse /home/notroot/trunk/src/lib/expat/xmlparse.c:1602
    #6 0x56fb993 in softlist_parser::softlist_parser(software_list_device&, astring&) /home/notroot/trunk/src/emu/softlist.c:769
    #7 0x56f9ea5 in software_list_device::parse() /home/notroot/trunk/src/emu/softlist.c:569
    #8 0x56f9cc8 in software_list_device::first_software_info() /home/notroot/trunk/src/emu/softlist.h:209
    #9 0x56f9cc8 in software_list_device::find(char const*, software_info*) /home/notroot/trunk/src/emu/softlist.c:543
    #10 0x5446d8b in device_image_interface::find_software_item(char const*, bool) /home/notroot/trunk/src/emu/diimage.c:1222
    #11 0x5444b48 in device_image_interface::load_software_part(char const*, software_part*&) /home/notroot/trunk/src/emu/diimage.c:1252
    #12 0x5443866 in device_image_interface::load_internal(char const*, bool, int, option_resolution*, bool) /home/notroot/trunk/src/emu/diimage.c:888
    #13 0x54cb753 in image_device_init(running_machine&) /home/notroot/trunk/src/emu/image.c:221
    #14 0x54cc5f5 in image_init(running_machine&) /home/notroot/trunk/src/emu/image.c:297
    #15 0x55f9caf in running_machine::start() /home/notroot/trunk/src/emu/machine.c:263
    #16 0x55fd18d in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:349
    #17 0x55f46d7 in mame_execute(emu_options&, osd_interface&) /home/notroot/trunk/src/emu/mame.c:194
    #18 0x53f5518 in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:237
    #19 0x2c0fba5 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:379
    #20 0x7febc8b19de4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260
Steps To Reproduce
Additional Information
Flags
Regression Version
Affected Sets / Systems All sg1000.c sets
Attached Files
 


-  Notes
User avatar
No.10705
Firewave
(Senior Tester)
May 13, 2014, 22:34
Fixed in r30412.