Viewing Issue Advanced Details
Jump to Notes ]
sun/sun3.cpp
ID Category [?] Severity [?] Reproducibility Date Submitted Last Update
05641 Misc. Critical (emulator) Always Jul 26, 2014, 13:19 Aug 7, 2014, 18:50
Tester Firewave View Status Public Platform MESS (Self-compiled)
Assigned To Resolution Fixed OS
Status [?] Resolved Driver
sun/sun3.cpp
Version 0.154 Fixed in Version 0.170 Build Debug
Fixed in Git Commit Github Pull Request #
Summary MESS-specific 05641: sun3_80: AddressSanitizer: heap-buffer-overflow
Description 
==21847==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62100003597c at pc 0x51d1d55 bp 0x7fffc32044f0 sp 0x7fffc32044e8
READ of size 16 at 0x62100003597c thread T0
    #0 0x51d1d54 in ncr539x_device::read(address_space&, unsigned int, unsigned char) /home/notroot/trunk/src/emu/machine/ncr539x.c:343
    #1 0x596e728 in delegate_base<unsigned char, address_space&, unsigned int, unsigned char, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam>::operator()(address_space&, unsigned int, unsigned char) const /home/notroot/trunk/src/lib/util/delegate.h:652
    #2 0x596e728 in handler_entry_read::read_stub_32(address_space&, unsigned int, unsigned int) /home/notroot/trunk/src/emu/memory.c:4648
    #3 0x598cef3 in delegate_base<unsigned int, address_space&, unsigned int, unsigned int, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam>::operator()(address_space&, unsigned int, unsigned int) const /home/notroot/trunk/src/lib/util/delegate.h:652
    #4 0x598cef3 in handler_entry_read::read32(address_space&, unsigned int, unsigned int) const /home/notroot/trunk/src/emu/memory.c:360
    #5 0x598cef3 in address_space_specific<unsigned int, (endianness_t)1, true>::read_native(unsigned int, unsigned int) /home/notroot/trunk/src/emu/memory.c:1071
    #6 0x598b612 in unsigned char address_space_specific<unsigned int, (endianness_t)1, true>::read_direct<unsigned char, true>(unsigned int, unsigned char) /home/notroot/trunk/src/emu/memory.c:1167
    #7 0x598b612 in address_space_specific<unsigned int, (endianness_t)1, true>::read_byte(unsigned int) /home/notroot/trunk/src/emu/memory.c:1412
    #8 0x426bab3 in m68000_base_device::read_byte_32_mmu(unsigned int) /home/notroot/trunk/src/emu/cpu/m68000/m68kcpu.c:1349
    #9 0x43ed6ad in delegate_base<unsigned char, unsigned int, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam>::operator()(unsigned int) const /home/notroot/trunk/src/lib/util/delegate.h:650
    #10 0x43ed6ad in m68ki_read_8_fc(m68000_base_device*, unsigned int, unsigned int) /home/notroot/trunk/src/emu/cpu/m68000/m68kcpu.h:779
    #11 0x43ed6ad in OPER_AY_AI_8(m68000_base_device*) /home/notroot/trunk/src/emu/cpu/m68000/m68kcpu.h:979
    #12 0x43ed6ad in m68000_base_device_ops::m68k_op_move_8_d_ai(m68000_base_device*) /home/notroot/trunk/obj/sdl64d/emu/cpu/m68000/m68kops.c:15979
    #13 0x4293ec7 in m68000_base_device::cpu_execute() /home/notroot/trunk/src/emu/cpu/m68000/m68kcpu.c:856
    #14 0x427d5af in m68000_base_device::execute_run() /home/notroot/trunk/src/emu/cpu/m68000/m68kcpu.c:2481
    #15 0x427d5af in non-virtual thunk to m68000_base_device::execute_run() /home/notroot/trunk/src/emu/cpu/m68000/m68kcpu.c:2482
    #16 0x5a0d84e in device_execute_interface::run() /home/notroot/trunk/src/emu/diexec.h:189
    #17 0x5a0d84e in device_scheduler::timeslice() /home/notroot/trunk/src/emu/schedule.c:476
    #18 0x592f331 in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:377
    #19 0x59271b7 in machine_manager::execute() /home/notroot/trunk/src/emu/mame.c:216
    #20 0x5739f28 in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:243
    #21 0x2e3ac84 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:332
    #22 0x7f63220c7de4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260
    #23 0xd8cdcc in _start (/home/notroot/trunk/mess64d+0xd8cdcc)

0x62100003597c is located 4 bytes to the right of 4216-byte region [0x621000034900,0x621000035978)
allocated by thread T0 here:
    #0 0xd76ce9 in __interceptor_malloc /home/ben/development/llvm/3.4/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:74
    #1 0x61b77a8 in osd_malloc(unsigned long) /home/notroot/trunk/src/osd/sdl/sdlos_unix.c:94
    #2 0x5ce6964 in malloc_file_line(unsigned long, char const*, int, bool, bool, bool) /home/notroot/trunk/src/lib/util/corealloc.c:112
    #3 0x51d40f8 in operator new(unsigned long, char const*, int) /home/notroot/trunk/src/lib/util/corealloc.h:71
    #4 0x51d40f8 in device_t* device_creator<ncr539x_device>(machine_config const&, char const*, device_t*, unsigned int) /home/notroot/trunk/src/emu/device.h:82
    #5 0x575ed3c in device_t::add_subdevice(device_t* (*)(machine_config const&, char const*, device_t*, unsigned int), char const*, unsigned int) /home/notroot/trunk/src/emu/device.c:770
    #6 0x593cc94 in machine_config::device_add(device_t*, char const*, device_t* (*)(machine_config const&, char const*, device_t*, unsigned int), unsigned int) /home/notroot/trunk/src/emu/mconfig.c:140
    #7 0x25cffef in construct_machine_config_sun3_80(machine_config&, device_t*, device_t*) /home/notroot/trunk/src/mess/drivers/sun3.c:778
    #8 0x593bce8 in machine_config::machine_config(game_driver const&, emu_options&) /home/notroot/trunk/src/emu/mconfig.c:33
    #9 0x592716d in machine_manager::execute() /home/notroot/trunk/src/emu/mame.c:208
    #10 0x5739f28 in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:243
    #11 0x2e3ac84 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:332
    #12 0x7f63220c7de4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260
Steps To Reproduce
Additional Information
Github Commit
Flags
Regression Version
Affected Sets / Systems sun3_80
Attached Files
  
Relationships
related to 05758Resolved  sun3_80: [debug] Assert shortly after start 
Notes
0
There are no notes attached to this issue.