- --
Viewing Issue Advanced Details
| ID | Category [?] | Severity [?] | Reproducibility | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 05666 | Misc. | Critical (emulator) | Always | Aug 11, 2014, 14:18 | Aug 12, 2014, 11:43 |
| Tester | Firewave | View Status | Public | Platform | MAME (Self-compiled) |
| Assigned To | hap | Resolution | Fixed | OS | Linux |
| Status [?] | Resolved | Driver | |||
| Version | 0.154 | Fixed in Version | 0.155 | Build | Debug |
| Fixed in Git Commit | Github Pull Request # | ||||
| Summary | 05666: cswat: AddressSanitizer: heap-buffer-overflow with -aviwrite | ||||
| Description |
==13306==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x619000035688 at pc 0x84c773a bp 0x7fff229fda70 sp 0x7fff229fda68
READ of size 4 at 0x619000035688 thread T0
#0 0x84c7739 in rgb_t::operator unsigned int() const /home/notroot/trunk/src/lib/util/palette.h:59
#1 0x84c7739 in software_renderer<unsigned int, 0, 0, 0, 16, 8, 0, false, true>::get_texel_palette16(render_texinfo const&, int, int) /home/notroot/trunk/src/emu/rendersw.inc:148
#2 0x84c7739 in software_renderer<unsigned int, 0, 0, 0, 16, 8, 0, false, true>::draw_quad_palette16_none(render_primitive const&, unsigned int*, unsigned int, software_renderer<unsigned int, 0, 0, 0, 16, 8, 0, false, true>::quad_setup_data&) /home/notroot/trunk/src/emu/rendersw.inc:638
#3 0x84c5ba4 in software_renderer<unsigned int, 0, 0, 0, 16, 8, 0, false, true>::setup_and_draw_textured_quad(render_primitive const&, unsigned int*, int, int, unsigned int) /home/notroot/trunk/src/emu/rendersw.inc:1866
#4 0x84c39ce in software_renderer<unsigned int, 0, 0, 0, 16, 8, 0, false, true>::draw_primitives(render_primitive_list const&, void*, unsigned int, unsigned int, unsigned int) /home/notroot/trunk/src/emu/rendersw.inc:1934
#5 0x84bff50 in video_manager::create_snapshot_bitmap(screen_device*) /home/notroot/trunk/src/emu/video.c:1077
#6 0x84c1f47 in video_manager::record_frame() /home/notroot/trunk/src/emu/video.c:1225
#7 0x84bc2f9 in video_manager::finish_screen_updates() /home/notroot/trunk/src/emu/video.c:661
#8 0x84bb3d4 in video_manager::frame_update(bool) /home/notroot/trunk/src/emu/video.c:202
#9 0x8422da1 in screen_device::vblank_begin() /home/notroot/trunk/src/emu/screen.c:822
#10 0x8422a79 in screen_device::device_timer(emu_timer&, unsigned int, int, void*) /home/notroot/trunk/src/emu/screen.c:404
#11 0x8419d53 in device_t::timer_expired(emu_timer&, unsigned int, int, void*) /home/notroot/trunk/src/emu/device.h:189
#12 0x8419d53 in device_scheduler::execute_timers() /home/notroot/trunk/src/emu/schedule.c:902
#13 0x84146b9 in device_scheduler::timeslice() /home/notroot/trunk/src/emu/schedule.c:517
#14 0x8335a11 in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:377
#15 0x832d897 in machine_manager::execute() /home/notroot/trunk/src/emu/mame.c:216
#16 0x813fd28 in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:243
#17 0x59ac224 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:332
#18 0x7f7345c19de4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260
#19 0x10bb54c in _start (/home/notroot/trunk/mame64d+0x10bb54c)
0x619000035688 is located 0 bytes to the right of 1032-byte region [0x619000035280,0x619000035688)
allocated by thread T0 here:
#0 0x10a5469 in __interceptor_malloc /home/ben/development/llvm/3.4/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:74
#1 0x8c0fce8 in osd_malloc_array(unsigned long) /home/notroot/trunk/src/osd/sdl/sdlos_unix.c:108
#2 0x876ebfd in malloc_file_line(unsigned long, char const*, int, bool, bool, bool) /home/notroot/trunk/src/lib/util/corealloc.c:112
#3 0x878eb4f in palette_t::palette_t(unsigned int, unsigned int) /home/notroot/trunk/src/lib/util/corealloc.h:72
#4 0x878e609 in palette_t::alloc(unsigned int, unsigned int) /home/notroot/trunk/src/lib/util/palette.c:199
#5 0x81f4881 in palette_device::allocate_palette() /home/notroot/trunk/src/emu/emupal.c:569
#6 0x81f3afb in palette_device::device_start() /home/notroot/trunk/src/emu/emupal.c:453
#7 0x8163629 in device_t::start() /home/notroot/trunk/src/emu/device.c:392
#8 0x833503b in running_machine::start_all_devices() /home/notroot/trunk/src/emu/machine.c:1053
#9 0x8332625 in running_machine::start() /home/notroot/trunk/src/emu/machine.c:278
#10 0x833589d in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:342
#11 0x832d897 in machine_manager::execute() /home/notroot/trunk/src/emu/mame.c:216
#12 0x813fd28 in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:243
#13 0x59ac224 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:332
#14 0x7f7345c19de4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/notroot/trunk/src/lib/util/palette.h:59 rgb_t::operator unsigned int() const
Shadow bytes around the buggy address:
0x0c327fffea80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c327fffea90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c327fffeaa0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c327fffeab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c327fffeac0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c327fffead0: 00[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c327fffeae0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c327fffeaf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c327fffeb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c327fffeb10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c327fffeb20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
ASan internal: fe
|
||||
| Steps To Reproduce | |||||
| Additional Information | |||||
| Github Commit | |||||
| Flags | |||||
| Regression Version | |||||
| Affected Sets / Systems | cswat | ||||
|
Attached Files
|
|||||
Relationships
| There are no relationship linked to this issue. |
Notes
1
 No.10915
Firewave Senior Tester
Aug 12, 2014, 11:43
|
Fixed in r31620 |
|---|