Viewing Issue Advanced Details
ID Category [?] Severity [?] Reproducibility Date Submitted Last Update
05821 Misc. Critical (emulator) Always Jan 3, 2015, 12:17 Jul 21, 2017, 09:41
Tester Firewave View Status Public Platform MAME (Self-compiled)
Assigned To Resolution Fixed OS
Status [?] Resolved Driver mpu4sw.cpp
Version 0.157 Fixed in Version 0.161 Build Debug
Summary 05821: m4richfm__e: AddressSanitizer: heap-use-after-free
Description
==18294==ERROR: AddressSanitizer: heap-use-after-free on address 0x6290001fa1fe at pc 0x0000081812e1 bp 0x7fff52065d60 sp 0x7fff52065d58
READ of size 1 at 0x6290001fa1fe thread T0
    #0 0x81812e0 in address_space_specific<unsigned char, (endianness_t)1, false>::read_native(unsigned int) /home/notroot/trunk/src/emu/memory.c:1093:74
    #1 0x817f578 in address_space_specific<unsigned char, (endianness_t)1, false>::read_byte(unsigned int) /home/notroot/trunk/src/emu/memory.c:1412:64
    #2 0x65d7663 in m6809_base_device::device_reset() /home/notroot/trunk/src/emu/cpu/m6809/m6809.c:204:13
    #3 0x7f5808c in device_t::reset() /home/notroot/trunk/src/emu/device.c:253:2
    #4 0x7f580bf in device_t::reset() /home/notroot/trunk/src/emu/device.c:257:3
    #5 0x8111caf in running_machine::reset_all_devices() /home/notroot/trunk/src/emu/machine.c:1128:2
    #6 0x81109f1 in delegate_base<void, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam>::operator()() const /home/notroot/trunk/src/lib/util/delegate.h:649:42
    #7 0x81109f1 in running_machine::call_notifiers(machine_notification) /home/notroot/trunk/src/emu/machine.c:871
    #8 0x81109f1 in running_machine::soft_reset(void*, int) /home/notroot/trunk/src/emu/machine.c:976
    #9 0x8112a8f in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:365:3
    #10 0x810b03a in machine_manager::execute() /home/notroot/trunk/src/emu/mame.c:216:11
    #11 0x7f3df3e in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:244:15
    #12 0x576f669 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:345:9
    #13 0x7fd4053f5ec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287
    #14 0x11479ac in _start (/home/notroot/trunk/mame64d+0x11479ac)

0x6290001fa1fe is located 4094 bytes inside of 16544-byte region [0x6290001f9200,0x6290001fd2a0)
freed by thread T0 here:
    #0 0x112a0bb in free /home/ben/development/llvm/3.5/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:30:3
    #1 0x850b85a in free_zip_file(zip_file*) /home/notroot/trunk/src/lib/util/unzip.c:399:3
    #2 0x850b85a in zip_file_open(char const*, zip_file**) /home/notroot/trunk/src/lib/util/unzip.c:206
    #3 0x80013e8 in emu_file::attempt_zipped() /home/notroot/trunk/src/emu/fileio.c:680:22
    #4 0x7fff706 in emu_file::open_next() /home/notroot/trunk/src/emu/fileio.c:363:13
    #5 0x7fff444 in emu_file::open(char const*) /home/notroot/trunk/src/emu/fileio.c:274:9
    #6 0x81a3982 in render_target::load_layout_file(char const*, char const*) /home/notroot/trunk/src/emu/render.c:1660:23
    #7 0x8197d0e in render_target::load_layout_files(char const*, bool) /home/notroot/trunk/src/emu/render.c:1594:20
    #8 0x81971e6 in render_target::render_target(render_manager&, char const*, unsigned int) /home/notroot/trunk/src/emu/render.c:1039:2
    #9 0x81a8496 in render_manager::target_alloc(char const*, unsigned int) /home/notroot/trunk/src/emu/render.c:2532:10
    #10 0x828e013 in video_manager::video_manager(running_machine&) /home/notroot/trunk/src/emu/video.c:138:19
    #11 0x810f017 in running_machine::start() /home/notroot/trunk/src/emu/machine.c:228:2
    #12 0x81129cc in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:345:3
    #13 0x810b03a in machine_manager::execute() /home/notroot/trunk/src/emu/mame.c:216:11
    #14 0x7f3df3e in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:244:15
    #15 0x576f669 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:345:9
    #16 0x7fd4053f5ec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287

previously allocated by thread T0 here:
    #0 0x112a33b in __interceptor_malloc /home/ben/development/llvm/3.5/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:40:3
    #1 0x850b76f in zip_file_open(char const*, zip_file**) /home/notroot/trunk/src/lib/util/unzip.c:152:23
    #2 0x80013e8 in emu_file::attempt_zipped() /home/notroot/trunk/src/emu/fileio.c:680:22
    #3 0x7fff706 in emu_file::open_next() /home/notroot/trunk/src/emu/fileio.c:363:13
    #4 0x7fff444 in emu_file::open(char const*) /home/notroot/trunk/src/emu/fileio.c:274:9
    #5 0x81a3982 in render_target::load_layout_file(char const*, char const*) /home/notroot/trunk/src/emu/render.c:1660:23
    #6 0x8197d0e in render_target::load_layout_files(char const*, bool) /home/notroot/trunk/src/emu/render.c:1594:20
    #7 0x81971e6 in render_target::render_target(render_manager&, char const*, unsigned int) /home/notroot/trunk/src/emu/render.c:1039:2
    #8 0x81a8496 in render_manager::target_alloc(char const*, unsigned int) /home/notroot/trunk/src/emu/render.c:2532:10
    #9 0x828e013 in video_manager::video_manager(running_machine&) /home/notroot/trunk/src/emu/video.c:138:19
    #10 0x810f017 in running_machine::start() /home/notroot/trunk/src/emu/machine.c:228:2
    #11 0x81129cc in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:345:3
    #12 0x810b03a in machine_manager::execute() /home/notroot/trunk/src/emu/mame.c:216:11
    #13 0x7f3df3e in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:244:15
    #14 0x576f669 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:345:9
    #15 0x7fd4053f5ec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287

SUMMARY: AddressSanitizer: heap-use-after-free /home/notroot/trunk/src/emu/memory.c:1093 address_space_specific<unsigned char, (endianness_t)1, false>::read_native(unsigned int)
Shadow bytes around the buggy address:
  0x0c52800373e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c52800373f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c5280037400: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c5280037410: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c5280037420: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c5280037430: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]
  0x0c5280037440: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c5280037450: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c5280037460: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c5280037470: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c5280037480: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable: 00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone: fa
  Heap right redzone: fb
  Freed heap region: fd
  Stack left redzone: f1
  Stack mid redzone: f2
  Stack right redzone: f3
  Stack partial redzone: f4
  Stack after return: f5
  Stack use after scope: f8
  Global redzone: f9
  Global init order: f6
  Poisoned by user: f7
  Container overflow: fc
  ASan internal: fe
Steps To Reproduce
Additional Information
Flags
Regression Version
Affected Sets / Systems m4richfm__e
Attached Files
 
Relationships
There are no relationsihp linked to this issue.
Notes
0
There are no notes attached to this issue.