- --
Viewing Issue Advanced Details
| ID | Category [?] | Severity [?] | Reproducibility | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 05244 | Misc. | Critical (emulator) | Always | Jul 29, 2013, 11:47 | Jun 16, 2014, 15:45 |
| Tester | Firewave | View Status | Public | Platform | MAME (Self-compiled) |
| Assigned To | AWJ | Resolution | Fixed | OS | Linux |
| Status [?] | Resolved | Driver | |||
| Version | 0.149u1 | Fixed in Version | 0.154 | Build | Debug |
| Fixed in Git Commit | Github Pull Request # | ||||
| Summary | 05244: nsmpoker: AddressSanitizer: heap-buffer-overflow | ||||
| Description |
=================================================================
==52578==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x604000008400 at pc 0x181ddb2c bp 0x7fff2766d950 sp 0x7fff2766d948
READ of size 4 at 0x604000008400 thread T0
#0 0x181ddb2b in _ZN17software_rendererIjLi0ELi0ELi0ELi16ELi8ELi0ELb0ELb1EE19get_texel_palette16ERK14render_texinfoii /home/notroot/trunk/src/emu/rendersw.c:176
#1 0x1819805f in _ZN17software_rendererIjLi0ELi0ELi0ELi16ELi8ELi0ELb0ELb1EE24draw_quad_palette16_noneERK16render_primitivePjjRNS0_15quad_setup_dataE /home/notroot/trunk/src/emu/rendersw.c:667
#2 0x18195b2b in _ZN17software_rendererIjLi0ELi0ELi0ELi16ELi8ELi0ELb0ELb1EE28setup_and_draw_textured_quadERK16render_primitivePjiij /home/notroot/trunk/src/emu/rendersw.c:1895
#3 0x18186304 in _ZN17software_rendererIjLi0ELi0ELi0ELi16ELi8ELi0ELb0ELb1EE15draw_primitivesERK21render_primitive_listPvjjj /home/notroot/trunk/src/emu/rendersw.c:1963
#4 0x1817a5e5 in _ZN13video_manager22create_snapshot_bitmapEP13screen_device /home/notroot/trunk/src/emu/video.c:1083
#5 0x181790cf in _ZN13video_manager13save_snapshotEP13screen_deviceR8emu_file /home/notroot/trunk/src/emu/video.c:331
#6 0x18177e18 in _ZN13video_manager15recompute_speedE8attotime /home/notroot/trunk/src/emu/video.c:1043
#7 0x181734d2 in _ZN13video_manager12frame_updateEb /home/notroot/trunk/src/emu/video.c:266
#8 0x17f0f067 in _ZN13screen_device12vblank_beginEv /home/notroot/trunk/src/emu/screen.c:801
#9 0x17f0df96 in _ZN13screen_device12device_timerER9emu_timerjiPv /home/notroot/trunk/src/emu/screen.c:398
#10 0x17efd58a in _ZN8device_t13timer_expiredER9emu_timerjiPv /home/notroot/trunk/src/emu/device.h:228
#11 0x17eee17b in _ZN16device_scheduler14execute_timersEv /home/notroot/trunk/src/emu/schedule.c:931
#12 0x17ee1769 in _ZN16device_scheduler9timesliceEv /home/notroot/trunk/src/emu/schedule.c:454
#13 0x17a8888b in _ZN15running_machine3runEb /home/notroot/trunk/src/emu/machine.c:412
#14 0x17a74411 in _Z12mame_executeR11emu_optionsR13osd_interface /home/notroot/trunk/src/emu/mame.c:190
#15 0x173eb8a6 in _ZN12cli_frontend7executeEiPPc /home/notroot/trunk/src/emu/clifront.c:255
#16 0x10708f01 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:378
#17 0x7f3124ed6ea4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260
#18 0x1e7a7bc in _start ??:?
0x604000008400 is located 8 bytes to the right of 40-byte region [0x6040000083d0,0x6040000083f8)
allocated by thread T0 here:
#0 0x1e6c724 in __interceptor_malloc ??:?
#1 0x18d95101 in _Z13palette_allocjj /home/notroot/trunk/src/lib/util/palette.c:177
#2 0x17748d60 in _ZL16allocate_paletteR15running_machineP15palette_private /home/notroot/trunk/src/emu/emupal.c:596
#3 0x17747053 in _Z12palette_initR15running_machine /home/notroot/trunk/src/emu/emupal.c:142
#4 0x17a7e3b6 in _ZN15running_machine5startEv /home/notroot/trunk/src/emu/machine.c:259
#5 0x17a88439 in _ZN15running_machine3runEb /home/notroot/trunk/src/emu/machine.c:391
#6 0x17a74411 in _Z12mame_executeR11emu_optionsR13osd_interface /home/notroot/trunk/src/emu/mame.c:190
#7 0x173eb8a6 in _ZN12cli_frontend7executeEiPPc /home/notroot/trunk/src/emu/clifront.c:255
#8 0x10708f01 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:378
#9 0x7f3124ed6ea4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260
Shadow bytes around the buggy address:
0x0c087fff9030: fa fa 00 00 00 00 00 fa fa fa 00 00 00 00 00 fa
0x0c087fff9040: fa fa fd fd fd fd fd fd fa fa 00 00 00 00 00 fa
0x0c087fff9050: fa fa 00 00 00 00 00 fa fa fa 00 00 00 00 00 00
0x0c087fff9060: fa fa 00 00 00 00 00 00 fa fa 00 00 00 00 00 fa
0x0c087fff9070: fa fa 00 00 00 00 00 fa fa fa 00 00 00 00 00 fa
=>0x0c087fff9080:[fa]fa 00 00 00 00 00 fa fa fa fd fd fd fd fd fa
0x0c087fff9090: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
0x0c087fff90a0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
0x0c087fff90b0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
0x0c087fff90c0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
0x0c087fff90d0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
ASan internal: fe
==52578==ABORTING
|
||||
| Steps To Reproduce | |||||
| Additional Information | |||||
| Github Commit | |||||
| Flags | |||||
| Regression Version | |||||
| Affected Sets / Systems | nsmpoker | ||||
|
Attached Files
|
|||||
Relationships
Notes
2
 No.10787
AWJ Developer
Jun 15, 2014, 05:39
|
This should be fixed by r30977, someone else confirm since I can't be arsed to download any more bloody poker romsets. |
|---|---|
|
No.10792
Firewave Senior Tester
Jun 16, 2014, 15:45
|
Confirmed as Fixed. |