Viewing Issue Advanced Details
ID Category [?] Severity [?] Reproducibility Date Submitted Last Update
05246 Misc. Critical (emulator) Always Jul 29, 2013, 11:51 Jul 21, 2014, 23:44
Tester Firewave View Status Public Platform MAME (Self-compiled)
Assigned To Firewave Resolution Fixed OS Linux
Status [?] Resolved Driver
Version 0.149u1 Fixed in Version 0.150 Build Debug
Fixed in Git Commit Github Pull Request #
Summary 05246: all parodius.c sets: AddressSanitizer: heap-use-after-free
Description
=================================================================
==52593==ERROR: AddressSanitizer: heap-use-after-free on address 0x62900014f940 at pc 0x181ddb2c bp 0x7fffec7a8710 sp 0x7fffec7a8708
READ of size 4 at 0x62900014f940 thread T0
    #0 0x181ddb2b in _ZN17software_rendererIjLi0ELi0ELi0ELi16ELi8ELi0ELb0ELb1EE19get_texel_palette16ERK14render_texinfoii /home/notroot/trunk/src/emu/rendersw.c:176
    #1 0x1819805f in _ZN17software_rendererIjLi0ELi0ELi0ELi16ELi8ELi0ELb0ELb1EE24draw_quad_palette16_noneERK16render_primitivePjjRNS0_15quad_setup_dataE /home/notroot/trunk/src/emu/rendersw.c:667
    #2 0x18195b2b in _ZN17software_rendererIjLi0ELi0ELi0ELi16ELi8ELi0ELb0ELb1EE28setup_and_draw_textured_quadERK16render_primitivePjiij /home/notroot/trunk/src/emu/rendersw.c:1895
    #3 0x18186304 in _ZN17software_rendererIjLi0ELi0ELi0ELi16ELi8ELi0ELb0ELb1EE15draw_primitivesERK21render_primitive_listPvjjj /home/notroot/trunk/src/emu/rendersw.c:1963
    #4 0x1817a5e5 in _ZN13video_manager22create_snapshot_bitmapEP13screen_device /home/notroot/trunk/src/emu/video.c:1083
    #5 0x181790cf in _ZN13video_manager13save_snapshotEP13screen_deviceR8emu_file /home/notroot/trunk/src/emu/video.c:331
    #6 0x18177e18 in _ZN13video_manager15recompute_speedE8attotime /home/notroot/trunk/src/emu/video.c:1043
    #7 0x181734d2 in _ZN13video_manager12frame_updateEb /home/notroot/trunk/src/emu/video.c:266
    #8 0x17f0f067 in _ZN13screen_device12vblank_beginEv /home/notroot/trunk/src/emu/screen.c:801
    #9 0x17f0df96 in _ZN13screen_device12device_timerER9emu_timerjiPv /home/notroot/trunk/src/emu/screen.c:398
    #10 0x17efd58a in _ZN8device_t13timer_expiredER9emu_timerjiPv /home/notroot/trunk/src/emu/device.h:228
    #11 0x17eee17b in _ZN16device_scheduler14execute_timersEv /home/notroot/trunk/src/emu/schedule.c:931
    #12 0x17ee1769 in _ZN16device_scheduler9timesliceEv /home/notroot/trunk/src/emu/schedule.c:454
    #13 0x17a8888b in _ZN15running_machine3runEb /home/notroot/trunk/src/emu/machine.c:412
    #14 0x17a74411 in _Z12mame_executeR11emu_optionsR13osd_interface /home/notroot/trunk/src/emu/mame.c:190
    #15 0x173eb8a6 in _ZN12cli_frontend7executeEiPPc /home/notroot/trunk/src/emu/clifront.c:255
    #16 0x10708f01 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:378
    #17 0x7f49ab1a0ea4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260
    #18 0x1e7a7bc in _start ??:?
0x62900014f940 is located 1856 bytes inside of 16704-byte region [0x62900014f200,0x629000153340)
freed by thread T0 here:
    #0 0x1e6c644 in free ??:?
    #1 0x18df803c in _ZL13free__7z_fileP8_7z_file /home/notroot/trunk/src/lib/util/un7z.c:513
    #2 0x18df79c6 in _Z13_7z_file_openPKcPP8_7z_file /home/notroot/trunk/src/lib/util/un7z.c:398
    #3 0x177660a2 in _ZN8emu_file14attempt__7zpedEv /home/notroot/trunk/src/emu/fileio.c:854
    #4 0x1776298b in _ZN8emu_file9open_nextEv /home/notroot/trunk/src/emu/fileio.c:393
    #5 0x177624ac in _ZN8emu_file4openEPKc /home/notroot/trunk/src/emu/fileio.c:310
    #6 0x17db3b65 in _ZN13render_target16load_layout_fileEPKcS1_ /home/notroot/trunk/src/emu/render.c:1645
    #7 0x17d95c4b in _ZN13render_target17load_layout_filesEPKcb /home/notroot/trunk/src/emu/render.c:1564
    #8 0x17d94ab0 in render_target /home/notroot/trunk/src/emu/render.c:1023
    #9 0x17dc3f30 in _ZN14render_manager12target_allocEPKcj /home/notroot/trunk/src/emu/render.c:2518
    #10 0x10907463 in _Z29sdlwindow_video_window_createR15running_machineiP16sdl_monitor_infoPK17sdl_window_config /home/notroot/trunk/src/osd/sdl/window.c:712
    #11 0x1073f9b1 in _Z13sdlvideo_initR15running_machine /home/notroot/trunk/src/osd/sdl/video.c:131
    #12 0x1070ae2b in _ZN17sdl_osd_interface4initER15running_machine /home/notroot/trunk/src/osd/sdl/sdlmain.c:681
    #13 0x17a7eaad in _ZN15running_machine5startEv /home/notroot/trunk/src/emu/machine.c:267
    #14 0x17a88439 in _ZN15running_machine3runEb /home/notroot/trunk/src/emu/machine.c:391
    #15 0x17a74411 in _Z12mame_executeR11emu_optionsR13osd_interface /home/notroot/trunk/src/emu/mame.c:190
    #16 0x173eb8a6 in _ZN12cli_frontend7executeEiPPc /home/notroot/trunk/src/emu/clifront.c:255
    #17 0x10708f01 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:378
    #18 0x7f49ab1a0ea4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260
previously allocated by thread T0 here:
    #0 0x1e6c724 in __interceptor_malloc ??:?
    #1 0x18df6c48 in _Z13_7z_file_openPKcPP8_7z_file /home/notroot/trunk/src/lib/util/un7z.c:337
    #2 0x177660a2 in _ZN8emu_file14attempt__7zpedEv /home/notroot/trunk/src/emu/fileio.c:854
    #3 0x1776298b in _ZN8emu_file9open_nextEv /home/notroot/trunk/src/emu/fileio.c:393
    #4 0x177624ac in _ZN8emu_file4openEPKc /home/notroot/trunk/src/emu/fileio.c:310
    #5 0x17db3b65 in _ZN13render_target16load_layout_fileEPKcS1_ /home/notroot/trunk/src/emu/render.c:1645
    #6 0x17d95c4b in _ZN13render_target17load_layout_filesEPKcb /home/notroot/trunk/src/emu/render.c:1564
    #7 0x17d94ab0 in render_target /home/notroot/trunk/src/emu/render.c:1023
    #8 0x17dc3f30 in _ZN14render_manager12target_allocEPKcj /home/notroot/trunk/src/emu/render.c:2518
    #9 0x10907463 in _Z29sdlwindow_video_window_createR15running_machineiP16sdl_monitor_infoPK17sdl_window_config /home/notroot/trunk/src/osd/sdl/window.c:712
    #10 0x1073f9b1 in _Z13sdlvideo_initR15running_machine /home/notroot/trunk/src/osd/sdl/video.c:131
    #11 0x1070ae2b in _ZN17sdl_osd_interface4initER15running_machine /home/notroot/trunk/src/osd/sdl/sdlmain.c:681
    #12 0x17a7eaad in _ZN15running_machine5startEv /home/notroot/trunk/src/emu/machine.c:267
    #13 0x17a88439 in _ZN15running_machine3runEb /home/notroot/trunk/src/emu/machine.c:391
    #14 0x17a74411 in _Z12mame_executeR11emu_optionsR13osd_interface /home/notroot/trunk/src/emu/mame.c:190
    #15 0x173eb8a6 in _ZN12cli_frontend7executeEiPPc /home/notroot/trunk/src/emu/clifront.c:255
    #16 0x10708f01 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:378
    #17 0x7f49ab1a0ea4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260
Shadow bytes around the buggy address:
  0x0c5280021ed0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c5280021ee0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c5280021ef0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c5280021f00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c5280021f10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c5280021f20: fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd fd
  0x0c5280021f30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c5280021f40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c5280021f50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c5280021f60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c5280021f70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:     fa
  Heap right redzone:    fb
  Freed heap region:     fd
  Stack left redzone:    f1
  Stack mid redzone:     f2
  Stack right redzone:   f3
  Stack partial redzone: f4
  Stack after return:    f5
  Stack use after scope: f8
  Global redzone:        f9
  Global init order:     f6
  Poisoned by user:      f7
  ASan internal:         fe
==52593==ABORTING
Steps To Reproduce
Additional Information
Github Commit
Flags
Regression Version
Affected Sets / Systems all parodius.c sets
Attached Files
 
Relationships
There are no relationship linked to this issue.
Notes
2
User avatar
No.10789
AWJ
Developer
Jun 15, 2014, 05:53
Does this still happen, or was it fixed along with 5241?
User avatar
No.10793
Firewave
Senior Tester
Jun 16, 2014, 15:46
Confirmed as Fixed.