Viewing Issue Advanced Details
ID Category [?] Severity [?] Reproducibility Date Submitted Last Update
05670 Misc. Critical (emulator) Always Aug 11, 2014, 19:03 Nov 5, 2022, 09:24
Tester Firewave View Status Public Platform
Assigned To Resolution Open OS
Status [?] Acknowledged Driver
Version 0.154 Fixed in Version Build Debug
Fixed in Git Commit Github Pull Request #
Summary MESS-specific 05670: several drivers using mc6845: AddressSanitizer: heap-buffer-overflow when loading save state
Description
==11990==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7f30c264d210 at pc 0x1aa94c5 bp 0x7fffe5263fc0 sp 0x7fffe5263fb8
WRITE of size 4 at 0x7f30c264d210 thread T0
    #0 0x1aa94c4 in abc806_state::abc806_update_row(bitmap_rgb32&, rectangle const&, unsigned short, unsigned char, unsigned short, unsigned char, signed char, int, int, int) /home/notroot/trunk/src/mess/video/abc806.c:317
    #1 0x4f10ab6 in delegate_base<void, bitmap_rgb32&, rectangle const&, unsigned short, unsigned char, unsigned short, unsigned char, signed char, int, int, int, _noparam, _noparam>::operator()(bitmap_rgb32&, rectangle const&, unsigned short, unsigned char, unsigned short, unsigned char, signed char, int, int, int) const /home/notroot/trunk/src/lib/util/delegate.h:659
    #2 0x4f10ab6 in mc6845_device::draw_scanline(int, bitmap_rgb32&, rectangle const&) /home/notroot/trunk/src/emu/video/mc6845.c:947
    #3 0x4f10e7d in mc6845_device::screen_update(screen_device&, bitmap_rgb32&, rectangle const&) /home/notroot/trunk/src/emu/video/mc6845.c:979
    #4 0x1aaaf73 in abc806_state::screen_update(screen_device&, bitmap_rgb32&, rectangle const&) /home/notroot/trunk/src/mess/video/abc806.c:474
    #5 0x5a55d50 in delegate_base<unsigned int, screen_device&, bitmap_rgb32&, rectangle const&, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam>::operator()(screen_device&, bitmap_rgb32&, rectangle const&) const /home/notroot/trunk/src/lib/util/delegate.h:652
    #6 0x5a55d50 in screen_device::update_partial(int) /home/notroot/trunk/src/emu/screen.c:625
    #7 0x5aeba40 in video_manager::finish_screen_updates() /home/notroot/trunk/src/emu/video.c:649
    #8 0x5aeafe4 in video_manager::frame_update(bool) /home/notroot/trunk/src/emu/video.c:202
    #9 0x5a55051 in screen_device::vblank_begin() /home/notroot/trunk/src/emu/screen.c:822
    #10 0x5a54d29 in screen_device::device_timer(emu_timer&, unsigned int, int, void*) /home/notroot/trunk/src/emu/screen.c:404
    #11 0x5a4c003 in device_t::timer_expired(emu_timer&, unsigned int, int, void*) /home/notroot/trunk/src/emu/device.h:189
    #12 0x5a4c003 in device_scheduler::execute_timers() /home/notroot/trunk/src/emu/schedule.c:902
    #13 0x5a46969 in device_scheduler::timeslice() /home/notroot/trunk/src/emu/schedule.c:517
    #14 0x5967cc1 in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:377
    #15 0x595fb47 in machine_manager::execute() /home/notroot/trunk/src/emu/mame.c:216
    #16 0x5772558 in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:243
    #17 0x2e53834 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:332
    #18 0x7f30d2b41de4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260
    #19 0xd8e65c in _start (/home/notroot/trunk/mess64d+0xd8e65c)

0x7f30c264d210 is located 401 bytes to the right of 964735-byte region [0x7f30c2561800,0x7f30c264d07f)
allocated by thread T0 here:
    #0 0xd78579 in __interceptor_malloc /home/ben/development/llvm/3.4/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:74
    #1 0x61f37c8 in osd_malloc_array(unsigned long) /home/notroot/trunk/src/osd/sdl/sdlos_unix.c:108
    #2 0x5d201cd in malloc_file_line(unsigned long, char const*, int, bool, bool, bool) /home/notroot/trunk/src/lib/util/corealloc.c:112
    #3 0x5ce48d5 in operator new[](unsigned long) /home/notroot/trunk/src/lib/util/corealloc.h:64
    #4 0x5ce48d5 in bitmap_t::allocate(int, int, int, int) /home/notroot/trunk/src/lib/util/bitmap.c:149
    #5 0x5ce5d14 in bitmap_t::resize(int, int, int, int) /home/notroot/trunk/src/lib/util/bitmap.c:183
    #6 0x5a54943 in screen_device::realloc_screen_bitmaps() /home/notroot/trunk/src/emu/screen.c:538
    #7 0x5a528ce in screen_device::configure(int, int, rectangle const&, long long) /home/notroot/trunk/src/emu/screen.c:456
    #8 0x4f0ac03 in mc6845_device::recompute_parameters(bool) /home/notroot/trunk/src/emu/video/mc6845.c:536
    #9 0x4f09f4d in mc6845_device::device_post_load() /home/notroot/trunk/src/emu/video/mc6845.c:127
    #10 0x5796cbb in device_t::post_load() /home/notroot/trunk/src/emu/device.c:498
    #11 0x5967513 in running_machine::postload_all_devices() /home/notroot/trunk/src/emu/machine.c:1126
    #12 0x5a3d969 in delegate_base<void, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam>::operator()() const /home/notroot/trunk/src/lib/util/delegate.h:649
    #13 0x5a3d969 in save_manager::read_file(emu_file&) /home/notroot/trunk/src/emu/save.c:257
    #14 0x5969167 in running_machine::handle_saveload() /home/notroot/trunk/src/emu/machine.c:864
    #15 0x5967d15 in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:385
    #16 0x595fb47 in machine_manager::execute() /home/notroot/trunk/src/emu/mame.c:216
    #17 0x5772558 in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:243
    #18 0x2e53834 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:332
    #19 0x7f30d2b41de4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260

SUMMARY: AddressSanitizer: heap-buffer-overflow /home/notroot/trunk/src/mess/video/abc806.c:317 abc806_state::abc806_update_row(bitmap_rgb32&, rectangle const&, unsigned short, unsigned char, unsigned short, unsigned char, signed char, int, int, int)
Shadow bytes around the buggy address:
  0x0fe6984c19f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe6984c1a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07
  0x0fe6984c1a10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0fe6984c1a20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0fe6984c1a30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0fe6984c1a40: fa fa[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0fe6984c1a50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0fe6984c1a60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0fe6984c1a70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0fe6984c1a80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0fe6984c1a90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:     fa
  Heap right redzone:    fb
  Freed heap region:     fd
  Stack left redzone:    f1
  Stack mid redzone:     f2
  Stack right redzone:   f3
  Stack partial redzone: f4
  Stack after return:    f5
  Stack use after scope: f8
  Global redzone:        f9
  Global init order:     f6
  Poisoned by user:      f7
  ASan internal:         fe

Affected sets:
pet.c: cbm8296gd cbm4032f cbm8296dgv_de cbm8032_de mmf9000 cbm8096 mmf9000_se pet8032 cbm8296ed pet4032f cbm8096 cbm8296d_de cbm8296 cbm8032 cbm8032_se superpet cbm8296d
c128.c: c128_de c128cr c128p c128d c128dcr c128 c128dcrp c128dcr_de c128dp c128d81 c128_se c128dcr_se
cbm2.c: cbm620 cbm710 cbm610 b256 cbm720_se b128hp cbm720_de b256 cbm720 b256hp b128 bx256hp cbm620_hu b500 cbm730 b128hp
abc80x.c: abc806 abc802
bw12.c: bw12 bw14
v1050.c: v1050
Steps To Reproduce
Additional Information
Github Commit
Flags
Regression Version
Affected Sets / Systems several drivers using mc6845
Attached Files
 
Relationships
There are no relationship linked to this issue.
Notes
3
User avatar
No.11323
Firewave
Senior Tester
Dec 24, 2014, 14:29
Possibly caused by the mc6845 since I get similar errors for b128hp, b128, b256hp, b256 (cbm2.c):

==3524==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7f9e729726ac at pc 0x000001586ad2 bp 0x7ffff0211d60 sp 0x7ffff0211d58
WRITE of size 4 at 0x7f9e729726ac thread T0
    #0 0x1586ad1 in cbm2_state::crtc_update_row(bitmap_rgb32&, rectangle const&, unsigned short, unsigned char, unsigned short, unsigned char, signed char, int, int, int) /home/notroot/trunk/src/mess/drivers/cbm2.c:1126:4
    #1 0x4fc6b37 in delegate_base<void, bitmap_rgb32&, rectangle const&, unsigned short, unsigned char, unsigned short, unsigned char, signed char, int, int, int, _noparam, _noparam>::operator()(bitmap_rgb32&, rectangle const&, unsigned short, unsigned char, unsigned short, unsigned char, signed char, int, int, int) const /home/notroot/trunk/src/lib/util/delegate.h:659:162
    #2 0x4fc6b37 in mc6845_device::draw_scanline(int, bitmap_rgb32&, rectangle const&) /home/notroot/trunk/src/emu/video/mc6845.c:947
    #3 0x4fc6eca in mc6845_device::screen_update(screen_device&, bitmap_rgb32&, rectangle const&) /home/notroot/trunk/src/emu/video/mc6845.c:979:4
    #4 0x5afcb40 in delegate_base<unsigned int, screen_device&, bitmap_rgb32&, rectangle const&, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam>::operator()(screen_device&, bitmap_rgb32&, rectangle const&) const /home/notroot/trunk/src/lib/util/delegate.h:652:76
    #5 0x5afcb40 in screen_device::update_partial(int) /home/notroot/trunk/src/emu/screen.c:625
    #6 0x5b8aeb2 in video_manager::finish_screen_updates() /home/notroot/trunk/src/emu/video.c:649:3
    #7 0x5b8a4d0 in video_manager::frame_update(bool) /home/notroot/trunk/src/emu/video.c:202:27
    #8 0x5afbf72 in screen_device::vblank_begin() /home/notroot/trunk/src/emu/screen.c:822:3
    #9 0x5afbc39 in screen_device::device_timer(emu_timer&, unsigned int, int, void*) /home/notroot/trunk/src/emu/screen.c:404:4
    #10 0x5af3a53 in device_t::timer_expired(emu_timer&, unsigned int, int, void*) /home/notroot/trunk/src/emu/device.h:190:83
    #11 0x5af3a53 in device_scheduler::execute_timers() /home/notroot/trunk/src/emu/schedule.c:902
    #12 0x5aef5db in device_scheduler::timeslice() /home/notroot/trunk/src/emu/schedule.c:517:2
    #13 0x5a0f858 in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:391:5
    #14 0x5a07bfa in machine_manager::execute() /home/notroot/trunk/src/emu/mame.c:216:11
    #15 0x5839eae in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:244:15
    #16 0x2e67499 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:343:9
    #17 0x7f9e83f02ec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287
    #18 0xe7965c in _start (/home/notroot/trunk/mess64d+0xe7965c)

0x7f9e729726ac is located 557 bytes to the right of 1207423-byte region [0x7f9e7284b800,0x7f9e7297247f)
allocated by thread T0 here:
    #0 0xe5bfeb in __interceptor_malloc /home/ben/development/llvm/3.5/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:40:3
    #1 0x625c418 in osd_malloc_array(unsigned long) /home/notroot/trunk/src/osd/sdl/sdlos_unix.c:108:9
    #2 0x5d75dba in malloc_file_line(unsigned long, char const*, int, bool, bool, bool) /home/notroot/trunk/src/lib/util/corealloc.c:112:25
    #3 0x5d3edd2 in operator new[](unsigned long) /home/notroot/trunk/src/lib/util/corealloc.h:64:97
    #4 0x5d3edd2 in bitmap_t::allocate(int, int, int, int) /home/notroot/trunk/src/lib/util/bitmap.c:149
    #5 0x5d4012c in bitmap_t::resize(int, int, int, int) /home/notroot/trunk/src/lib/util/bitmap.c:183:3
    #6 0x5afb923 in screen_device::realloc_screen_bitmaps() /home/notroot/trunk/src/emu/screen.c:538:3
    #7 0x5afb7a8 in screen_device::device_post_load() /home/notroot/trunk/src/emu/screen.c:389:2
    #8 0x5856c8b in device_t::post_load() /home/notroot/trunk/src/emu/device.c:498:2
    #9 0x5a0ef63 in running_machine::postload_all_devices() /home/notroot/trunk/src/emu/machine.c:1172:3
    #10 0x5ae7778 in delegate_base<void, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam>::operator()() const /home/notroot/trunk/src/lib/util/delegate.h:649:42
    #11 0x5ae7778 in save_manager::read_file(emu_file&) /home/notroot/trunk/src/emu/save.c:257
    #12 0x5a11015 in running_machine::handle_saveload() /home/notroot/trunk/src/emu/machine.c:910:59
    #13 0x5a0f887 in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:399:5
    #14 0x5a07bfa in machine_manager::execute() /home/notroot/trunk/src/emu/mame.c:216:11
    #15 0x5839eae in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:244:15
    #16 0x2e67499 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:343:9
    #17 0x7f9e83f02ec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287
User avatar
No.11360
Firewave
Senior Tester
Jan 6, 2015, 01:33
Here's some obversations based on c128:

The problem is, that the bitmap is being reallocated after the savestate is loaded. The last allocation before the saving looks like this

bitmap_t::allocate - 1024 1056 0 32 4325503

and the one after loading the savestate looks like this

bitmap_t::allocate - 1024 264 0 32 1081471

It is smaller since the m_max_ras_addr is changed by loading the savestate from 0x1f to 0x0a, which is correct, but the postload of the screen causes the bitmap to be reallocated with those recomputed values causing the bitmap to become too small.
User avatar
No.20741
Firewave
Senior Tester
Nov 5, 2022, 09:24
Running "v1050 -autosave -str 2" (twice - first to save - second to load) with 0.249 on Linux reports:
==1853==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7f40906ab8a0 at pc 0x7f41118f7c70 bp 0x7fffebd0f5b0 sp 0x7fffebd0f5a8
WRITE of size 4 at 0x7f40906ab8a0 thread T0
    #0 0x7f41118f7c6f in v1050_state::crtc_update_row(bitmap_rgb32&, rectangle const&, unsigned short, unsigned char, unsigned short, unsigned char, signed char, int, int, int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/mame/visual/v1050_v.cpp:83:33
    #1 0x7f411dfaea0b in util::detail::delegate_base<delegate_late_bind, void, bitmap_rgb32&, rectangle const&, unsigned short, unsigned char, unsigned short, unsigned char, signed char, int, int, int>::operator()(bitmap_rgb32&, rectangle const&, unsigned short, unsigned char, unsigned short, unsigned char, signed char, int, int, int) const /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:765:11
    #2 0x7f411df8f281 in mc6845_device::draw_scanline(int, bitmap_rgb32&, rectangle const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/video/mc6845.cpp
    #3 0x7f411df91c9c in mc6845_device::screen_update(screen_device&, bitmap_rgb32&, rectangle const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/video/mc6845.cpp:1192:10
    #4 0x7f411bf226fd in util::detail::delegate_base<delegate_late_bind, unsigned int, screen_device&, bitmap_rgb32&, rectangle const&>::operator()(screen_device&, bitmap_rgb32&, rectangle const&) const /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:765:11
    #5 0x7f4126bf65b1 in screen_device::update_partial(int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/screen.cpp:1216:41
    #6 0x7f4126cf6b09 in video_manager::finish_screen_updates() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:622:10
    #7 0x7f4126cf590b in video_manager::frame_update(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:215:44
    #8 0x7f4126becb78 in screen_device::vblank_begin(int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/screen.cpp:1646:21
    #9 0x7f4126bd56b4 in operator() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:765:11
    #10 0x7f4126bd56b4 in device_scheduler::execute_timers() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:951:5
    #11 0x7f4126bd05f8 in device_scheduler::timeslice() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:505:2
    #12 0x7f4126a6d067 in running_machine::run(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:329:17
    #13 0x7f411eb7ccaf in mame_machine_manager::execute() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:290:19
    #14 0x7f411ff34026 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:275:22
    #15 0x7f411ff37b6f in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:291:3
    #16 0x7f411eb81a8f in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:454:18
    #17 0x7f4126d630fb in main /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:191:9
    #18 0x7f40d9aa9209 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #19 0x7f40d9aa92bb in __libc_start_main csu/../csu/libc-start.c:389:3
    #20 0x7f41006f3120 in _start (/mnt/s/GitHub/mame/mame+0x24d60120) (BuildId: 7b7aeda5846ab501)

0x7f40906ab8a0 is located 160 bytes to the right of 1024000-byte region [0x7f40905b1800,0x7f40906ab800)
allocated by thread T0 here:
    #0 0x7f41007b10dd in operator new[](unsigned long, std::nothrow_t const&) (/mnt/s/GitHub/mame/mame+0x24e1e0dd) (BuildId: 7b7aeda5846ab501)
    #1 0x7f4128e74075 in bitmap_t::allocate(int, int, int, int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/bitmap.cpp:242:17
    #2 0x7f4126bec133 in screen_device::register_screen_bitmap(bitmap_t&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/screen.cpp:1627:9
    #3 0x7f4126be82a4 in screen_device::device_start() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/screen.cpp:819:3
    #4 0x7f41201de7d0 in device_t::start() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/device.cpp:562:2
    #5 0x7f4126a6be9f in running_machine::start_all_devices() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:1013:13
    #6 0x7f4126a69e74 in running_machine::start() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:211:2
    #7 0x7f4126a6cc9c in running_machine::run(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:281:3
    #8 0x7f411eb7ccaf in mame_machine_manager::execute() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:290:19
    #9 0x7f411ff34026 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:275:22
    #10 0x7f411ff37b6f in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:291:3
    #11 0x7f411eb81a8f in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:454:18
    #12 0x7f4126d630fb in main /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:191:9
    #13 0x7f40d9aa9209 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16

SUMMARY: AddressSanitizer: heap-buffer-overflow /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/mame/visual/v1050_v.cpp:83:33 in v1050_state::crtc_update_row(bitmap_rgb32&, rectangle const&, unsigned short, unsigned char, unsigned short, unsigned char, signed char, int, int, int)
Shadow bytes around the buggy address:
  0x0fe8920cd6c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe8920cd6d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe8920cd6e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe8920cd6f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe8920cd700: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0fe8920cd710: fa fa fa fa[fa]fa fa fa fa fa fa fa fa fa fa fa
  0x0fe8920cd720: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0fe8920cd730: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0fe8920cd740: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0fe8920cd750: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0fe8920cd760: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb