Viewing Issue Advanced Details
ID Category [?] Severity [?] Reproducibility Date Submitted Last Update
05671 Crash/Freeze Critical (emulator) Always Aug 11, 2014, 19:04 Nov 5, 2022, 09:19
Tester Firewave View Status Public Platform MESS (Self-compiled)
Assigned To Resolution Fixed OS Linux
Status [?] Resolved Driver
Version 0.154 Fixed in Version Build Debug
Fixed in Git Commit Github Pull Request #
Summary MESS-specific 05671: alto2: AddressSanitizer: stack-buffer-overflow with -debug
Description
==12003==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fff433241c2 at pc 0x5ccb91b bp 0x7fff43323d40 sp 0x7fff43323d38
READ of size 1 at 0x7fff433241c2 thread T0
    #0 0x5ccb91a in alto2_cpu_device::disasm_disassemble(char*, unsigned int, unsigned char const*, unsigned char const*, unsigned int) /home/notroot/trunk/src/emu/cpu/alto2/alto2dsm.c:227
    #1 0x5ccb998 in non-virtual thunk to alto2_cpu_device::disasm_disassemble(char*, unsigned int, unsigned char const*, unsigned char const*, unsigned int) /home/notroot/trunk/src/emu/cpu/alto2/alto2dsm.c:391
    #2 0x5b186d5 in device_disasm_interface::disassemble(char*, unsigned int, unsigned char const*, unsigned char const*, unsigned int) /home/notroot/trunk/src/emu/didisasm.h:63
    #3 0x5b186d5 in device_debug::disassemble(char*, unsigned int, unsigned char const*, unsigned char const*) const /home/notroot/trunk/src/emu/debug/debugcpu.c:2038
    #4 0x5b30851 in debug_view_disasm::recompute(unsigned int, int, int) /home/notroot/trunk/src/emu/debug/dvdisasm.c:402
    #5 0x5b31ae0 in debug_view_disasm::view_update() /home/notroot/trunk/src/emu/debug/dvdisasm.c:511
    #6 0x5b29bcd in debug_view::end_update() /home/notroot/trunk/src/emu/debug/debugvw.c:122
    #7 0x5b2a3d4 in debug_view::set_source(debug_view_source const&) /home/notroot/trunk/src/emu/debug/debugvw.c:229
    #8 0x5b2e05c in debug_view_disasm::enumerate_sources() /home/notroot/trunk/src/emu/debug/dvdisasm.c:106
    #9 0x5b2d61c in debug_view_disasm::debug_view_disasm(running_machine&, void (*)(debug_view&, void*), void*) /home/notroot/trunk/src/emu/debug/dvdisasm.c:59
    #10 0x5b2add4 in debug_view_manager::alloc_view(debug_view_type, void (*)(debug_view&, void*), void*) /home/notroot/trunk/src/emu/debug/debugvw.c:356
    #11 0x2ee8349 in DebuggerView::DebuggerView(debug_view_type const&, running_machine*, QWidget*) /home/notroot/trunk/src/osd/modules/debugger/qt/debugqtview.c:19
    #12 0x2ec1e8b in DasmDockWidget::DasmDockWidget(running_machine*, QWidget*) /home/notroot/trunk/src/osd/modules/debugger/qt/debugqtmainwindow.h:80
    #13 0x2eb75d6 in MainWindow::MainWindow(running_machine*, QWidget*) /home/notroot/trunk/src/osd/modules/debugger/qt/debugqtmainwindow.c:110
    #14 0x2ea86b6 in debugger_qt::wait_for_debugger(device_t&, bool) /home/notroot/trunk/src/osd/modules/debugger/debugqt.c:267
    #15 0x5b6e086 in osd_interface::wait_for_debugger(device_t&, bool) /home/notroot/trunk/src/osd/osdepend.c:277
    #16 0x5b149e3 in device_debug::instruction_hook(unsigned int) /home/notroot/trunk/src/emu/debug/debugcpu.c:1937
    #17 0x4cad869 in debugger_instruction_hook(device_t*, unsigned int) /home/notroot/trunk/src/emu/debugger.h:50
    #18 0x4cad869 in alto2_cpu_device::execute_run() /home/notroot/trunk/src/emu/cpu/alto2/alto2cpu.c:2320
    #19 0x4caf3bf in non-virtual thunk to alto2_cpu_device::execute_run() /home/notroot/trunk/src/emu/cpu/alto2/alto2cpu.c:2714
    #20 0x5a46255 in device_execute_interface::run() /home/notroot/trunk/src/emu/diexec.h:189
    #21 0x5a46255 in device_scheduler::timeslice() /home/notroot/trunk/src/emu/schedule.c:480
    #22 0x5967cc1 in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:377
    #23 0x595fb47 in machine_manager::execute() /home/notroot/trunk/src/emu/mame.c:216
    #24 0x5772558 in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:243
    #25 0x2e53834 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:332
    #26 0x7fa7fd6fdde4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260
    #27 0xd8e65c in _start (/home/notroot/trunk/mess64d+0xd8e65c)

Address 0x7fff433241c2 is located in stack of thread T0 at offset 578 in frame
    #0 0x5b2f9bf in debug_view_disasm::recompute(unsigned int, int, int) /home/notroot/trunk/src/emu/debug/dvdisasm.c:333

  This frame has 5 object(s):
    [32, 132) 'oldbuf'
    [192, 292) 'buffer'
    [352, 356) 'physpcbyte'
    [416, 480) 'opbuf'
    [512, 576) 'argbuf' <== Memory access at offset 578 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /home/notroot/trunk/src/emu/cpu/alto2/alto2dsm.c:227 alto2_cpu_device::disasm_disassemble(char*, unsigned int, unsigned char const*, unsigned char const*, unsigned int)
Shadow bytes around the buggy address:
  0x10006865c7e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006865c7f0: f1 f1 f1 f1 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006865c800: 04 f4 f4 f4 f2 f2 f2 f2 00 00 00 00 00 00 00 00
  0x10006865c810: 00 00 00 00 04 f4 f4 f4 f2 f2 f2 f2 04 f4 f4 f4
  0x10006865c820: f2 f2 f2 f2 00 00 00 00 00 00 00 00 f2 f2 f2 f2
=>0x10006865c830: 00 00 00 00 00 00 00 00[f3]f3 f3 f3 00 00 00 00
  0x10006865c840: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006865c850: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006865c860: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006865c870: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006865c880: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:     fa
  Heap right redzone:    fb
  Freed heap region:     fd
  Stack left redzone:    f1
  Stack mid redzone:     f2
  Stack right redzone:   f3
  Stack partial redzone: f4
  Stack after return:    f5
  Stack use after scope: f8
  Global redzone:        f9
  Global init order:     f6
  Poisoned by user:      f7
  ASan internal:         fe
Steps To Reproduce
Additional Information
Github Commit
Flags
Regression Version
Affected Sets / Systems alto2
Attached Files
 
Relationships
There are no relationship linked to this issue.
Notes
1
User avatar
No.20740
Firewave
Senior Tester
Nov 5, 2022, 09:19
No ASAN error with 0.249 on Linux.