| ID | Category [?] | Severity [?] | Reproducibility | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 05671 | Crash/Freeze | Critical (emulator) | Always | Aug 11, 2014, 19:04 | Nov 5, 2022, 09:19 |
| Tester | Firewave | View Status | Public | Platform | MESS (Self-compiled) |
| Assigned To | Resolution | Fixed | OS | Linux | |
| Status [?] | Resolved | Driver | |||
| Version | 0.154 | Fixed in Version | Build | Debug | |
| Fixed in Git Commit | Github Pull Request # | ||||
| Summary |
 05671: alto2: AddressSanitizer: stack-buffer-overflow with -debug |
||||
| Description |
==12003==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fff433241c2 at pc 0x5ccb91b bp 0x7fff43323d40 sp 0x7fff43323d38
READ of size 1 at 0x7fff433241c2 thread T0
#0 0x5ccb91a in alto2_cpu_device::disasm_disassemble(char*, unsigned int, unsigned char const*, unsigned char const*, unsigned int) /home/notroot/trunk/src/emu/cpu/alto2/alto2dsm.c:227
#1 0x5ccb998 in non-virtual thunk to alto2_cpu_device::disasm_disassemble(char*, unsigned int, unsigned char const*, unsigned char const*, unsigned int) /home/notroot/trunk/src/emu/cpu/alto2/alto2dsm.c:391
#2 0x5b186d5 in device_disasm_interface::disassemble(char*, unsigned int, unsigned char const*, unsigned char const*, unsigned int) /home/notroot/trunk/src/emu/didisasm.h:63
#3 0x5b186d5 in device_debug::disassemble(char*, unsigned int, unsigned char const*, unsigned char const*) const /home/notroot/trunk/src/emu/debug/debugcpu.c:2038
#4 0x5b30851 in debug_view_disasm::recompute(unsigned int, int, int) /home/notroot/trunk/src/emu/debug/dvdisasm.c:402
#5 0x5b31ae0 in debug_view_disasm::view_update() /home/notroot/trunk/src/emu/debug/dvdisasm.c:511
#6 0x5b29bcd in debug_view::end_update() /home/notroot/trunk/src/emu/debug/debugvw.c:122
#7 0x5b2a3d4 in debug_view::set_source(debug_view_source const&) /home/notroot/trunk/src/emu/debug/debugvw.c:229
#8 0x5b2e05c in debug_view_disasm::enumerate_sources() /home/notroot/trunk/src/emu/debug/dvdisasm.c:106
#9 0x5b2d61c in debug_view_disasm::debug_view_disasm(running_machine&, void (*)(debug_view&, void*), void*) /home/notroot/trunk/src/emu/debug/dvdisasm.c:59
#10 0x5b2add4 in debug_view_manager::alloc_view(debug_view_type, void (*)(debug_view&, void*), void*) /home/notroot/trunk/src/emu/debug/debugvw.c:356
#11 0x2ee8349 in DebuggerView::DebuggerView(debug_view_type const&, running_machine*, QWidget*) /home/notroot/trunk/src/osd/modules/debugger/qt/debugqtview.c:19
#12 0x2ec1e8b in DasmDockWidget::DasmDockWidget(running_machine*, QWidget*) /home/notroot/trunk/src/osd/modules/debugger/qt/debugqtmainwindow.h:80
#13 0x2eb75d6 in MainWindow::MainWindow(running_machine*, QWidget*) /home/notroot/trunk/src/osd/modules/debugger/qt/debugqtmainwindow.c:110
#14 0x2ea86b6 in debugger_qt::wait_for_debugger(device_t&, bool) /home/notroot/trunk/src/osd/modules/debugger/debugqt.c:267
#15 0x5b6e086 in osd_interface::wait_for_debugger(device_t&, bool) /home/notroot/trunk/src/osd/osdepend.c:277
#16 0x5b149e3 in device_debug::instruction_hook(unsigned int) /home/notroot/trunk/src/emu/debug/debugcpu.c:1937
#17 0x4cad869 in debugger_instruction_hook(device_t*, unsigned int) /home/notroot/trunk/src/emu/debugger.h:50
#18 0x4cad869 in alto2_cpu_device::execute_run() /home/notroot/trunk/src/emu/cpu/alto2/alto2cpu.c:2320
#19 0x4caf3bf in non-virtual thunk to alto2_cpu_device::execute_run() /home/notroot/trunk/src/emu/cpu/alto2/alto2cpu.c:2714
#20 0x5a46255 in device_execute_interface::run() /home/notroot/trunk/src/emu/diexec.h:189
#21 0x5a46255 in device_scheduler::timeslice() /home/notroot/trunk/src/emu/schedule.c:480
#22 0x5967cc1 in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:377
#23 0x595fb47 in machine_manager::execute() /home/notroot/trunk/src/emu/mame.c:216
#24 0x5772558 in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:243
#25 0x2e53834 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:332
#26 0x7fa7fd6fdde4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260
#27 0xd8e65c in _start (/home/notroot/trunk/mess64d+0xd8e65c)
Address 0x7fff433241c2 is located in stack of thread T0 at offset 578 in frame
#0 0x5b2f9bf in debug_view_disasm::recompute(unsigned int, int, int) /home/notroot/trunk/src/emu/debug/dvdisasm.c:333
This frame has 5 object(s):
[32, 132) 'oldbuf'
[192, 292) 'buffer'
[352, 356) 'physpcbyte'
[416, 480) 'opbuf'
[512, 576) 'argbuf' <== Memory access at offset 578 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /home/notroot/trunk/src/emu/cpu/alto2/alto2dsm.c:227 alto2_cpu_device::disasm_disassemble(char*, unsigned int, unsigned char const*, unsigned char const*, unsigned int)
Shadow bytes around the buggy address:
0x10006865c7e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10006865c7f0: f1 f1 f1 f1 00 00 00 00 00 00 00 00 00 00 00 00
0x10006865c800: 04 f4 f4 f4 f2 f2 f2 f2 00 00 00 00 00 00 00 00
0x10006865c810: 00 00 00 00 04 f4 f4 f4 f2 f2 f2 f2 04 f4 f4 f4
0x10006865c820: f2 f2 f2 f2 00 00 00 00 00 00 00 00 f2 f2 f2 f2
=>0x10006865c830: 00 00 00 00 00 00 00 00[f3]f3 f3 f3 00 00 00 00
0x10006865c840: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10006865c850: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10006865c860: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10006865c870: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10006865c880: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
ASan internal: fe
|
||||
| Steps To Reproduce | |||||
| Additional Information | |||||
| Github Commit | |||||
| Flags | |||||
| Regression Version | |||||
| Affected Sets / Systems | alto2 | ||||
|
Attached Files
|
|||||
 No.20740
Firewave Senior Tester
Nov 5, 2022, 09:19
|
No ASAN error with 0.249 on Linux. |
|---|