 No.17358
Firewave Senior Tester
Jan 12, 2020, 12:42
|
Using -video d3d it errors out much earlier
=================================================================
==18168==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x41517120 at pc 0x09de9af9 bp 0x161bacdc sp 0x161bacd0
READ of size 4 at 0x41517120 thread T0
==18168==WARNING: Failed to use and restart external symbolizer!
#0 0x9de9af8 in texture_info::copyline_palette16 s:\dev\mame0217\src\osd\modules\render\drawd3d.cpp:2224
#1 0x9df34d0 in texture_info::set_data s:\dev\mame0217\src\osd\modules\render\drawd3d.cpp:2442
#2 0x9de5e6c in texture_info::texture_info s:\dev\mame0217\src\osd\modules\render\drawd3d.cpp:2111
#3 0x9df5683 in d3d_texture_manager::update_textures s:\dev\mame0217\src\osd\modules\render\drawd3d.cpp:605
#4 0x9de8366 in renderer_d3d9::begin_frame s:\dev\mame0217\src\osd\modules\render\drawd3d.cpp:667
#5 0x9ded34b in renderer_d3d9::draw s:\dev\mame0217\src\osd\modules\render\drawd3d.cpp:239
#6 0x9dcdd4a in win_window_info::draw_video_contents s:\dev\mame0217\src\osd\windows\window.cpp:1437
#7 0x9dd0e3b in win_window_info::video_window_proc s:\dev\mame0217\src\osd\windows\window.cpp:1360
#8 0x9dd7216 in winwindow_video_window_proc_ui s:\dev\mame0217\src\osd\windows\winmenu.cpp:23
#9 0x767846ca in AddClipboardFormatListener+0x4a (C:\WINDOWS\System32\USER32.dll+0x69e446ca)
#10 0x767660bb in CallWindowProcW+0xb2b (C:\WINDOWS\System32\USER32.dll+0x69e260bb)
#11 0x7676586c in CallWindowProcW+0x2dc (C:\WINDOWS\System32\USER32.dll+0x69e2586c)
#12 0x76765532 in SendMessageW+0x122 (C:\WINDOWS\System32\USER32.dll+0x69e25532)
#13 0x9dcfe05 in win_window_info::update s:\dev\mame0217\src\osd\windows\window.cpp:922
#14 0x9e0717a in windows_osd_interface::update s:\dev\mame0217\src\osd\windows\video.cpp:94
#15 0x5df7e1c in video_manager::frame_update s:\dev\mame0217\src\emu\video.cpp:238
#16 0x596a652 in screen_device::vblank_begin s:\dev\mame0217\src\emu\screen.cpp:1660
#17 0x5962975 in screen_device::device_timer s:\dev\mame0217\src\emu\screen.cpp:959
#18 0x5c586dd in emu_timer::device_timer_expired s:\dev\mame0217\src\emu\schedule.cpp:317
#19 0x5c58d7c in device_scheduler::execute_timers s:\dev\mame0217\src\emu\schedule.cpp:907
#20 0x5c5bdfe in device_scheduler::timeslice s:\dev\mame0217\src\emu\schedule.cpp:544
#21 0x5c6a220 in running_machine::run s:\dev\mame0217\src\emu\machine.cpp:372
#22 0x6b0b15c in mame_machine_manager::execute+0x52c (s:\dev\mame0217\build\projects\windows\mame\vs2019\..\..\..\..\..\mame.exe+0x6e9b15c)
#23 0x6b2d54a in cli_frontend::start_execution+0x56a (s:\dev\mame0217\build\projects\windows\mame\vs2019\..\..\..\..\..\mame.exe+0x6ebd54a)
#24 0x6b252d4 in cli_frontend::execute+0x174 (s:\dev\mame0217\build\projects\windows\mame\vs2019\..\..\..\..\..\mame.exe+0x6eb52d4)
#25 0x6b0c0b9 in emulator_info::start_frontend+0x59 (s:\dev\mame0217\build\projects\windows\mame\vs2019\..\..\..\..\..\mame.exe+0x6e9c0b9)
#26 0x9dd57fe in main s:\dev\mame0217\src\osd\windows\winmain.cpp:323
#27 0x9b78e39 in __scrt_common_main_seh d:\agent\_work\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288
#28 0x75d36358 in BaseThreadInitThunk+0x18 (C:\WINDOWS\System32\KERNEL32.DLL+0x6b816358)
#29 0x779f7b73 in RtlGetAppContainerNamedObjectPath+0xe3 (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2e7b73)
#30 0x779f7b43 in RtlGetAppContainerNamedObjectPath+0xb3 (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2e7b43)
Address 0x41517120 is a wild pointer.
SUMMARY: AddressSanitizer: heap-buffer-overflow s:\dev\mame0217\src\osd\modules\render\drawd3d.cpp:2224 in texture_info::copyline_palette16
Shadow bytes around the buggy address:
0x382a2dd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x382a2de0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x382a2df0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x382a2e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x382a2e10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x382a2e20: 00 00 00 00[00]00 00 00 00 00 00 00 00 00 00 00
0x382a2e30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x382a2e40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x382a2e50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x382a2e60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x382a2e70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
|
|---|---|
|
No.17359
Firewave Senior Tester
Jan 13, 2020, 17:44
|
Looks like the palette is accessed out of bounds in texture_info::copyline_palette16():Address 0x41517120 is a wild pointer.
+ palette 0x41514120 {m_data=4278190080 } const rgb_t *
+ src 0x2be678b0 {3072} const unsigned short *
|
|
No.20683
Firewave Senior Tester
Nov 2, 2022, 00:04
|
Also happens when taking a snapshot on Linux with 0.249:
=================================================================
==30538==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x621000157100 at pc 0x7f66e0e2cb48 bp 0x7ffff0082d20 sp 0x7ffff0082d18
READ of size 4 at 0x621000157100 thread T0
#0 0x7f66e0e2cb47 in operator unsigned int /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/palette.h:61:47
#1 0x7f66e0e2cb47 in software_renderer<unsigned int, 0, 0, 0, 16, 8, 0, false, true>::get_texel_palette16(render_texinfo const&, int, int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/rendersw.hxx:148:16
#2 0x7f66e0e104e6 in software_renderer<unsigned int, 0, 0, 0, 16, 8, 0, false, true>::draw_quad_palette16_none(render_primitive const&, unsigned int*, unsigned int, software_renderer<unsigned int, 0, 0, 0, 16, 8, 0, false, true>::quad_setup_data const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/rendersw.hxx:684:22
#3 0x7f66e0e0df43 in software_renderer<unsigned int, 0, 0, 0, 16, 8, 0, false, true>::setup_and_draw_textured_quad(render_primitive const&, unsigned int*, int, int, unsigned int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/rendersw.hxx:1782:5
#4 0x7f66e0e07802 in software_renderer<unsigned int, 0, 0, 0, 16, 8, 0, false, true>::draw_primitives(render_primitive_list const&, void*, unsigned int, unsigned int, unsigned int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/rendersw.hxx:1867:7
#5 0x7f66e0e007c8 in video_manager::create_snapshot_bitmap(screen_device*) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:1046:3
#6 0x7f66e0dff568 in video_manager::save_snapshot(screen_device*, util::core_file&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:329:2
#7 0x7f66e0dfde55 in video_manager::recompute_speed(attotime const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:1005:5
#8 0x7f66e0dfb0e8 in video_manager::frame_update(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:261:4
#9 0x7f66e0cf47c8 in screen_device::vblank_begin(int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/screen.cpp:1646:21
#10 0x7f66e0cdd304 in operator() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:765:11
#11 0x7f66e0cdd304 in device_scheduler::execute_timers() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:951:5
#12 0x7f66e0cd8858 in device_scheduler::timeslice() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:505:2
#13 0x7f66e0b704a7 in running_machine::run(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:329:17
#14 0x7f66e3cd6f7f in mame_machine_manager::execute() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:290:19
#15 0x7f66e3ecb8d6 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:275:22
#16 0x7f66e3ecf41f in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:291:3
#17 0x7f66e3cdbd5f in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:454:18
#18 0x7f66e0eb258b in main /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:191:9
#19 0x7f669f3b9209 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#20 0x7f669f3b92bb in __libc_start_main csu/../csu/libc-start.c:389:3
#21 0x7f66be63c260 in _start (/mnt/s/GitHub/mame/mame+0x1d397260) (BuildId: 603d3d1c300651feb2a8e3ac6e9cb58d3f85e77b)
Address 0x621000157100 is a wild pointer inside of access range of size 0x000000000004.
SUMMARY: AddressSanitizer: heap-buffer-overflow /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/palette.h:61:47 in operator unsigned int
Shadow bytes around the buggy address:
0x0c4280022dd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4280022de0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4280022df0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4280022e00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4280022e10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c4280022e20:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4280022e30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4280022e40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4280022e50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4280022e60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4280022e70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==30538==ABORTING
|
|
No.22673
Firewave Senior Tester
Dec 22, 2024, 23:25
|
Occurs randomly in 0.272 just starting it
==138146==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x521000bb2500 at pc 0x62df37432bf4 bp 0x7ffda046ff90 sp 0x7ffda046ff88
READ of size 4 at 0x521000bb2500 thread T0
#0 0x62df37432bf3 in operator unsigned int /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/palette.h:61:47
#1 0x62df37432bf3 in copyline_palette16 /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/modules/render/drawogl.cpp:2214:34
#2 0x62df37432bf3 in texture_set_data /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/modules/render/drawogl.cpp:2490:7
#3 0x62df37432bf3 in osd::(anonymous namespace)::renderer_ogl::texture_update(render_primitive const*, int) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/modules/render/drawogl.cpp:2826:5
#4 0x62df3742494a in osd::(anonymous namespace)::renderer_ogl::draw(int) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/modules/render/drawogl.cpp:1465:15
#5 0x62df37667fbc in sdl_window_info::update() /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/window.cpp:791:17
#6 0x62df3766131f in sdl_osd_interface::update(bool) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/video.cpp:103:12
#7 0x62df37392327 in video_manager::frame_update(bool) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:244:19
#8 0x62df372f721f in screen_device::vblank_begin(int) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/screen.cpp:1644:21
#9 0x62df372e9d8d in operator() /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:765:11
#10 0x62df372e9d8d in device_scheduler::execute_timers() /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:951:5
#11 0x62df372e4bc8 in device_scheduler::timeslice() /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:504:2
#12 0x62df371c26bb in running_machine::run(bool) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:333:17
#13 0x62df32b098b3 in mame_machine_manager::execute() /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:288:19
#14 0x62df3384f057 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:277:22
#15 0x62df33851a34 in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>>&) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:293:3
#16 0x62df32b0c43d in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>>&) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:453:18
#17 0x62df373ff195 in main /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:100:9
#18 0x754cc2634e07 in __libc_start_call_main /usr/src/debug/glibc/glibc/csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#19 0x754cc2634ecb in __libc_start_main /usr/src/debug/glibc/glibc/csu/../csu/libc-start.c:360:3
#20 0x62df19c4dce4 in _start (/home/user/CLionProjects/mame/mame+0x10867ce4) (BuildId: a76848f9c1b76b9e)
Address 0x521000bb2500 is a wild pointer inside of access range of size 0x000000000004.
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/palette.h:61:47 in operator unsigned int
Shadow bytes around the buggy address:
0x521000bb2280: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x521000bb2300: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x521000bb2380: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x521000bb2400: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x521000bb2480: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x521000bb2500:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x521000bb2580: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x521000bb2600: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x521000bb2680: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x521000bb2700: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x521000bb2780: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
|
 No.22676
hap Developer
Dec 23, 2024, 10:43
edited on: Dec 23, 2024, 10:44
|
Could you try again after this commit?: https://github.com/mamedev/mame/commit/abf2bacb4c7f7d3f363cbc74b29a628ee4ced2c0 I think the culprit was this: PALETTE(config, m_palette2).set_format(palette_device::xBGR_555, 1024); m_palette->enable_shadows(); m_palette->enable_hilights(); should be: m_palette2->enable_shadows(); m_palette2->enable_hilights(); |