Viewing Issue Advanced Details
ID Category [?] Severity [?] Reproducibility Date Submitted Last Update
07544 Misc. Critical (emulator) Always Jan 8, 2020, 10:11 Nov 5, 2022, 08:53
Tester Firewave View Status Public Platform MAME (Self-compiled)
Assigned To galibert Resolution Open OS Windows 10 (64-bit)
Status [?] Assigned Driver
Version 0.217 Fixed in Version Build 32-bit
Fixed in Git Commit Github Pull Request #
Summary MESS-specific 07544: to9: AddressSanitizer: heap-buffer-overflow
Description
=================================================================
==23816==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x22bb083e at pc 0x0684b096 bp 0x006fb99c sp 0x006fb990
READ of size 1 at 0x22bb083e thread T0
    #0 0x684b095 in handler_entry_read_memory_bank<0,0,1>::read+0xd5 (s:\dev\mame0217\mame.exe+0x617b095)
    #1 0x6bdec8a in handler_entry_read_dispatch<16,0,1,1>::read+0x7a (s:\dev\mame0217\mame.exe+0x650ec8a)
    #2 0x66560f0 in address_space_specific<0,1,1>::read_native+0x70 (s:\dev\mame0217\mame.exe+0x5f860f0)
    #3 0x664fe85 in address_space_specific<0,0,1>::read_byte+0x45 (s:\dev\mame0217\mame.exe+0x5f7fe85)
    #4 0x7cefe4d in c39_device::mi_banked::read+0x6d (s:\dev\mame0217\mame.exe+0x761fe4d)
    #5 0x7e0c82d in m6809_base_device::read_memory+0x7d (s:\dev\mame0217\mame.exe+0x773c82d)
    #6 0x7e0a6a9 in m6809_base_device::execute_one+0x3ab9 (s:\dev\mame0217\mame.exe+0x773a6a9)
    #7 0x7e0bcd6 in m6809_base_device::execute_run+0x26 (s:\dev\mame0217\mame.exe+0x773bcd6)
    #8 0x669d553 in device_scheduler::timeslice+0x683 (s:\dev\mame0217\mame.exe+0x5fcd553)
    #9 0x66abc95 in running_machine::run+0x305 (s:\dev\mame0217\mame.exe+0x5fdbc95)
    #10 0x75392fc in mame_machine_manager::execute+0x52c (s:\dev\mame0217\mame.exe+0x6e692fc)
    #11 0x755b36a in cli_frontend::start_execution+0x56a (s:\dev\mame0217\mame.exe+0x6e8b36a)
    #12 0x7553104 in cli_frontend::execute+0x174 (s:\dev\mame0217\mame.exe+0x6e83104)
    #13 0x753a259 in emulator_info::start_frontend+0x59 (s:\dev\mame0217\mame.exe+0x6e6a259)
    #14 0xa7f25be in main+0x43e (s:\dev\mame0217\mame.exe+0xa1225be)
    #15 0xa598c9a in __scrt_common_main_seh d:\agent\_work\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288
    #16 0x75d36358 in BaseThreadInitThunk+0x18 (C:\WINDOWS\System32\KERNEL32.DLL+0x6b816358)
    #17 0x779f7b73 in RtlGetAppContainerNamedObjectPath+0xe3 (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2e7b73)
    #18 0x779f7b43 in RtlGetAppContainerNamedObjectPath+0xb3 (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2e7b43)

0x22bb083e is located 27 bytes to the right of 65571-byte region [0x22ba0800,0x22bb0823)
allocated by thread T0 here:
    #0 0x1382e7d in operator new D:\agent\_work\s\src\vctools\crt\asan\llvm\compiler-rt\lib\asan\asan_new_delete.cc:99
    #1 0x1388b51 in std::_Allocate<8,std::_Default_allocate_traits,0>+0x21 (s:\dev\mame0217\mame.exe+0xcb8b51)
    #2 0x65c19c4 in memory_region::memory_region+0xc4 (s:\dev\mame0217\mame.exe+0x5ef19c4)
    #3 0x666194b in memory_manager::region_alloc+0x25b (s:\dev\mame0217\mame.exe+0x5f9194b)
    #4 0x6747d03 in rom_load_manager::process_region_list+0x173 (s:\dev\mame0217\mame.exe+0x6077d03)
    #5 0x6741169 in rom_load_manager::rom_load_manager+0x819 (s:\dev\mame0217\mame.exe+0x6071169)
    #6 0x66acec7 in running_machine::start+0x447 (s:\dev\mame0217\mame.exe+0x5fdcec7)
    #7 0x66abb05 in running_machine::run+0x175 (s:\dev\mame0217\mame.exe+0x5fdbb05)
    #8 0x75392fc in mame_machine_manager::execute+0x52c (s:\dev\mame0217\mame.exe+0x6e692fc)
    #9 0x755b36a in cli_frontend::start_execution+0x56a (s:\dev\mame0217\mame.exe+0x6e8b36a)
    #10 0x7553104 in cli_frontend::execute+0x174 (s:\dev\mame0217\mame.exe+0x6e83104)
    #11 0x753a259 in emulator_info::start_frontend+0x59 (s:\dev\mame0217\mame.exe+0x6e6a259)
    #12 0xa7f25be in main+0x43e (s:\dev\mame0217\mame.exe+0xa1225be)
    #13 0xa598c9a in __scrt_common_main_seh d:\agent\_work\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288
    #14 0x75d36358 in BaseThreadInitThunk+0x18 (C:\WINDOWS\System32\KERNEL32.DLL+0x6b816358)
    #15 0x779f7b73 in RtlGetAppContainerNamedObjectPath+0xe3 (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2e7b73)
    #16 0x779f7b43 in RtlGetAppContainerNamedObjectPath+0xb3 (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2e7b43)

SUMMARY: AddressSanitizer: heap-buffer-overflow (s:\dev\mame0217\mame.exe+0x617b095) in handler_entry_read_memory_bank<0,0,1>::read+0xd5
Shadow bytes around the buggy address:
  0x345760b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x345760c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x345760d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x345760e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x345760f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x34576100: 00 00 00 00 03 fa fa[fa]fa fa fa fa fa fa fa fa
  0x34576110: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x34576120: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x34576130: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x34576140: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x34576150: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==23816==ABORTING
Steps To Reproduce
Additional Information
Github Commit
Flags
Regression Version
Affected Sets / Systems to9
Attached Files
 
Relationships
There are no relationship linked to this issue.
Notes
1
User avatar
No.20727
Firewave
Senior Tester
Nov 5, 2022, 08:53
0.249 on Linux reports a segmentation fault:
==23340==ERROR: AddressSanitizer: SEGV on unknown address 0x03e800005b2c (pc 0x7f0caff1957c bp 0x000000005b2c sp 0x7f0cac8977e0 T0)
==23340==The signal is caused by a READ memory access.
    #0 0x7f0caff1957c in __pthread_kill_implementation nptl/./nptl/pthread_kill.c:44:76
    #1 0x7f0cafecda01 in gsignal signal/../sysdeps/posix/raise.c:26:13
    #2 0x7f0cb1cbf3c5  (/usr/lib/x86_64-linux-gnu/libSDL2-2.0.so.0+0x13f3c5) (BuildId: 418f97e44d04d8ab9d3828e3cc45a8743439ecf7)
    #3 0x7f0cafecda9f  (/lib/x86_64-linux-gnu/libc.so.6+0x3da9f) (BuildId: 71a7c7b97bc0b3e349a3d8640252655552082bf5)
    #4 0x7f0cf0b56f48 in handler_entry_read_memory_bank<0, 0>::read(unsigned int, unsigned char) const /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem_hem.cpp:79:9
    #5 0x7f0cd52dbd00 in emu::detail::memory_access_cache<0, 0, (util::endianness)1>::read_native(unsigned int, unsigned char) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.h:2735:20
    #6 0x7f0ce36dbc30 in read_byte /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.h:1826:66
    #7 0x7f0ce36dbc30 in m6809_base_device::mi_default::read_opcode(unsigned short) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m6809/m6809.cpp:586:19
    #8 0x7f0ce36971f6 in m6809_base_device::read_opcode(unsigned short) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m6809/m6809.h:200:85
    #9 0x7f0ce36904da in m6809_base_device::read_opcode() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m6809/m6809.h:208:66
    #10 0x7f0ce36e6992 in m6809_base_device::execute_one() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../generated/emu/cpu/m6809/m6809.hxx:247:13
    #11 0x7f0ce36dba5e in m6809_base_device::execute_run() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m6809/m6809.cpp:574:3
    #12 0x7f0ce36dbb1f in non-virtual thunk to m6809_base_device::execute_run() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m6809/m6809.cpp
    #13 0x7f0cf17d5817 in run /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/diexec.h:190:15
    #14 0x7f0cf17d5817 in device_scheduler::timeslice() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:456:14
    #15 0x7f0cf166e4a7 in running_machine::run(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:329:17
    #16 0x7f0cf47d4f7f in mame_machine_manager::execute() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:290:19
    #17 0x7f0cf49c98d6 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:275:22
    #18 0x7f0cf49cd41f in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:291:3
    #19 0x7f0cf47d9d5f in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:454:18
    #20 0x7f0cf19b058b in main /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:191:9
    #21 0x7f0cafeb9209 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #22 0x7f0cafeb92bb in __libc_start_main csu/../csu/libc-start.c:389:3
    #23 0x7f0ccf13a260 in _start (/mnt/s/GitHub/mame/mame+0x1d397260) (BuildId: 603d3d1c300651feb2a8e3ac6e9cb58d3f85e77b)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV nptl/./nptl/pthread_kill.c:44:76 in __pthread_kill_implementation