Viewing Issue Advanced Details
Jump to Notes ]
samcoupe/samcoupe.cpp
ID Category [?] Severity [?] Reproducibility Date Submitted Last Update
08502 Misc. Critical (emulator) Always Nov 4, 2022, 14:18 Nov 22, 2022, 23:26
Tester Firewave View Status Public Platform MAME (Self-compiled)
Assigned To Resolution Open OS Linux (64-bit)
Status [?] Acknowledged Driver
samcoupe/samcoupe.cpp
Version 0.249 Fixed in Version Build 64-bit
Fixed in Git Commit Github Pull Request #
Summary 08502: samcoupe: AddressSanitizer: heap-buffer-overflow with -str 2
Description 
==16352==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6160000ebb78 at pc 0x7f4a6a0c4b48 bp 0x7fffc4e550c0 sp 0x7fffc4e550b8
READ of size 4 at 0x6160000ebb78 thread T0
    #0 0x7f4a6a0c4b47 in operator unsigned int /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/palette.h:61:47
    #1 0x7f4a6a0c4b47 in software_renderer<unsigned int, 0, 0, 0, 16, 8, 0, false, true>::get_texel_palette16(render_texinfo const&, int, int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/rendersw.hxx:148:16
    #2 0x7f4a6a0a84e6 in software_renderer<unsigned int, 0, 0, 0, 16, 8, 0, false, true>::draw_quad_palette16_none(render_primitive const&, unsigned int*, unsigned int, software_renderer<unsigned int, 0, 0, 0, 16, 8, 0, false, true>::quad_setup_data const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/rendersw.hxx:684:22
    #3 0x7f4a6a0a5f43 in software_renderer<unsigned int, 0, 0, 0, 16, 8, 0, false, true>::setup_and_draw_textured_quad(render_primitive const&, unsigned int*, int, int, unsigned int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/rendersw.hxx:1782:5
    #4 0x7f4a6a09f802 in software_renderer<unsigned int, 0, 0, 0, 16, 8, 0, false, true>::draw_primitives(render_primitive_list const&, void*, unsigned int, unsigned int, unsigned int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/rendersw.hxx:1867:7
    #5 0x7f4a6a0987c8 in video_manager::create_snapshot_bitmap(screen_device*) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:1046:3
    #6 0x7f4a6a097568 in video_manager::save_snapshot(screen_device*, util::core_file&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:329:2
    #7 0x7f4a6a095e55 in video_manager::recompute_speed(attotime const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:1005:5
    #8 0x7f4a6a0930e8 in video_manager::frame_update(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:261:4
    #9 0x7f4a69f8c7c8 in screen_device::vblank_begin(int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/screen.cpp:1646:21
    #10 0x7f4a69f75304 in operator() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:765:11
    #11 0x7f4a69f75304 in device_scheduler::execute_timers() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:951:5
    #12 0x7f4a69f70858 in device_scheduler::timeslice() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:505:2
    #13 0x7f4a69e084a7 in running_machine::run(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:329:17
    #14 0x7f4a6cf6ef7f in mame_machine_manager::execute() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:290:19
    #15 0x7f4a6d1638d6 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:275:22
    #16 0x7f4a6d16741f in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:291:3
    #17 0x7f4a6cf73d5f in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:454:18
    #18 0x7f4a6a14a58b in main /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:191:9
    #19 0x7f4a28649209 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #20 0x7f4a286492bb in __libc_start_main csu/../csu/libc-start.c:389:3
    #21 0x7f4a478d4260 in _start (/mnt/s/GitHub/mame/mame+0x1d397260) (BuildId: 603d3d1c300651feb2a8e3ac6e9cb58d3f85e77b)

0x6160000ebb78 is located 240 bytes to the right of 520-byte region [0x6160000eb880,0x6160000eba88)
allocated by thread T0 here:
    #0 0x7f4a47991e7d in operator new(unsigned long) (/mnt/s/GitHub/mame/mame+0x1d454e7d) (BuildId: 603d3d1c300651feb2a8e3ac6e9cb58d3f85e77b)
    #1 0x7f4a6166ef7d in allocate /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/new_allocator.h:137:27
    #2 0x7f4a6166ef7d in std::allocator_traits<std::allocator<rgb_t> >::allocate(std::allocator<rgb_t>&, unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/alloc_traits.h:464:20
    #3 0x7f4a616a9e93 in _M_allocate /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/stl_vector.h:378:20
    #4 0x7f4a616a9e93 in std::vector<rgb_t, std::allocator<rgb_t> >::_M_default_append(unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/vector.tcc:650:34
    #5 0x7f4a616a1712 in std::vector<rgb_t, std::allocator<rgb_t> >::resize(unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/stl_vector.h:1011:4
    #6 0x7f4a69e55e2a in render_container::bcg_lookup_table(int, unsigned int&, palette_t*) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/render.cpp:691:17
    #7 0x7f4a69e55bad in render_texture::get_adjusted_palette(render_container&, unsigned int&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/render.cpp
    #8 0x7f4a69e60324 in render_target::add_container_primitives(render_primitive_list&, render_target::object_transform const&, render_target::object_transform const&, render_container&, int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/render.cpp:2384:49
    #9 0x7f4a69e5d8b1 in render_target::get_primitives() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/render.cpp:1427:5
    #10 0x7f4a6a223df1 in renderer_sdl1::get_primitives() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/modules/render/drawsdl.cpp:680:25
    #11 0x7f4a6a16889c in sdl_window_info::update() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/window.cpp:601:50
    #12 0x7f4a6a1570b3 in sdl_osd_interface::update(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/video.cpp:108:12
    #13 0x7f4a6a092d4d in video_manager::frame_update(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:238:18
    #14 0x7f4a69f8c7c8 in screen_device::vblank_begin(int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/screen.cpp:1646:21
    #15 0x7f4a69f75304 in operator() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:765:11
    #16 0x7f4a69f75304 in device_scheduler::execute_timers() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:951:5
    #17 0x7f4a69f70858 in device_scheduler::timeslice() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:505:2
    #18 0x7f4a69e084a7 in running_machine::run(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:329:17
    #19 0x7f4a6cf6ef7f in mame_machine_manager::execute() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:290:19
    #20 0x7f4a6d1638d6 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:275:22
    #21 0x7f4a6d16741f in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:291:3
    #22 0x7f4a6cf73d5f in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:454:18
    #23 0x7f4a6a14a58b in main /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:191:9
    #24 0x7f4a28649209 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16

SUMMARY: AddressSanitizer: heap-buffer-overflow /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/palette.h:61:47 in operator unsigned int
Shadow bytes around the buggy address:
  0x0c2c80015710: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c2c80015720: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c2c80015730: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c2c80015740: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c2c80015750: 00 fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c2c80015760: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa[fa]
  0x0c2c80015770: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2c80015780: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2c80015790: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2c800157a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2c800157b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
Steps To Reproduce
Additional Information
Github Commit
Flags
Regression Version
Affected Sets / Systems samcoupe
Attached Files
  
Relationships
There are no relationship linked to this issue.
Notes
1
User avatar
No.20856
Firewave
Senior Tester
Nov 22, 2022, 23:26
 0.249 reports the following in valgrind:
==29779== Use of uninitialised value of size 8
==29779==    at 0xFCF1D18: samcoupe_state::sam_video_update_callback(int) (../../../../../src/mame/samcoupe/samcoupe.cpp:479)
==29779==    by 0xA307019: util::detail::delegate_base<delegate_late_bind, void, int>::operator()(int) const (delegate.h:765)
==29779==    by 0x184BD123: device_scheduler::execute_timers() (../../../../../src/emu/schedule.cpp:951)
==29779==    by 0x184BBB18: device_scheduler::timeslice() (../../../../../src/emu/schedule.cpp:505)
==29779==    by 0x183FA05E: running_machine::run(bool) (../../../../../src/emu/machine.cpp:329)
==29779==    by 0x158A3C3B: mame_machine_manager::execute() (../../../../../src/frontend/mame/mame.cpp:290)
==29779==    by 0x16778542: cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) (../../../../../src/frontend/mame/clifront.cpp:275)
==29779==    by 0x16779538: cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) (../../../../../src/frontend/mame/clifront.cpp:291)
==29779==    by 0x158A4D65: emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) (../../../../../src/frontend/mame/mame.cpp:454)
==29779==    by 0x18558061: main (../../../../../src/osd/sdl/sdlmain.cpp:191)
==29779==  Uninitialised value was created by a heap allocation
==29779==    at 0x1C480F01: operator new(unsigned long) (vg_replace_malloc.c:434)
==29779==    by 0xFCFBABC: std::__detail::_MakeUniq<samcoupe_state>::__single_object std::make_unique<samcoupe_state, machine_config const&, emu::detail::device_type_impl_base const&, char const*&>(machine_config const&, emu::detail::device_type_impl_base const&, char const*&) (unique_ptr.h:1065)
==29779==    by 0xFCFBA6F: std::unique_ptr<device_t, std::default_delete<device_t> > emu::detail::device_type_impl_base::create_driver<samcoupe_state>(emu::detail::device_type_impl_base const&, machine_config const&, char const*, device_t*, unsigned int) (device.h:213)
==29779==    by 0x15E9D6A2: emu::detail::device_type_impl_base::create(machine_config const&, char const*, device_t*, unsigned int) const (device.h:281)
==29779==    by 0x15E9D594: auto machine_config::device_add<emu::detail::device_type_impl_base const&, int>(char const*, emu::detail::device_type_impl_base const&, int&&) (mconfig.h:193)
==29779==    by 0x1840ACA4: machine_config::machine_config(game_driver const&, emu_options&) (../../../../../src/emu/mconfig.cpp:51)
==29779==    by 0x158A3BEE: mame_machine_manager::execute() (../../../../../src/frontend/mame/mame.cpp:282)
==29779==    by 0x16778542: cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) (../../../../../src/frontend/mame/clifront.cpp:275)
==29779==    by 0x16779538: cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) (../../../../../src/frontend/mame/clifront.cpp:291)
==29779==    by 0x158A4D65: emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) (../../../../../src/frontend/mame/mame.cpp:454)
==29779==    by 0x18558061: main (../../../../../src/osd/sdl/sdlmain.cpp:191)

This might not be the cause of the out-of-bounds access though.