08502: samcoupe: AddressSanitizer: heap-buffer-overflow with -str 2

ID	Category [?]	Severity [?]	Reproducibility	Date Submitted	Last Update
08502	Misc.	Critical (emulator)	Always	Nov 4, 2022, 14:18	Dec 23, 2024, 13:34

Tester	Firewave	View Status	Public	Platform	MAME (Self-compiled)
Assigned To		Resolution	Open	OS	Linux (64-bit)
Status [?]	Acknowledged			Driver	samcoupe/samcoupe.cpp
Version	0.249	Fixed in Version		Build	64-bit
		Fixed in Git Commit		Github Pull Request #

Summary	08502: samcoupe: AddressSanitizer: heap-buffer-overflow with -str 2
Description	==16352==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6160000ebb78 at pc 0x7f4a6a0c4b48 bp 0x7fffc4e550c0 sp 0x7fffc4e550b8 READ of size 4 at 0x6160000ebb78 thread T0 #0 0x7f4a6a0c4b47 in operator unsigned int /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/palette.h:61:47 #1 0x7f4a6a0c4b47 in software_renderer<unsigned int, 0, 0, 0, 16, 8, 0, false, true>::get_texel_palette16(render_texinfo const&, int, int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/rendersw.hxx:148:16 #2 0x7f4a6a0a84e6 in software_renderer<unsigned int, 0, 0, 0, 16, 8, 0, false, true>::draw_quad_palette16_none(render_primitive const&, unsigned int, unsigned int, software_renderer<unsigned int, 0, 0, 0, 16, 8, 0, false, true>::quad_setup_data const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/rendersw.hxx:684:22 #3 0x7f4a6a0a5f43 in software_renderer<unsigned int, 0, 0, 0, 16, 8, 0, false, true>::setup_and_draw_textured_quad(render_primitive const&, unsigned int, int, int, unsigned int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/rendersw.hxx:1782:5 #4 0x7f4a6a09f802 in software_renderer<unsigned int, 0, 0, 0, 16, 8, 0, false, true>::draw_primitives(render_primitive_list const&, void, unsigned int, unsigned int, unsigned int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/rendersw.hxx:1867:7 #5 0x7f4a6a0987c8 in video_manager::create_snapshot_bitmap(screen_device) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:1046:3 #6 0x7f4a6a097568 in video_manager::save_snapshot(screen_device, util::core_file&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:329:2 #7 0x7f4a6a095e55 in video_manager::recompute_speed(attotime const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:1005:5 #8 0x7f4a6a0930e8 in video_manager::frame_update(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:261:4 #9 0x7f4a69f8c7c8 in screen_device::vblank_begin(int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/screen.cpp:1646:21 #10 0x7f4a69f75304 in operator() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:765:11 #11 0x7f4a69f75304 in device_scheduler::execute_timers() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:951:5 #12 0x7f4a69f70858 in device_scheduler::timeslice() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:505:2 #13 0x7f4a69e084a7 in running_machine::run(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:329:17 #14 0x7f4a6cf6ef7f in mame_machine_manager::execute() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:290:19 #15 0x7f4a6d1638d6 in cli_frontend::start_execution(mame_machine_manager, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:275:22 #16 0x7f4a6d16741f in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:291:3 #17 0x7f4a6cf73d5f in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:454:18 #18 0x7f4a6a14a58b in main /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:191:9 #19 0x7f4a28649209 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 #20 0x7f4a286492bb in __libc_start_main csu/../csu/libc-start.c:389:3 #21 0x7f4a478d4260 in _start (/mnt/s/GitHub/mame/mame+0x1d397260) (BuildId: 603d3d1c300651feb2a8e3ac6e9cb58d3f85e77b) 0x6160000ebb78 is located 240 bytes to the right of 520-byte region [0x6160000eb880,0x6160000eba88) allocated by thread T0 here: #0 0x7f4a47991e7d in operator new(unsigned long) (/mnt/s/GitHub/mame/mame+0x1d454e7d) (BuildId: 603d3d1c300651feb2a8e3ac6e9cb58d3f85e77b) #1 0x7f4a6166ef7d in allocate /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/new_allocator.h:137:27 #2 0x7f4a6166ef7d in std::allocator_traits<std::allocator<rgb_t> >::allocate(std::allocator<rgb_t>&, unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/alloc_traits.h:464:20 #3 0x7f4a616a9e93 in _M_allocate /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/stl_vector.h:378:20 #4 0x7f4a616a9e93 in std::vector<rgb_t, std::allocator<rgb_t> >::_M_default_append(unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/vector.tcc:650:34 #5 0x7f4a616a1712 in std::vector<rgb_t, std::allocator<rgb_t> >::resize(unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/stl_vector.h:1011:4 #6 0x7f4a69e55e2a in render_container::bcg_lookup_table(int, unsigned int&, palette_t) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/render.cpp:691:17 #7 0x7f4a69e55bad in render_texture::get_adjusted_palette(render_container&, unsigned int&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/render.cpp #8 0x7f4a69e60324 in render_target::add_container_primitives(render_primitive_list&, render_target::object_transform const&, render_target::object_transform const&, render_container&, int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/render.cpp:2384:49 #9 0x7f4a69e5d8b1 in render_target::get_primitives() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/render.cpp:1427:5 #10 0x7f4a6a223df1 in renderer_sdl1::get_primitives() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/modules/render/drawsdl.cpp:680:25 #11 0x7f4a6a16889c in sdl_window_info::update() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/window.cpp:601:50 #12 0x7f4a6a1570b3 in sdl_osd_interface::update(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/video.cpp:108:12 #13 0x7f4a6a092d4d in video_manager::frame_update(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:238:18 #14 0x7f4a69f8c7c8 in screen_device::vblank_begin(int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/screen.cpp:1646:21 #15 0x7f4a69f75304 in operator() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:765:11 #16 0x7f4a69f75304 in device_scheduler::execute_timers() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:951:5 #17 0x7f4a69f70858 in device_scheduler::timeslice() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:505:2 #18 0x7f4a69e084a7 in running_machine::run(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:329:17 #19 0x7f4a6cf6ef7f in mame_machine_manager::execute() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:290:19 #20 0x7f4a6d1638d6 in cli_frontend::start_execution(mame_machine_manager, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:275:22 #21 0x7f4a6d16741f in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:291:3 #22 0x7f4a6cf73d5f in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:454:18 #23 0x7f4a6a14a58b in main /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:191:9 #24 0x7f4a28649209 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 SUMMARY: AddressSanitizer: heap-buffer-overflow /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/palette.h:61:47 in operator unsigned int Shadow bytes around the buggy address: 0x0c2c80015710: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c2c80015720: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c2c80015730: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c2c80015740: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c2c80015750: 00 fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x0c2c80015760: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa[fa] 0x0c2c80015770: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2c80015780: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2c80015790: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2c800157a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2c800157b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb
Steps To Reproduce
Additional Information
Github Commit

Flags
Regression Version
Affected Sets / Systems	samcoupe

Attached Files

No.20856 Firewave Senior Tester Nov 22, 2022, 23:26	0.249 reports the following in valgrind: ==29779== Use of uninitialised value of size 8 ==29779== at 0xFCF1D18: samcoupe_state::sam_video_update_callback(int) (../../../../../src/mame/samcoupe/samcoupe.cpp:479) ==29779== by 0xA307019: util::detail::delegate_base<delegate_late_bind, void, int>::operator()(int) const (delegate.h:765) ==29779== by 0x184BD123: device_scheduler::execute_timers() (../../../../../src/emu/schedule.cpp:951) ==29779== by 0x184BBB18: device_scheduler::timeslice() (../../../../../src/emu/schedule.cpp:505) ==29779== by 0x183FA05E: running_machine::run(bool) (../../../../../src/emu/machine.cpp:329) ==29779== by 0x158A3C3B: mame_machine_manager::execute() (../../../../../src/frontend/mame/mame.cpp:290) ==29779== by 0x16778542: cli_frontend::start_execution(mame_machine_manager, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) (../../../../../src/frontend/mame/clifront.cpp:275) ==29779== by 0x16779538: cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) (../../../../../src/frontend/mame/clifront.cpp:291) ==29779== by 0x158A4D65: emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) (../../../../../src/frontend/mame/mame.cpp:454) ==29779== by 0x18558061: main (../../../../../src/osd/sdl/sdlmain.cpp:191) ==29779== Uninitialised value was created by a heap allocation ==29779== at 0x1C480F01: operator new(unsigned long) (vg_replace_malloc.c:434) ==29779== by 0xFCFBABC: std::__detail::_MakeUniq<samcoupe_state>::__single_object std::make_unique<samcoupe_state, machine_config const&, emu::detail::device_type_impl_base const&, char const&>(machine_config const&, emu::detail::device_type_impl_base const&, char const&) (unique_ptr.h:1065) ==29779== by 0xFCFBA6F: std::unique_ptr<device_t, std::default_delete<device_t> > emu::detail::device_type_impl_base::create_driver<samcoupe_state>(emu::detail::device_type_impl_base const&, machine_config const&, char const, device_t, unsigned int) (device.h:213) ==29779== by 0x15E9D6A2: emu::detail::device_type_impl_base::create(machine_config const&, char const, device_t, unsigned int) const (device.h:281) ==29779== by 0x15E9D594: auto machine_config::device_add<emu::detail::device_type_impl_base const&, int>(char const, emu::detail::device_type_impl_base const&, int&&) (mconfig.h:193) ==29779== by 0x1840ACA4: machine_config::machine_config(game_driver const&, emu_options&) (../../../../../src/emu/mconfig.cpp:51) ==29779== by 0x158A3BEE: mame_machine_manager::execute() (../../../../../src/frontend/mame/mame.cpp:282) ==29779== by 0x16778542: cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) (../../../../../src/frontend/mame/clifront.cpp:275) ==29779== by 0x16779538: cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) (../../../../../src/frontend/mame/clifront.cpp:291) ==29779== by 0x158A4D65: emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) (../../../../../src/frontend/mame/mame.cpp:454) ==29779== by 0x18558061: main (../../../../../src/osd/sdl/sdlmain.cpp:191) This might not be the cause of the out-of-bounds access though.
No.22681 Firewave Senior Tester Dec 23, 2024, 13:34	Just starting 0.272 on Linux: ==7449==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x5160003d4178 at pc 0x62486d8a4b94 bp 0x7ffc61c5dfb0 sp 0x7ffc61c5dfa8 READ of size 4 at 0x5160003d4178 thread T0 #0 0x62486d8a4b93 in operator unsigned int /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/palette.h:61:47 #1 0x62486d8a4b93 in copyline_palette16 /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/modules/render/drawogl.cpp:2214:34 #2 0x62486d8a4b93 in texture_set_data /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/modules/render/drawogl.cpp:2490:7 #3 0x62486d8a4b93 in osd::(anonymous namespace)::renderer_ogl::texture_update(render_primitive const, int) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/modules/render/drawogl.cpp:2826:5 #4 0x62486d8968ea in osd::(anonymous namespace)::renderer_ogl::draw(int) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/modules/render/drawogl.cpp:1465:15 #5 0x62486dad9f5c in sdl_window_info::update() /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/window.cpp:791:17 #6 0x62486dad32bf in sdl_osd_interface::update(bool) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/video.cpp:103:12 #7 0x62486d8042c7 in video_manager::frame_update(bool) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:244:19 #8 0x62486d7691bf in screen_device::vblank_begin(int) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/screen.cpp:1644:21 #9 0x62486d75bd2d in operator() /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:765:11 #10 0x62486d75bd2d in device_scheduler::execute_timers() /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:951:5 #11 0x62486d756b68 in device_scheduler::timeslice() /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:504:2 #12 0x62486d63465b in running_machine::run(bool) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:333:17 #13 0x624868f7b853 in mame_machine_manager::execute() /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:288:19 #14 0x624869cc0ff7 in cli_frontend::start_execution(mame_machine_manager, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:277:22 #15 0x624869cc39d4 in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>>&) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:293:3 #16 0x624868f7e3dd in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>>&) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:453:18 #17 0x62486d871135 in main /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:100:9 #18 0x7b01d7e34e07 in __libc_start_call_main /usr/src/debug/glibc/glibc/csu/../sysdeps/nptl/libc_start_call_main.h:58:16 #19 0x7b01d7e34ecb in __libc_start_main /usr/src/debug/glibc/glibc/csu/../csu/libc-start.c:360:3 #20 0x6248500bfca4 in _start (/home/user/CLionProjects/mame/mame+0x10867ca4) (BuildId: dd5b3932e72efdc3) 0x5160003d4178 is located 8 bytes before 536-byte region [0x5160003d4180,0x5160003d4398) allocated by thread T0 here: #0 0x6248501ac0c9 in calloc (/home/user/CLionProjects/mame/mame+0x109540c9) (BuildId: dd5b3932e72efdc3) #1 0x7b01ce7a3eb4 (/usr/lib/libgallium-24.2.8-arch1.1.so+0x7a3eb4) (BuildId: 11d6ee0e8d4c527170586e22aec684a57f9c4965) #2 0x7b01ce262b08 (/usr/lib/libgallium-24.2.8-arch1.1.so+0x262b08) (BuildId: 11d6ee0e8d4c527170586e22aec684a57f9c4965) #3 0x7b01ce2639c2 (/usr/lib/libgallium-24.2.8-arch1.1.so+0x2639c2) (BuildId: 11d6ee0e8d4c527170586e22aec684a57f9c4965) #4 0x7b01ce268c27 (/usr/lib/libgallium-24.2.8-arch1.1.so+0x268c27) (BuildId: 11d6ee0e8d4c527170586e22aec684a57f9c4965) #5 0x62486d89dd40 in texture_create /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/modules/render/drawogl.cpp:2156:3 #6 0x62486d89dd40 in osd::(anonymous namespace)::renderer_ogl::texture_update(render_primitive const, int) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/modules/render/drawogl.cpp:2788:13 #7 0x62486d8968ea in osd::(anonymous namespace)::renderer_ogl::draw(int) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/modules/render/drawogl.cpp:1465:15 #8 0x62486dad9f5c in sdl_window_info::update() /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/window.cpp:791:17 #9 0x62486dad32bf in sdl_osd_interface::update(bool) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/video.cpp:103:12 #10 0x62486d8042c7 in video_manager::frame_update(bool) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:244:19 #11 0x62486d7691bf in screen_device::vblank_begin(int) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/screen.cpp:1644:21 #12 0x62486d75bd2d in operator() /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:765:11 #13 0x62486d75bd2d in device_scheduler::execute_timers() /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:951:5 #14 0x62486d756b68 in device_scheduler::timeslice() /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:504:2 #15 0x62486d63465b in running_machine::run(bool) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:333:17 #16 0x624868f7b853 in mame_machine_manager::execute() /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:288:19 #17 0x624869cc0ff7 in cli_frontend::start_execution(mame_machine_manager, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:277:22 #18 0x624869cc39d4 in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>>&) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:293:3 #19 0x624868f7e3dd in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>>&) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:453:18 #20 0x62486d871135 in main /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:100:9 #21 0x7b01d7e34e07 in __libc_start_call_main /usr/src/debug/glibc/glibc/csu/../sysdeps/nptl/libc_start_call_main.h:58:16 #22 0x7b01d7e34ecb in __libc_start_main /usr/src/debug/glibc/glibc/csu/../csu/libc-start.c:360:3 #23 0x6248500bfca4 in _start (/home/user/CLionProjects/mame/mame+0x10867ca4) (BuildId: dd5b3932e72efdc3)

No.20856

Firewave

Senior Tester

Nov 22, 2022, 23:26

0.249 reports the following in valgrind:

==29779== Use of uninitialised value of size 8
==29779==    at 0xFCF1D18: samcoupe_state::sam_video_update_callback(int) (../../../../../src/mame/samcoupe/samcoupe.cpp:479)
==29779==    by 0xA307019: util::detail::delegate_base<delegate_late_bind, void, int>::operator()(int) const (delegate.h:765)
==29779==    by 0x184BD123: device_scheduler::execute_timers() (../../../../../src/emu/schedule.cpp:951)
==29779==    by 0x184BBB18: device_scheduler::timeslice() (../../../../../src/emu/schedule.cpp:505)
==29779==    by 0x183FA05E: running_machine::run(bool) (../../../../../src/emu/machine.cpp:329)
==29779==    by 0x158A3C3B: mame_machine_manager::execute() (../../../../../src/frontend/mame/mame.cpp:290)
==29779==    by 0x16778542: cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) (../../../../../src/frontend/mame/clifront.cpp:275)
==29779==    by 0x16779538: cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) (../../../../../src/frontend/mame/clifront.cpp:291)
==29779==    by 0x158A4D65: emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) (../../../../../src/frontend/mame/mame.cpp:454)
==29779==    by 0x18558061: main (../../../../../src/osd/sdl/sdlmain.cpp:191)
==29779==  Uninitialised value was created by a heap allocation
==29779==    at 0x1C480F01: operator new(unsigned long) (vg_replace_malloc.c:434)
==29779==    by 0xFCFBABC: std::__detail::_MakeUniq<samcoupe_state>::__single_object std::make_unique<samcoupe_state, machine_config const&, emu::detail::device_type_impl_base const&, char const*&>(machine_config const&, emu::detail::device_type_impl_base const&, char const*&) (unique_ptr.h:1065)
==29779==    by 0xFCFBA6F: std::unique_ptr<device_t, std::default_delete<device_t> > emu::detail::device_type_impl_base::create_driver<samcoupe_state>(emu::detail::device_type_impl_base const&, machine_config const&, char const*, device_t*, unsigned int) (device.h:213)
==29779==    by 0x15E9D6A2: emu::detail::device_type_impl_base::create(machine_config const&, char const*, device_t*, unsigned int) const (device.h:281)
==29779==    by 0x15E9D594: auto machine_config::device_add<emu::detail::device_type_impl_base const&, int>(char const*, emu::detail::device_type_impl_base const&, int&&) (mconfig.h:193)
==29779==    by 0x1840ACA4: machine_config::machine_config(game_driver const&, emu_options&) (../../../../../src/emu/mconfig.cpp:51)
==29779==    by 0x158A3BEE: mame_machine_manager::execute() (../../../../../src/frontend/mame/mame.cpp:282)
==29779==    by 0x16778542: cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) (../../../../../src/frontend/mame/clifront.cpp:275)
==29779==    by 0x16779538: cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) (../../../../../src/frontend/mame/clifront.cpp:291)
==29779==    by 0x158A4D65: emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) (../../../../../src/frontend/mame/mame.cpp:454)
==29779==    by 0x18558061: main (../../../../../src/osd/sdl/sdlmain.cpp:191)

This might not be the cause of the out-of-bounds access though.

No.22681

Firewave

Senior Tester

Dec 23, 2024, 13:34

Just starting 0.272 on Linux:

==7449==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x5160003d4178 at pc 0x62486d8a4b94 bp 0x7ffc61c5dfb0 sp 0x7ffc61c5dfa8
READ of size 4 at 0x5160003d4178 thread T0
    #0 0x62486d8a4b93 in operator unsigned int /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/palette.h:61:47
    #1 0x62486d8a4b93 in copyline_palette16 /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/modules/render/drawogl.cpp:2214:34
    #2 0x62486d8a4b93 in texture_set_data /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/modules/render/drawogl.cpp:2490:7
    #3 0x62486d8a4b93 in osd::(anonymous namespace)::renderer_ogl::texture_update(render_primitive const*, int) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/modules/render/drawogl.cpp:2826:5
    #4 0x62486d8968ea in osd::(anonymous namespace)::renderer_ogl::draw(int) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/modules/render/drawogl.cpp:1465:15
    #5 0x62486dad9f5c in sdl_window_info::update() /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/window.cpp:791:17
    #6 0x62486dad32bf in sdl_osd_interface::update(bool) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/video.cpp:103:12
    #7 0x62486d8042c7 in video_manager::frame_update(bool) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:244:19
    #8 0x62486d7691bf in screen_device::vblank_begin(int) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/screen.cpp:1644:21
    #9 0x62486d75bd2d in operator() /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:765:11
    #10 0x62486d75bd2d in device_scheduler::execute_timers() /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:951:5
    #11 0x62486d756b68 in device_scheduler::timeslice() /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:504:2
    #12 0x62486d63465b in running_machine::run(bool) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:333:17
    #13 0x624868f7b853 in mame_machine_manager::execute() /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:288:19
    #14 0x624869cc0ff7 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:277:22
    #15 0x624869cc39d4 in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>>&) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:293:3
    #16 0x624868f7e3dd in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>>&) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:453:18
    #17 0x62486d871135 in main /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:100:9
    #18 0x7b01d7e34e07 in __libc_start_call_main /usr/src/debug/glibc/glibc/csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #19 0x7b01d7e34ecb in __libc_start_main /usr/src/debug/glibc/glibc/csu/../csu/libc-start.c:360:3
    #20 0x6248500bfca4 in _start (/home/user/CLionProjects/mame/mame+0x10867ca4) (BuildId: dd5b3932e72efdc3)

0x5160003d4178 is located 8 bytes before 536-byte region [0x5160003d4180,0x5160003d4398)
allocated by thread T0 here:
    #0 0x6248501ac0c9 in calloc (/home/user/CLionProjects/mame/mame+0x109540c9) (BuildId: dd5b3932e72efdc3)
    #1 0x7b01ce7a3eb4  (/usr/lib/libgallium-24.2.8-arch1.1.so+0x7a3eb4) (BuildId: 11d6ee0e8d4c527170586e22aec684a57f9c4965)
    #2 0x7b01ce262b08  (/usr/lib/libgallium-24.2.8-arch1.1.so+0x262b08) (BuildId: 11d6ee0e8d4c527170586e22aec684a57f9c4965)
    #3 0x7b01ce2639c2  (/usr/lib/libgallium-24.2.8-arch1.1.so+0x2639c2) (BuildId: 11d6ee0e8d4c527170586e22aec684a57f9c4965)
    #4 0x7b01ce268c27  (/usr/lib/libgallium-24.2.8-arch1.1.so+0x268c27) (BuildId: 11d6ee0e8d4c527170586e22aec684a57f9c4965)
    #5 0x62486d89dd40 in texture_create /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/modules/render/drawogl.cpp:2156:3
    #6 0x62486d89dd40 in osd::(anonymous namespace)::renderer_ogl::texture_update(render_primitive const*, int) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/modules/render/drawogl.cpp:2788:13
    #7 0x62486d8968ea in osd::(anonymous namespace)::renderer_ogl::draw(int) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/modules/render/drawogl.cpp:1465:15
    #8 0x62486dad9f5c in sdl_window_info::update() /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/window.cpp:791:17
    #9 0x62486dad32bf in sdl_osd_interface::update(bool) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/video.cpp:103:12
    #10 0x62486d8042c7 in video_manager::frame_update(bool) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:244:19
    #11 0x62486d7691bf in screen_device::vblank_begin(int) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/screen.cpp:1644:21
    #12 0x62486d75bd2d in operator() /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:765:11
    #13 0x62486d75bd2d in device_scheduler::execute_timers() /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:951:5
    #14 0x62486d756b68 in device_scheduler::timeslice() /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:504:2
    #15 0x62486d63465b in running_machine::run(bool) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:333:17
    #16 0x624868f7b853 in mame_machine_manager::execute() /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:288:19
    #17 0x624869cc0ff7 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:277:22
    #18 0x624869cc39d4 in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>>&) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:293:3
    #19 0x624868f7e3dd in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>>&) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:453:18
    #20 0x62486d871135 in main /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:100:9
    #21 0x7b01d7e34e07 in __libc_start_call_main /usr/src/debug/glibc/glibc/csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #22 0x7b01d7e34ecb in __libc_start_main /usr/src/debug/glibc/glibc/csu/../csu/libc-start.c:360:3
    #23 0x6248500bfca4 in _start (/home/user/CLionProjects/mame/mame+0x10867ca4) (BuildId: dd5b3932e72efdc3)