View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0002858 | FSSCP | public | 2013-04-29 10:57 | 2021-01-10 01:42 | |
Reporter | Echelon9 | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | suspended | ||
Product Version | 3.6.19 | ||||
Target Version | 3.7.0 | ||||
Summary | 0002858: AddressSanitizer: memcpy-param-overlap: memory ranges in triggered_rotation::add_queue() | ||||
Description | Reported by AddressSanitizer, a memory error detector for C/C++, in FS2Open builds based on trunk r9655. ERROR: AddressSanitizer: memcpy-param-overlap: memory ranges [0x000129dbeb2c,0x000129dbf1f4) and [0x000129dbeba8, 0x000129dbf270) overlap #0 0x105a4b32c in wrap_memcpy (in libclang_rt.asan_osx_dynamic.dylib) + 588 0000001 0x1028c1f12 in triggered_rotation::add_queue modelanim.cpp:223 0000002 0x1028cbcc6 in model_anim_start_type modelanim.cpp:539 0000003 0x1028cc74c in model_anim_start_type modelanim.cpp:559 0000004 0x10231a24b in afterburners_start afterburner.cpp:131 0000005 0x100575ec1 in ai_chase_ga aicode.cpp:7146 0000006 0x10058eb81 in ai_chase aicode.cpp:8141 0000007 0x1005f9b4c in ai_execute_behavior aicode.cpp:12686 0000008 0x100613f6f in ai_frame aicode.cpp:13789 0000009 0x1006165c5 in ai_process aicode.cpp:13875 0000010 0x10210cf08 in ship_process_post ship.cpp:8418 #11 0x101aa0b83 in obj_move_all_post object.cpp:1232 0000012 0x101aa4e91 in obj_move_all object.cpp:1454 0000013 0x1002f3fdc in game_simulation_frame freespace.cpp:4113 0000014 0x1002f8ce0 in game_frame freespace.cpp:4506 0000015 0x1002fe4fb in game_do_frame freespace.cpp:4917 0000016 0x10030a036 in game_do_state freespace.cpp:6593 0000017 0x100913538 in gameseq_process_events gamesequence.cpp:405 0000018 0x1003108c6 in game_main freespace.cpp:7160 ... void triggered_rotation::add_queue(queued_animation *the_queue, int dir) { int i; queued_animation new_queue; memcpy( &new_queue, the_queue, sizeof(queued_animation) ); ... memcpy(queue_tmp, queue, sizeof(queued_animation) * MAX_TRIGGERED_ANIMATIONS); ... if (i != n_queue) { // replace if it's not the last item on the list if ( i != (MAX_TRIGGERED_ANIMATIONS-1) ) memcpy( &queue_tmp[i], &queue_tmp[i+1], sizeof(queued_animation) * (MAX_TRIGGERED_ANIMATIONS-(i+1)) ); <=== // ok these two animations cancelled each other out, so he doesn't get on the queue n_queue--; return; } ... | ||||
Steps To Reproduce | 1. Utilise a version of Clang that supports AddressSantizer (https://code.google.com/p/address-sanitizer/wiki/AddressSanitizer). 2. Build with -fsanitize=address C/C++ flag 3. Run the game with mediavps 3.6.12, and Blue Plant WiH2. Play through Icarus until such time as a number of ships with rotating subsystems are on screen i.e. Karunas. | ||||
Additional Information | ERROR: AddressSanitizer: memcpy-param-overlap: memory ranges [0x000129dbeb2c,0x000129dbf1f4) and [0x000129dbeba8, 0x000129dbf270) overlap #0 0x105a4b32c in wrap_memcpy (in libclang_rt.asan_osx_dynamic.dylib) + 588 0000001 0x1028c1f12 in triggered_rotation::add_queue modelanim.cpp:223 0000002 0x1028cbcc6 in model_anim_start_type modelanim.cpp:539 0000003 0x1028cc74c in model_anim_start_type modelanim.cpp:559 0000004 0x10231a24b in afterburners_start afterburner.cpp:131 0000005 0x100575ec1 in ai_chase_ga aicode.cpp:7146 0000006 0x10058eb81 in ai_chase aicode.cpp:8141 0000007 0x1005f9b4c in ai_execute_behavior aicode.cpp:12686 0000008 0x100613f6f in ai_frame aicode.cpp:13789 0000009 0x1006165c5 in ai_process aicode.cpp:13875 0000010 0x10210cf08 in ship_process_post ship.cpp:8418 #11 0x101aa0b83 in obj_move_all_post object.cpp:1232 0000012 0x101aa4e91 in obj_move_all object.cpp:1454 0000013 0x1002f3fdc in game_simulation_frame freespace.cpp:4113 0000014 0x1002f8ce0 in game_frame freespace.cpp:4506 0000015 0x1002fe4fb in game_do_frame freespace.cpp:4917 0000016 0x10030a036 in game_do_state freespace.cpp:6593 0000017 0x100913538 in gameseq_process_events gamesequence.cpp:405 0000018 0x1003108c6 in game_main freespace.cpp:7160 0000019 0x100311f64 in SDL_main freespace.cpp:7294 0000020 0x100003253 in -[SDLMain applicationDidFinishLaunching:] SDLMain.m:300 0000021 0x7fff8fc3bed9 in _CFXNotificationPost (in CoreFoundation) + 2553 0000022 0x7fff91ce9e25 in -[NSNotificationCenter postNotificationName:object:userInfo:] (in Foundation) + 63 0000023 0x7fff8c67e55c in -[NSApplication _postDidFinishNotification] (in AppKit) + 291 0000024 0x7fff8c67e295 in -[NSApplication _sendFinishLaunchingNotification] (in AppKit) + 215 0000025 0x7fff8c67b481 in -[NSApplication(NSAppleEventHandling) _handleAEOpenEvent:] (in AppKit) + 565 0000026 0x7fff8c67b07b in -[NSApplication(NSAppleEventHandling) _handleCoreEvent:withReplyEvent:] (in AppKit) + 350 0000027 0x7fff91d0370a in -[NSAppleEventManager dispatchRawAppleEvent:withRawReply:handlerRefCon:] (in Foundation) + 307 0000028 0x7fff91d0356c in _NSAppleEventManagerGenericHandler (in Foundation) + 105 0000029 0x7fff90c4b077 in aeDispatchAppleEvent(AEDesc const*, AEDesc*, unsigned int, unsigned char*) (in AE) + 306 0000030 0x7fff90c4aed8 in dispatchEventAndSendReply(AEDesc const*, AEDesc*) (in AE) + 36 0000031 0x7fff90c4ad98 in aeProcessAppleEvent (in AE) + 317 0000032 0x7fff8ec71708 in AEProcessAppleEvent (in HIToolbox) + 99 0000033 0x7fff8c677865 in _DPSNextEvent (in AppKit) + 1455 0000034 0x7fff8c676e21 in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] (in AppKit) + 127 0000035 0x7fff8c66e1d2 in -[NSApplication run] (in AppKit) + 516 0000036 0x1000053b2 in CustomApplicationMain SDLMain.m:227 0000037 0x100004e1f in main SDLMain.m:377 0000038 0x100001f73 in start (in FS2_Open (debug)) + 51 0000039 0x0 in 0x0 0x000129dbeb2c is located 176940 bytes inside of 995200-byte region [0x000129d93800,0x000129e86780) allocated by thread T0 here: #0 0x105a4ee05 in wrap_malloc (in libclang_rt.asan_osx_dynamic.dylib) + 53 0000001 0x102623768 in _vm_malloc stubs.cpp:571 0000002 0x1020bd2e9 in ship_allocate_subsystems ship.cpp:4457 0000003 0x1021bcb64 in ship_page_in ship.cpp:15442 0000004 0x100337ca8 in level_page_in levelpaging.cpp:39 0000005 0x1002c33ed in freespace_mission_load_stuff freespace.cpp:1344 0000006 0x1002c35ee in game_post_level_init freespace.cpp:1401 0000007 0x1002c46d8 in game_start_mission freespace.cpp:1466 0000008 0x100306824 in game_enter_state freespace.cpp:6049 0000009 0x100911b1d in gameseq_set_state gamesequence.cpp:280 0000010 0x100301500 in game_process_event freespace.cpp:5219 #11 0x10091339e in gameseq_process_events gamesequence.cpp:395 0000012 0x1003108c6 in game_main freespace.cpp:7160 0000013 0x100311f64 in SDL_main freespace.cpp:7294 0000014 0x100003253 in -[SDLMain applicationDidFinishLaunching:] SDLMain.m:300 0000015 0x7fff8fc3bed9 in _CFXNotificationPost (in CoreFoundation) + 2553 0000016 0x7fff91ce9e25 in -[NSNotificationCenter postNotificationName:object:userInfo:] (in Foundation) + 63 0000017 0x7fff8c67e55c in -[NSApplication _postDidFinishNotification] (in AppKit) + 291 0000018 0x7fff8c67e295 in -[NSApplication _sendFinishLaunchingNotification] (in AppKit) + 215 0000019 0x7fff8c67b481 in -[NSApplication(NSAppleEventHandling) _handleAEOpenEvent:] (in AppKit) + 565 0000020 0x7fff8c67b07b in -[NSApplication(NSAppleEventHandling) _handleCoreEvent:withReplyEvent:] (in AppKit) + 350 0000021 0x7fff91d0370a in -[NSAppleEventManager dispatchRawAppleEvent:withRawReply:handlerRefCon:] (in Foundation) + 307 0000022 0x7fff91d0356c in _NSAppleEventManagerGenericHandler (in Foundation) + 105 0000023 0x7fff90c4b077 in aeDispatchAppleEvent(AEDesc const*, AEDesc*, unsigned int, unsigned char*) (in AE) + 306 0000024 0x7fff90c4aed8 in dispatchEventAndSendReply(AEDesc const*, AEDesc*) (in AE) + 36 0000025 0x7fff90c4ad98 in aeProcessAppleEvent (in AE) + 317 0000026 0x7fff8ec71708 in AEProcessAppleEvent (in HIToolbox) + 99 0000027 0x7fff8c677865 in _DPSNextEvent (in AppKit) + 1455 0000028 0x7fff8c676e21 in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] (in AppKit) + 127 0000029 0x7fff8c66e1d2 in -[NSApplication run] (in AppKit) + 516 0x000129dbeba8 is located 177064 bytes inside of 995200-byte region [0x000129d93800,0x000129e86780) allocated by thread T0 here: #0 0x105a4ee05 in wrap_malloc (in libclang_rt.asan_osx_dynamic.dylib) + 53 0000001 0x102623768 in _vm_malloc stubs.cpp:571 0000002 0x1020bd2e9 in ship_allocate_subsystems ship.cpp:4457 0000003 0x1021bcb64 in ship_page_in ship.cpp:15442 0000004 0x100337ca8 in level_page_in levelpaging.cpp:39 0000005 0x1002c33ed in freespace_mission_load_stuff freespace.cpp:1344 0000006 0x1002c35ee in game_post_level_init freespace.cpp:1401 0000007 0x1002c46d8 in game_start_mission freespace.cpp:1466 0000008 0x100306824 in game_enter_state freespace.cpp:6049 0000009 0x100911b1d in gameseq_set_state gamesequence.cpp:280 0000010 0x100301500 in game_process_event freespace.cpp:5219 #11 0x10091339e in gameseq_process_events gamesequence.cpp:395 0000012 0x1003108c6 in game_main freespace.cpp:7160 0000013 0x100311f64 in SDL_main freespace.cpp:7294 0000014 0x100003253 in -[SDLMain applicationDidFinishLaunching:] SDLMain.m:300 0000015 0x7fff8fc3bed9 in _CFXNotificationPost (in CoreFoundation) + 2553 0000016 0x7fff91ce9e25 in -[NSNotificationCenter postNotificationName:object:userInfo:] (in Foundation) + 63 0000017 0x7fff8c67e55c in -[NSApplication _postDidFinishNotification] (in AppKit) + 291 0000018 0x7fff8c67e295 in -[NSApplication _sendFinishLaunchingNotification] (in AppKit) + 215 0000019 0x7fff8c67b481 in -[NSApplication(NSAppleEventHandling) _handleAEOpenEvent:] (in AppKit) + 565 0000020 0x7fff8c67b07b in -[NSApplication(NSAppleEventHandling) _handleCoreEvent:withReplyEvent:] (in AppKit) + 350 0000021 0x7fff91d0370a in -[NSAppleEventManager dispatchRawAppleEvent:withRawReply:handlerRefCon:] (in Foundation) + 307 0000022 0x7fff91d0356c in _NSAppleEventManagerGenericHandler (in Foundation) + 105 0000023 0x7fff90c4b077 in aeDispatchAppleEvent(AEDesc const*, AEDesc*, unsigned int, unsigned char*) (in AE) + 306 0000024 0x7fff90c4aed8 in dispatchEventAndSendReply(AEDesc const*, AEDesc*) (in AE) + 36 0000025 0x7fff90c4ad98 in aeProcessAppleEvent (in AE) + 317 0000026 0x7fff8ec71708 in AEProcessAppleEvent (in HIToolbox) + 99 0000027 0x7fff8c677865 in _DPSNextEvent (in AppKit) + 1455 0000028 0x7fff8c676e21 in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] (in AppKit) + 127 0000029 0x7fff8c66e1d2 in -[NSApplication run] (in AppKit) + 516 ==14669==ABORTING | ||||
Tags | No tags attached. | ||||
|
This looks to be caused by the engine's attempt at reimplementing a standard STL container incompletely. Best be here is to work out which algorithm is being attempted, and then refactor with proper STL and a proper clean implementation leveraging off the container where possible. |
|
Migrated to GitHub. |
Date Modified | Username | Field | Change |
---|---|---|---|
2013-04-29 10:57 | Echelon9 | New Issue | |
2013-04-29 10:58 | Echelon9 | Note Added: 0014980 | |
2013-04-30 12:47 | Echelon9 | Assigned To | => Echelon9 |
2013-04-30 12:47 | Echelon9 | Status | new => assigned |
2021-01-10 01:42 | MjnMixael | Assigned To | Echelon9 => |
2021-01-10 01:42 | MjnMixael | Status | assigned => closed |
2021-01-10 01:42 | MjnMixael | Resolution | open => suspended |
2021-01-10 01:42 | MjnMixael | Note Added: 0017098 |