View Issue Details

IDProjectCategoryView StatusLast Update
0003141FSSCPPilot datapublic2021-01-10 01:38
Reporterniffiwan Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionsuspended 
Platformx86_64OSLinux MintOS Version17
Product Version3.7.2 RC5 
Target Version3.8 
Summary0003141: AddressSanitizer: heap-buffer-overflow in pilotfile::update_stats_backout()
Description==12331== ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602c000605dc at pc 0xc18240 bp 0x7fff3b676ec0 sp 0x7fff3b676eb8
READ of size 4 at 0x602c000605dc thread T0
    #0 0xc1823f in pilotfile::update_stats_backout(scoring_struct*, bool) /home/mememe/src/fs2open.github.com.niffiwan/code/pilotfile/pilotfile.cpp:290
    0000001 0x90a8dd in debrief_close() /home/mememe/src/fs2open.github.com.niffiwan/code/missionui/missiondebrief.cpp:2094
    0000002 0x41ef30 in game_leave_state(int, int) /home/mememe/src/fs2open.github.com.niffiwan/code/freespace2/freespace.cpp:5618
    0000003 0x5b6c1c in gameseq_set_state(int, int) /home/mememe/src/fs2open.github.com.niffiwan/code/gamesequence/gamesequence.cpp:279
    0000004 0x41e0c1 in game_process_event(int, int) /home/mememe/src/fs2open.github.com.niffiwan/code/freespace2/freespace.cpp:5184
    0000005 0x5b7847 in gameseq_process_events() /home/mememe/src/fs2open.github.com.niffiwan/code/gamesequence/gamesequence.cpp:399
    0000006 0x4218f5 in game_main(char*) /home/mememe/src/fs2open.github.com.niffiwan/code/freespace2/freespace.cpp:7153
    0000007 0x421e45 in main /home/mememe/src/fs2open.github.com.niffiwan/code/freespace2/freespace.cpp:7288
    0000008 0x7fc8f1b37ec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287
    0000009 0x40c6c8 in _start ??:?
0x602c000605dc is located 36 bytes to the right of 376-byte region [0x602c00060440,0x602c000605b8)
allocated by thread T0 here:
    #0 0x7fc8f47044e5 in calloc ??:?
    0000001 0x7fc8f36ee03b in glXCreateNewContext ??:?
Shadow bytes around the buggy address:
  0x0c0600004060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c0600004070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa
  0x0c0600004080: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c0600004090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c06000040a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c06000040b0: 00 00 00 00 00 00 00 fa fa fa fa[fa]fa fa fa fa
  0x0c06000040c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c06000040d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c06000040e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c06000040f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0600004100: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable: 00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone: fa
  Heap righ redzone: fb
  Freed Heap region: fd
  Stack left redzone: f1
  Stack mid redzone: f2
  Stack right redzone: f3
  Stack partial redzone: f4
  Stack after return: f5
  Stack use after scope: f8
  Global redzone: f9
  Global init order: f6
  Poisoned by user: f7
  ASan internal: fe
==12331== ABORTING
Steps To ReproduceThis occurred when I clicked on "Accept" after playing SM3-06 from the techroom.
Additional InformationI was looking for a different bug!
TagsNo tags attached.

Activities

MageKing17

2016-03-23 10:02

developer   ~0016815

Bumping target.

MjnMixael

2021-01-10 01:38

manager   ~0017096

Migrated to GitHub.

Issue History

Date Modified Username Field Change
2015-02-09 09:23 niffiwan New Issue
2015-02-09 09:23 niffiwan Status new => assigned
2015-02-09 09:23 niffiwan Assigned To => niffiwan
2016-03-23 10:02 MageKing17 Note Added: 0016815
2016-03-23 10:02 MageKing17 Target Version 3.7.4 => 3.8
2021-01-10 01:38 MjnMixael Assigned To niffiwan =>
2021-01-10 01:38 MjnMixael Status assigned => closed
2021-01-10 01:38 MjnMixael Resolution open => suspended
2021-01-10 01:38 MjnMixael Note Added: 0017096