2019-10-16 12:52 EDT


View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0003141FSSCPPilot datapublic2016-03-23 06:02
Reporterniffiwan 
Assigned Toniffiwan 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusassignedResolutionopen 
Platformx86_64OSLinux MintOS Version17
Product Version3.7.2 RC5 
Target Version3.8Fixed in Version 
Summary0003141: AddressSanitizer: heap-buffer-overflow in pilotfile::update_stats_backout()
Description==12331== ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602c000605dc at pc 0xc18240 bp 0x7fff3b676ec0 sp 0x7fff3b676eb8
READ of size 4 at 0x602c000605dc thread T0
    #0 0xc1823f in pilotfile::update_stats_backout(scoring_struct*, bool) /home/mememe/src/fs2open.github.com.niffiwan/code/pilotfile/pilotfile.cpp:290
    0000001 0x90a8dd in debrief_close() /home/mememe/src/fs2open.github.com.niffiwan/code/missionui/missiondebrief.cpp:2094
    0000002 0x41ef30 in game_leave_state(int, int) /home/mememe/src/fs2open.github.com.niffiwan/code/freespace2/freespace.cpp:5618
    0000003 0x5b6c1c in gameseq_set_state(int, int) /home/mememe/src/fs2open.github.com.niffiwan/code/gamesequence/gamesequence.cpp:279
    0000004 0x41e0c1 in game_process_event(int, int) /home/mememe/src/fs2open.github.com.niffiwan/code/freespace2/freespace.cpp:5184
    0000005 0x5b7847 in gameseq_process_events() /home/mememe/src/fs2open.github.com.niffiwan/code/gamesequence/gamesequence.cpp:399
    0000006 0x4218f5 in game_main(char*) /home/mememe/src/fs2open.github.com.niffiwan/code/freespace2/freespace.cpp:7153
    0000007 0x421e45 in main /home/mememe/src/fs2open.github.com.niffiwan/code/freespace2/freespace.cpp:7288
    0000008 0x7fc8f1b37ec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287
    0000009 0x40c6c8 in _start ??:?
0x602c000605dc is located 36 bytes to the right of 376-byte region [0x602c00060440,0x602c000605b8)
allocated by thread T0 here:
    #0 0x7fc8f47044e5 in calloc ??:?
    0000001 0x7fc8f36ee03b in glXCreateNewContext ??:?
Shadow bytes around the buggy address:
  0x0c0600004060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c0600004070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa
  0x0c0600004080: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c0600004090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c06000040a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c06000040b0: 00 00 00 00 00 00 00 fa fa fa fa[fa]fa fa fa fa
  0x0c06000040c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c06000040d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c06000040e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c06000040f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0600004100: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable: 00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone: fa
  Heap righ redzone: fb
  Freed Heap region: fd
  Stack left redzone: f1
  Stack mid redzone: f2
  Stack right redzone: f3
  Stack partial redzone: f4
  Stack after return: f5
  Stack use after scope: f8
  Global redzone: f9
  Global init order: f6
  Poisoned by user: f7
  ASan internal: fe
==12331== ABORTING
Steps To ReproduceThis occurred when I clicked on "Accept" after playing SM3-06 from the techroom.
Additional InformationI was looking for a different bug!
TagsNo tags attached.
Attached Files

-Relationships
+Relationships

-Notes

~0016815

MageKing17 (developer)

Bumping target.
+Notes

-Issue History
Date Modified Username Field Change
2015-02-09 04:23 niffiwan New Issue
2015-02-09 04:23 niffiwan Status new => assigned
2015-02-09 04:23 niffiwan Assigned To => niffiwan
2016-03-23 06:02 MageKing17 Note Added: 0016815
2016-03-23 06:02 MageKing17 Target Version 3.7.4 => 3.8
+Issue History