View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0003141 | FSSCP | Pilot data | public | 2015-02-09 09:23 | 2021-01-10 01:38 |
Reporter | niffiwan | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | have not tried |
Status | closed | Resolution | suspended | ||
Platform | x86_64 | OS | Linux Mint | OS Version | 17 |
Product Version | 3.7.2 RC5 | ||||
Target Version | 3.8 | ||||
Summary | 0003141: AddressSanitizer: heap-buffer-overflow in pilotfile::update_stats_backout() | ||||
Description | ==12331== ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602c000605dc at pc 0xc18240 bp 0x7fff3b676ec0 sp 0x7fff3b676eb8 READ of size 4 at 0x602c000605dc thread T0 #0 0xc1823f in pilotfile::update_stats_backout(scoring_struct*, bool) /home/mememe/src/fs2open.github.com.niffiwan/code/pilotfile/pilotfile.cpp:290 0000001 0x90a8dd in debrief_close() /home/mememe/src/fs2open.github.com.niffiwan/code/missionui/missiondebrief.cpp:2094 0000002 0x41ef30 in game_leave_state(int, int) /home/mememe/src/fs2open.github.com.niffiwan/code/freespace2/freespace.cpp:5618 0000003 0x5b6c1c in gameseq_set_state(int, int) /home/mememe/src/fs2open.github.com.niffiwan/code/gamesequence/gamesequence.cpp:279 0000004 0x41e0c1 in game_process_event(int, int) /home/mememe/src/fs2open.github.com.niffiwan/code/freespace2/freespace.cpp:5184 0000005 0x5b7847 in gameseq_process_events() /home/mememe/src/fs2open.github.com.niffiwan/code/gamesequence/gamesequence.cpp:399 0000006 0x4218f5 in game_main(char*) /home/mememe/src/fs2open.github.com.niffiwan/code/freespace2/freespace.cpp:7153 0000007 0x421e45 in main /home/mememe/src/fs2open.github.com.niffiwan/code/freespace2/freespace.cpp:7288 0000008 0x7fc8f1b37ec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287 0000009 0x40c6c8 in _start ??:? 0x602c000605dc is located 36 bytes to the right of 376-byte region [0x602c00060440,0x602c000605b8) allocated by thread T0 here: #0 0x7fc8f47044e5 in calloc ??:? 0000001 0x7fc8f36ee03b in glXCreateNewContext ??:? Shadow bytes around the buggy address: 0x0c0600004060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c0600004070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa 0x0c0600004080: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 0x0c0600004090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c06000040a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c06000040b0: 00 00 00 00 00 00 00 fa fa fa fa[fa]fa fa fa fa 0x0c06000040c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c06000040d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c06000040e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c06000040f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0600004100: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap righ redzone: fb Freed Heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 ASan internal: fe ==12331== ABORTING | ||||
Steps To Reproduce | This occurred when I clicked on "Accept" after playing SM3-06 from the techroom. | ||||
Additional Information | I was looking for a different bug! | ||||
Tags | No tags attached. | ||||
Date Modified | Username | Field | Change |
---|---|---|---|
2015-02-09 09:23 | niffiwan | New Issue | |
2015-02-09 09:23 | niffiwan | Status | new => assigned |
2015-02-09 09:23 | niffiwan | Assigned To | => niffiwan |
2016-03-23 10:02 | MageKing17 | Note Added: 0016815 | |
2016-03-23 10:02 | MageKing17 | Target Version | 3.7.4 => 3.8 |
2021-01-10 01:38 | MjnMixael | Assigned To | niffiwan => |
2021-01-10 01:38 | MjnMixael | Status | assigned => closed |
2021-01-10 01:38 | MjnMixael | Resolution | open => suspended |
2021-01-10 01:38 | MjnMixael | Note Added: 0017096 |