View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0003033 | FSSCP | public | 2014-04-18 12:07 | 2014-04-18 12:18 | |
| Reporter | Echelon9 | Assigned To | Echelon9 | ||
| Priority | normal | Severity | major | Reproducibility | sometimes |
| Status | resolved | Resolution | fixed | ||
| Product Version | 3.7.1 | ||||
| Target Version | 3.7.2 | Fixed in Version | 3.7.2 | ||
| Summary | 0003033: AddressSanitizer: global-buffer-overflow in shockwave_move() | ||||
| Description | ERROR: AddressSanitizer: global-buffer-overflow on address 0x000104986b34 at pc 0x10260e0db bp 0x7fff5fbfc9b0 sp 0x7fff5fbfc9a8 READ of size 4 at 0x000104986b34 thread T0 #0 0x10260e0da in shockwave_move shockwave.cpp:297 0000001 0x1026144c0 in shockwave_move_all shockwave.cpp:636 0000002 0x1001612b4 in game_simulation_frame freespace.cpp:4058 0000003 0x100165c72 in game_frame freespace.cpp:4401 0000004 0x10016b4fb in game_do_frame freespace.cpp:4817 0000005 0x100176ff9 in game_do_state freespace.cpp:6500 0000006 0x10078f73d in gameseq_process_events gamesequence.cpp:409 0000007 0x10017d794 in game_main freespace.cpp:7067 0000008 0x10017ee58 in SDL_main freespace.cpp:7201 ... 0x000104986b34 is located 258772 bytes to the right of global variable 'Weapons' from '/Users/rhyskidd/Documents/Coding/fs2open.github.com/code/weapon/weapons.cpp' (0x1047ff660) of size 1344000 SUMMARY: AddressSanitizer: global-buffer-overflow ??:0 ?? Shadow bytes around the buggy address: 0x100020930d10: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 0x100020930d20: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 0x100020930d30: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 0x100020930d40: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 0x100020930d50: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 =>0x100020930d60: f9 f9 f9 f9 f9 f9[f9]f9 f9 f9 f9 f9 f9 f9 f9 f9 0x100020930d70: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 0x100020930d80: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 0x100020930d90: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 0x100020930da0: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 0x100020930db0: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Contiguous container OOB:fc ASan internal: fe ==95360==ABORTING ... // blast ships and asteroids // And (some) weapons for ( objp = GET_FIRST(&obj_used_list); objp !=END_OF_LIST(&obj_used_list); objp = GET_NEXT(objp) ) { if ( (objp->type != OBJ_SHIP) && (objp->type != OBJ_ASTEROID) && (objp->type != OBJ_WEAPON)) { continue; } if ( objp->type == OBJ_WEAPON ) { // only apply to missiles with hitpoints weapon_info* wip = &Weapon_info[Weapons[objp->instance].weapon_info_index]; if (wip->weapon_hitpoints <= 0 || !(wip->wi_flags2 & WIF2_TAKES_SHOCKWAVE_DAMAGE) || (Weapon_info[sw->weapon_info_index].wi_flags2 & WIF2_CIWS)) continue; } ... | ||||
| Additional Information | Seen on ad hoc basis within Diaspora M6. | ||||
| Tags | No tags attached. | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2014-04-18 12:07 | Echelon9 | New Issue | |
| 2014-04-18 12:07 | Echelon9 | Status | new => assigned |
| 2014-04-18 12:07 | Echelon9 | Assigned To | => Echelon9 |
| 2014-04-18 12:17 | Echelon9 | Changeset attached | => fs2open trunk r10568 |
| 2014-04-18 12:18 | Echelon9 | Note Added: 0015704 | |
| 2014-04-18 12:18 | Echelon9 | Status | assigned => resolved |
| 2014-04-18 12:18 | Echelon9 | Fixed in Version | => 3.7.2 |
| 2014-04-18 12:18 | Echelon9 | Resolution | open => fixed |
