Project

Profile

Help

HostedRedmine.com has moved to the Planio platform. All logins and passwords remained the same. All users will be able to login and use Redmine just as before. Read more...
Send by e-mail

Bug #823174

ASAN finding: achievement_check

Added by Zoltán Žarkov about 2 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Marko Lindqvist
Category:
Server
Sprint/Milestone:
2.6.1
Start date:
Due date:
% Done:

0%

Estimated time:

Description

41873ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020004f0f5a at pc 0x5618a08271b8 bp 0x7ffc5a040530 sp 0x7ffc5a040528
READ of size 1 at 0x6020004f0f5a thread T0
#0 0x5618a08271b7 in achievement_check (/home/vagrant/freeciv/server/freeciv-server+0x5ad1b7)
#1 0x5618a0825c30 in achievement_plr (/home/vagrant/freeciv/server/freeciv-server+0x5abc30)
#2 0x5618a0478974 in end_turn (/home/vagrant/freeciv/server/freeciv-server+0x1fe974)
#3 0x5618a047feb6 in srv_running (/home/vagrant/freeciv/server/freeciv-server+0x205eb6)
#4 0x5618a0482dd5 in srv_main (/home/vagrant/freeciv/server/freeciv-server+0x208dd5)
#5 0x5618a0467366 in main (/home/vagrant/freeciv/server/freeciv-server+0x1ed366)
#6 0x7fda8973c52a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2352a)
#7 0x5618a0464ff9 in _start (/home/vagrant/freeciv/server/freeciv-server+0x1eaff9)

0x6020004f0f5a is located 0 bytes to the right of 10-byte region [0x6020004f0f50,0x6020004f0f5a)
allocated by thread T0 here:
#0 0x7fda8caefc20 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xd9c20)
#1 0x5618a0b04c4e in fc_real_malloc (/home/vagrant/freeciv/server/freeciv-server+0x88ac4e)
#2 0x5618a0b04d42 in fc_real_calloc (/home/vagrant/freeciv/server/freeciv-server+0x88ad42)
#3 0x5618a0826ff0 in achievement_check (/home/vagrant/freeciv/server/freeciv-server+0x5acff0)
#4 0x5618a0825c30 in achievement_plr (/home/vagrant/freeciv/server/freeciv-server+0x5abc30)
#5 0x5618a0478974 in end_turn (/home/vagrant/freeciv/server/freeciv-server+0x1fe974)
#6 0x5618a047feb6 in srv_running (/home/vagrant/freeciv/server/freeciv-server+0x205eb6)
#7 0x5618a0482dd5 in srv_main (/home/vagrant/freeciv/server/freeciv-server+0x208dd5)
#8 0x5618a0467366 in main (/home/vagrant/freeciv/server/freeciv-server+0x1ed366)
#9 0x7fda8973c52a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2352a)

0001-Correct-off-by-one-error-in-land-ahoy-achievement-ch.patch (1012 Bytes) 0001-Correct-off-by-one-error-in-land-ahoy-achievement-ch.patch master Zoltán Žarkov, 2019-06-25 04:14 AM
0001-Correct-off-by-one-error-in-land-ahoy-achievement-ch.patch (1.15 KB) 0001-Correct-off-by-one-error-in-land-ahoy-achievement-ch.patch master Zoltán Žarkov, 2019-06-25 02:48 PM

History

#1 Updated by Zoltán Žarkov about 2 years ago

Continents have index 1..num_continents inclusive, so this was indexing seen[num_continents] when sizeof(seen) == num_continents.

#2 Updated by Marko Lindqvist about 2 years ago

The assignment to 'seen' requires equivalent change, I think.

#4 Updated by Marko Lindqvist about 2 years ago

  • Status changed from New to Resolved
  • Assignee set to Marko Lindqvist
  • Sprint/Milestone set to 2.6.1

#5 Updated by Marko Lindqvist about 2 years ago

  • Status changed from Resolved to Closed
Send by e-mail

Also available in: Atom PDF