Bug #824589: ASAN finding: SDL2 create_line - Freeciv - HostedRedmine by Planio

HostedRedmine.com has moved to the Planio platform. All logins and passwords remained the same. All users will be able to login and use Redmine just as before. Read more...

Send by e-mail

Bug #824589

ASAN finding: SDL2 create_line

Added by Zoltán Žarkov almost 3 years ago. Updated over 2 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Marko Lindqvist

Category:

gui-sdl2

Sprint/Milestone:

2.6.1

Start date:

Due date:

% Done:

Estimated time:

Description

Possibly related to a user-reported crash in SDL2 client.

=================================================================
204366ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62500002a884 at pc 0x55669ba17bd3 bp 0x7fffdac7a1b0 sp 0x7fffdac7a1a8
READ of size 4 at 0x62500002a884 thread T0
#0 0x55669ba17bd2 in create_line /home/vagrant/freeciv/client/gui-sdl2/graphics.c:1871
#1 0x55669b988a7b in canvas_put_line /home/vagrant/freeciv/client/gui-sdl2/canvas.c:175
#2 0x55669b8cf08f in draw_segment /home/vagrant/freeciv/client/mapview_common.c:2475
#3 0x55669b8c550e in update_map_canvas /home/vagrant/freeciv/client/mapview_common.c:1767
#4 0x55669b8d446c in unqueue_mapview_updates /home/vagrant/freeciv/client/mapview_common.c:3107
#5 0x55669b8d305c in queue_callback /home/vagrant/freeciv/client/mapview_common.c:2948
#6 0x55669b857947 in gui_event_loop /home/vagrant/freeciv/client/gui-sdl2/gui_main.c:749
#7 0x55669b8589da in ui_main /home/vagrant/freeciv/client/gui-sdl2/gui_main.c:986
#8 0x55669b85b8aa in client_main /home/vagrant/freeciv/client/client_main.c:686
#9 0x55669b857e16 in main /home/vagrant/freeciv/client/gui-sdl2/gui_main.c:868
#10 0x7fce1e72452a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2352a)
#11 0x55669b855329 in _start (/home/vagrant/freeciv/client/freeciv-sdl2+0x1af329)

0x62500002a884 is located 124 bytes to the left of 8192-byte region [0x62500002a900,0x62500002c900)
allocated by thread T0 here:
#0 0x7fce22707c20 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xd9c20)
#1 0x7fce22367962 (/usr/lib/x86_64-linux-gnu/libSDL2-2.0.so.0+0x66962)

SUMMARY: AddressSanitizer: heap-buffer-overflow /home/vagrant/freeciv/client/gui-sdl2/graphics.c:1871 in create_line
Shadow bytes around the buggy address:
0x0c4a7fffd4c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a7fffd4d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a7fffd4e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a7fffd4f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a7fffd500: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c4a7fffd510:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a7fffd520: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a7fffd530: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a7fffd540: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a7fffd550: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a7fffd560: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
204366ABORTING

0050-sdl2-Make-sure-in-create_line-that-pixel-adjusted-is.patch (2.24 KB) 0050-sdl2-Make-sure-in-create_line-that-pixel-adjusted-is.patch		Marko Lindqvist, 2019-07-02 10:41 PM
0050.png (261 KB) 0050.png		Zoltán Žarkov, 2019-07-02 10:46 PM
0001-Fix-arithmetic-error-in-SDL2-create_line.patch (2.08 KB) 0001-Fix-arithmetic-error-in-SDL2-create_line.patch	master	Zoltán Žarkov, 2019-07-02 11:12 PM
0001-Fix-arithmetic-error-in-SDL2-create_line.patch (1.01 KB) 0001-Fix-arithmetic-error-in-SDL2-create_line.patch		Zoltán Žarkov, 2019-07-02 11:18 PM