HostedRedmine.com has moved to the Planio platform. All logins and passwords remained the same. All users will be able to login and use Redmine just as before. Read more...
Bug #824589
ASAN finding: SDL2 create_line
0%
Description
Possibly related to a user-reported crash in SDL2 client.
=================================================================
204366ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62500002a884 at pc 0x55669ba17bd3 bp 0x7fffdac7a1b0 sp 0x7fffdac7a1a8
READ of size 4 at 0x62500002a884 thread T0
#0 0x55669ba17bd2 in create_line /home/vagrant/freeciv/client/gui-sdl2/graphics.c:1871
#1 0x55669b988a7b in canvas_put_line /home/vagrant/freeciv/client/gui-sdl2/canvas.c:175
#2 0x55669b8cf08f in draw_segment /home/vagrant/freeciv/client/mapview_common.c:2475
#3 0x55669b8c550e in update_map_canvas /home/vagrant/freeciv/client/mapview_common.c:1767
#4 0x55669b8d446c in unqueue_mapview_updates /home/vagrant/freeciv/client/mapview_common.c:3107
#5 0x55669b8d305c in queue_callback /home/vagrant/freeciv/client/mapview_common.c:2948
#6 0x55669b857947 in gui_event_loop /home/vagrant/freeciv/client/gui-sdl2/gui_main.c:749
#7 0x55669b8589da in ui_main /home/vagrant/freeciv/client/gui-sdl2/gui_main.c:986
#8 0x55669b85b8aa in client_main /home/vagrant/freeciv/client/client_main.c:686
#9 0x55669b857e16 in main /home/vagrant/freeciv/client/gui-sdl2/gui_main.c:868
#10 0x7fce1e72452a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2352a)
#11 0x55669b855329 in _start (/home/vagrant/freeciv/client/freeciv-sdl2+0x1af329)
0x62500002a884 is located 124 bytes to the left of 8192-byte region [0x62500002a900,0x62500002c900)
allocated by thread T0 here:
#0 0x7fce22707c20 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xd9c20)
#1 0x7fce22367962 (/usr/lib/x86_64-linux-gnu/libSDL2-2.0.so.0+0x66962)
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/vagrant/freeciv/client/gui-sdl2/graphics.c:1871 in create_line
Shadow bytes around the buggy address:
0x0c4a7fffd4c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a7fffd4d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a7fffd4e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a7fffd4f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a7fffd500: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c4a7fffd510:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a7fffd520: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a7fffd530: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a7fffd540: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a7fffd550: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a7fffd560: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
204366ABORTING
History
#1
Updated by Marko Lindqvist almost 3 years ago
- Tracker changed from Task to Bug
#2
Updated by Marko Lindqvist almost 3 years ago
#3
Updated by Marko Lindqvist almost 3 years ago
- File 0050-sdl2-Make-sure-in-create_line-that-pixel-adjusted-is.patch 0050-sdl2-Make-sure-in-create_line-that-pixel-adjusted-is.patch added
Does this patch (for master) help?
#4
Updated by Zoltán Žarkov almost 3 years ago
No memory violations, but goto path is drawn incorrectly.
#5
Updated by Marko Lindqvist almost 3 years ago
Zoltán Žarkov wrote:
but goto path is drawn incorrectly.
That's not a regression (i.e, not blocking the patch). I get the same problem of not drawing S-N segments without the patch.
#6
Updated by Marko Lindqvist almost 3 years ago
- Status changed from New to Resolved
- Sprint/Milestone set to 2.6.1
#8
Updated by Zoltán Žarkov almost 3 years ago
- File 0001-Fix-arithmetic-error-in-SDL2-create_line.patch 0001-Fix-arithmetic-error-in-SDL2-create_line.patch added
- Rebase off master
#9
Updated by Marko Lindqvist almost 3 years ago
- Status changed from Resolved to Closed
- Assignee set to Marko Lindqvist