Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RemoveUnit crash #21

Closed
Szunti opened this issue Jun 4, 2015 · 2 comments
Closed

RemoveUnit crash #21

Szunti opened this issue Jun 4, 2015 · 2 comments

Comments

@Szunti
Copy link
Contributor

Szunti commented Jun 4, 2015

I think it means a unit was killed, that wasn't added to a player with AddUnit yet.

=================================================================
==2076==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x619003529178 at pc 0x0000005f5263 bp 0x7ffea3d9de40 sp 0x7ffea3d9de30
WRITE of size 8 at 0x619003529178 thread T0
    #0 0x5f5262 in CPlayer::RemoveUnit(CUnit&) Wyrmgus/src/stratagus/player.cpp:899
    #1 0x6cd603 in UnitLost(CUnit&) Wyrmgus/src/unit/unit.cpp:1450
    #2 0x6cfbfb in LetUnitDie(CUnit&, bool) Wyrmgus/src/unit/unit.cpp:2628
    #3 0x489629 in Feed Wyrmgus/src/action/action_still.cpp:269
    #4 0x489629 in COrder_Still::Execute(CUnit&) Wyrmgus/src/action/action_still.cpp:593
    #5 0x499188 in HandleUnitAction Wyrmgus/src/action/actions.cpp:396
    #6 0x499188 in UnitActionsEachCycle<__gnu_cxx::__normal_iterator<CUnit**, std::vector<CUnit*> > > Wyrmgus/src/action/actions.cpp:487
    #7 0x499188 in UnitActions() Wyrmgus/src/action/actions.cpp:517
    #8 0x5f1610 in GameLogicLoop Wyrmgus/src/stratagus/mainloop.cpp:256
    #9 0x5f1610 in SingleGameLoop Wyrmgus/src/stratagus/mainloop.cpp:390
    #10 0x5f1610 in GameMainLoop() Wyrmgus/src/stratagus/mainloop.cpp:427
    #11 0x506ac5 in StartMap(std::string const&, bool) Wyrmgus/src/game/game.cpp:164
    #12 0x79cc98 in tolua_stratagus_StartMap00 Wyrmgus/build/tolua.cpp:1063
    #13 0x7fbdaa5f11e7  (/usr/lib/liblua5.1.so.5.1+0xc1e7)
    #14 0x7fbdaa5fb92e  (/usr/lib/liblua5.1.so.5.1+0x1692e)
    #15 0x7fbdaa5f162c  (/usr/lib/liblua5.1.so.5.1+0xc62c)
    #16 0x7fbdaa5f091a  (/usr/lib/liblua5.1.so.5.1+0xb91a)
    #17 0x7fbdaa5f17b9  (/usr/lib/liblua5.1.so.5.1+0xc7b9)
    #18 0x7fbdaa5ed57c in lua_pcall (/usr/lib/liblua5.1.so.5.1+0x857c)
    #19 0x5f0455 in LuaCallback::run(int) Wyrmgus/src/stratagus/luacallback.cpp:149
    #20 0x683a65 in LuaActionListener::action(std::string const&) Wyrmgus/src/ui/widgets.cpp:214
    #21 0x52969b in gcn::Widget::generateAction() Wyrmgus/src/guichan/widget.cpp:609
    #22 0x52c0a1 in gcn::Button::mouseClick(int, int, int, int) Wyrmgus/src/guichan/widgets/button.cpp:254
    #23 0x52901a in gcn::Widget::_mouseInputMessage(gcn::MouseInput const&) Wyrmgus/src/guichan/widget.cpp:495
    #24 0x52ebbe in gcn::Container::_mouseInputMessage(gcn::MouseInput const&) Wyrmgus/src/guichan/widgets/container.cpp:386
    #25 0x519fcf in gcn::Gui::logic() Wyrmgus/src/guichan/gui.cpp:155
    #26 0x6859f9 in handleInput(SDL_Event const*) Wyrmgus/src/ui/widgets.cpp:169
    #27 0x72a06b in WaitEventsOneFrame() Wyrmgus/src/video/sdl.cpp:981
    #28 0x690286 in MenuScreen::run(bool) Wyrmgus/src/ui/widgets.cpp:2897
    #29 0x7804b1 in tolua_stratagus_CMenuScreen_run00 Wyrmgus/build/tolua.cpp:20941
    #30 0x7fbdaa5f11e7  (/usr/lib/liblua5.1.so.5.1+0xc1e7)
    #31 0x7fbdaa5fb92e  (/usr/lib/liblua5.1.so.5.1+0x1692e)
    #32 0x7fbdaa5f162c  (/usr/lib/liblua5.1.so.5.1+0xc62c)
    #33 0x7fbdaa5f091a  (/usr/lib/liblua5.1.so.5.1+0xb91a)
    #34 0x7fbdaa5f17b9  (/usr/lib/liblua5.1.so.5.1+0xc7b9)
    #35 0x7fbdaa5ed57c in lua_pcall (/usr/lib/liblua5.1.so.5.1+0x857c)
    #36 0x5f0455 in LuaCallback::run(int) Wyrmgus/src/stratagus/luacallback.cpp:149
    #37 0x683a65 in LuaActionListener::action(std::string const&) Wyrmgus/src/ui/widgets.cpp:214
    #38 0x52969b in gcn::Widget::generateAction() Wyrmgus/src/guichan/widget.cpp:609
    #39 0x52c0a1 in gcn::Button::mouseClick(int, int, int, int) Wyrmgus/src/guichan/widgets/button.cpp:254
    #40 0x52901a in gcn::Widget::_mouseInputMessage(gcn::MouseInput const&) Wyrmgus/src/guichan/widget.cpp:495
    #41 0x52ebbe in gcn::Container::_mouseInputMessage(gcn::MouseInput const&) Wyrmgus/src/guichan/widgets/container.cpp:386
    #42 0x519fcf in gcn::Gui::logic() Wyrmgus/src/guichan/gui.cpp:155
    #43 0x6859f9 in handleInput(SDL_Event const*) Wyrmgus/src/ui/widgets.cpp:169
    #44 0x72a06b in WaitEventsOneFrame() Wyrmgus/src/video/sdl.cpp:981
    #45 0x690286 in MenuScreen::run(bool) Wyrmgus/src/ui/widgets.cpp:2897
    #46 0x7804b1 in tolua_stratagus_CMenuScreen_run00 Wyrmgus/build/tolua.cpp:20941
    #47 0x7fbdaa5f11e7  (/usr/lib/liblua5.1.so.5.1+0xc1e7)
    #48 0x7fbdaa5fb92e  (/usr/lib/liblua5.1.so.5.1+0x1692e)
    #49 0x7fbdaa5f162c  (/usr/lib/liblua5.1.so.5.1+0xc62c)
    #50 0x7fbdaa5f091a  (/usr/lib/liblua5.1.so.5.1+0xb91a)
    #51 0x7fbdaa5f17b9  (/usr/lib/liblua5.1.so.5.1+0xc7b9)
    #52 0x7fbdaa5ed57c in lua_pcall (/usr/lib/liblua5.1.so.5.1+0x857c)
    #53 0x5f0455 in LuaCallback::run(int) Wyrmgus/src/stratagus/luacallback.cpp:149
    #54 0x683a65 in LuaActionListener::action(std::string const&) Wyrmgus/src/ui/widgets.cpp:214
    #55 0x52969b in gcn::Widget::generateAction() Wyrmgus/src/guichan/widget.cpp:609
    #56 0x52c0a1 in gcn::Button::mouseClick(int, int, int, int) Wyrmgus/src/guichan/widgets/button.cpp:254
    #57 0x52901a in gcn::Widget::_mouseInputMessage(gcn::MouseInput const&) Wyrmgus/src/guichan/widget.cpp:495
    #58 0x52ebbe in gcn::Container::_mouseInputMessage(gcn::MouseInput const&) Wyrmgus/src/guichan/widgets/container.cpp:386
    #59 0x519fcf in gcn::Gui::logic() Wyrmgus/src/guichan/gui.cpp:155
    #60 0x6859f9 in handleInput(SDL_Event const*) Wyrmgus/src/ui/widgets.cpp:169
    #61 0x72a06b in WaitEventsOneFrame() Wyrmgus/src/video/sdl.cpp:981
    #62 0x690286 in MenuScreen::run(bool) Wyrmgus/src/ui/widgets.cpp:2897
    #63 0x7804b1 in tolua_stratagus_CMenuScreen_run00 Wyrmgus/build/tolua.cpp:20941
    #64 0x7fbdaa5f11e7  (/usr/lib/liblua5.1.so.5.1+0xc1e7)
    #65 0x7fbdaa5fb898  (/usr/lib/liblua5.1.so.5.1+0x16898)
    #66 0x7fbdaa5f162c  (/usr/lib/liblua5.1.so.5.1+0xc62c)
    #67 0x7fbdaa5f091a  (/usr/lib/liblua5.1.so.5.1+0xb91a)
    #68 0x7fbdaa5f17b9  (/usr/lib/liblua5.1.so.5.1+0xc7b9)
    #69 0x7fbdaa5ed57c in lua_pcall (/usr/lib/liblua5.1.so.5.1+0x857c)
    #70 0x5f0455 in LuaCallback::run(int) Wyrmgus/src/stratagus/luacallback.cpp:149
    #71 0x683a65 in LuaActionListener::action(std::string const&) Wyrmgus/src/ui/widgets.cpp:214
    #72 0x52969b in gcn::Widget::generateAction() Wyrmgus/src/guichan/widget.cpp:609
    #73 0x52c0a1 in gcn::Button::mouseClick(int, int, int, int) Wyrmgus/src/guichan/widgets/button.cpp:254
    #74 0x52901a in gcn::Widget::_mouseInputMessage(gcn::MouseInput const&) Wyrmgus/src/guichan/widget.cpp:495
    #75 0x52ebbe in gcn::Container::_mouseInputMessage(gcn::MouseInput const&) Wyrmgus/src/guichan/widgets/container.cpp:386
    #76 0x519fcf in gcn::Gui::logic() Wyrmgus/src/guichan/gui.cpp:155
    #77 0x6859f9 in handleInput(SDL_Event const*) Wyrmgus/src/ui/widgets.cpp:169
    #78 0x72a06b in WaitEventsOneFrame() Wyrmgus/src/video/sdl.cpp:981
    #79 0x690286 in MenuScreen::run(bool) Wyrmgus/src/ui/widgets.cpp:2897
    #80 0x7804b1 in tolua_stratagus_CMenuScreen_run00 Wyrmgus/build/tolua.cpp:20941
    #81 0x7fbdaa5f11e7  (/usr/lib/liblua5.1.so.5.1+0xc1e7)
    #82 0x7fbdaa5fb898  (/usr/lib/liblua5.1.so.5.1+0x16898)
    #83 0x7fbdaa5f162c  (/usr/lib/liblua5.1.so.5.1+0xc62c)
    #84 0x7fbdaa5f091a  (/usr/lib/liblua5.1.so.5.1+0xb91a)
    #85 0x7fbdaa5f17b9  (/usr/lib/liblua5.1.so.5.1+0xc7b9)
    #86 0x7fbdaa5ed57c in lua_pcall (/usr/lib/liblua5.1.so.5.1+0x857c)
    #87 0x5f0455 in LuaCallback::run(int) Wyrmgus/src/stratagus/luacallback.cpp:149
    #88 0x683a65 in LuaActionListener::action(std::string const&) Wyrmgus/src/ui/widgets.cpp:214
    #89 0x52969b in gcn::Widget::generateAction() Wyrmgus/src/guichan/widget.cpp:609
    #90 0x52c0a1 in gcn::Button::mouseClick(int, int, int, int) Wyrmgus/src/guichan/widgets/button.cpp:254
    #91 0x52901a in gcn::Widget::_mouseInputMessage(gcn::MouseInput const&) Wyrmgus/src/guichan/widget.cpp:495
    #92 0x52ebbe in gcn::Container::_mouseInputMessage(gcn::MouseInput const&) Wyrmgus/src/guichan/widgets/container.cpp:386
    #93 0x519fcf in gcn::Gui::logic() Wyrmgus/src/guichan/gui.cpp:155
    #94 0x6859f9 in handleInput(SDL_Event const*) Wyrmgus/src/ui/widgets.cpp:169
    #95 0x72a06b in WaitEventsOneFrame() Wyrmgus/src/video/sdl.cpp:981
    #96 0x690286 in MenuScreen::run(bool) Wyrmgus/src/ui/widgets.cpp:2897
    #97 0x7804b1 in tolua_stratagus_CMenuScreen_run00 Wyrmgus/build/tolua.cpp:20941
    #98 0x7fbdaa5f11e7  (/usr/lib/liblua5.1.so.5.1+0xc1e7)
    #99 0x7fbdaa5fb898  (/usr/lib/liblua5.1.so.5.1+0x16898)
    #100 0x7fbdaa5f162c  (/usr/lib/liblua5.1.so.5.1+0xc62c)
    #101 0x7fbdaa5f091a  (/usr/lib/liblua5.1.so.5.1+0xb91a)
    #102 0x7fbdaa5f17b9  (/usr/lib/liblua5.1.so.5.1+0xc7b9)
    #103 0x7fbdaa5ed57c in lua_pcall (/usr/lib/liblua5.1.so.5.1+0x857c)
    #104 0x5fc8a5 in LuaCall(int, int, bool) Wyrmgus/src/stratagus/script.cpp:165
    #105 0x601e93 in LuaLoadFile(std::string const&) Wyrmgus/src/stratagus/script.cpp:222
    #106 0x61e9ba in MenuLoop Wyrmgus/src/stratagus/stratagus.cpp:302
    #107 0x61e9ba in stratagusMain(int, char**) Wyrmgus/src/stratagus/stratagus.cpp:784
    #108 0x5f0603 in main Wyrmgus/src/stratagus/main.cpp:37
    #109 0x7fbda784478f in __libc_start_main (/usr/lib/libc.so.6+0x2078f)
    #110 0x45d408 in _start (Wyrmgus/build/stratagus+0x45d408)

0x619003529178 is located 8 bytes to the left of 1024-byte region [0x619003529180,0x619003529580)
allocated by thread T0 here:
    #0 0x7fbdaa8ab8e2 in operator new(unsigned long) /build/gcc-multilib/src/gcc-5-20150519/libsanitizer/asan/asan_new_delete.cc:60
    #1 0x48ab91 in __gnu_cxx::new_allocator<CUnit*>::allocate(unsigned long, void const*) /usr/include/c++/5.1.0/ext/new_allocator.h:104
    #2 0x48ab91 in std::allocator_traits<std::allocator<CUnit*> >::allocate(std::allocator<CUnit*>&, unsigned long) /usr/include/c++/5.1.0/bits/alloc_traits.h:360
    #3 0x48ab91 in std::_Vector_base<CUnit*, std::allocator<CUnit*> >::_M_allocate(unsigned long) /usr/include/c++/5.1.0/bits/stl_vector.h:170
    #4 0x48ab91 in void std::vector<CUnit*, std::allocator<CUnit*> >::_M_emplace_back_aux<CUnit*>(CUnit*&&) /usr/include/c++/5.1.0/bits/vector.tcc:412
    #5 0x48ad46 in void std::vector<CUnit*, std::allocator<CUnit*> >::emplace_back<CUnit*>(CUnit*&&) /usr/include/c++/5.1.0/bits/vector.tcc:101
    #6 0x5f87e3 in std::vector<CUnit*, std::allocator<CUnit*> >::push_back(CUnit*&&) /usr/include/c++/5.1.0/bits/stl_vector.h:932
    #7 0x5f87e3 in CPlayer::AddUnit(CUnit&) Wyrmgus/src/stratagus/player.cpp:886
    #8 0x6c2ec8 in CUnit::AssignToPlayer(CPlayer&) Wyrmgus/src/unit/unit.cpp:789
    #9 0x6cb03d in MakeUnit(CUnitType const&, CPlayer*) Wyrmgus/src/unit/unit.cpp:848
    #10 0x48f2d2 in COrder_Train::Execute(CUnit&) Wyrmgus/src/action/action_train.cpp:313
    #11 0x499188 in HandleUnitAction Wyrmgus/src/action/actions.cpp:396
    #12 0x499188 in UnitActionsEachCycle<__gnu_cxx::__normal_iterator<CUnit**, std::vector<CUnit*> > > Wyrmgus/src/action/actions.cpp:487
    #13 0x499188 in UnitActions() Wyrmgus/src/action/actions.cpp:517
    #14 0x5f1610 in GameLogicLoop Wyrmgus/src/stratagus/mainloop.cpp:256
    #15 0x5f1610 in SingleGameLoop Wyrmgus/src/stratagus/mainloop.cpp:390
    #16 0x5f1610 in GameMainLoop() Wyrmgus/src/stratagus/mainloop.cpp:427
    #17 0x506ac5 in StartMap(std::string const&, bool) Wyrmgus/src/game/game.cpp:164
    #18 0x79cc98 in tolua_stratagus_StartMap00 Wyrmgus/build/tolua.cpp:1063
    #19 0x7fbdaa5f11e7  (/usr/lib/liblua5.1.so.5.1+0xc1e7)

SUMMARY: AddressSanitizer: heap-buffer-overflow Wyrmgus/src/stratagus/player.cpp:899 CPlayer::RemoveUnit(CUnit&)
Shadow bytes around the buggy address:
  0x0c328069d1d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c328069d1e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c328069d1f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c328069d200: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c328069d210: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c328069d220: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa[fa]
  0x0c328069d230: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c328069d240: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c328069d250: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c328069d260: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c328069d270: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
==2076==ABORTING
@Szunti
Copy link
Contributor Author

Szunti commented Jun 4, 2015

It happened when I was destroying the base of the enemy.

@Andrettin
Copy link
Owner

Thanks for reporting this; looking at the stack, the issue happened when an animal was feeding from something, and that thing was removed. I imagine the animal either tried to eat something that was dying or for some reason already removed, and that caused problems with LetUnitDie. I added checks which should prevent this happening again in a7cbcee

Let me know if the issue persists after this fix and I will reopen the issue.

@Andrettin Andrettin mentioned this issue Jul 14, 2015
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Szunti @Andrettin