Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GameServices::Builder::Create() does an invalid free() operation. #295

Open
stolk opened this issue Sep 17, 2019 · 0 comments

Comments

@stolk
Copy link

commented Sep 17, 2019

I am using the clang Address Sanitizer on my NDK-based Android app.

My android app uses: gpg-cpp-sdk_3.0.1

The address sanitizer caught a bug in GameServices::Builder::Create() where it frees an address that was never malloc()-ed.

Please double-check the implementation of Create() for free() operations that are not correct.

It triggers in my app the very first time I call Create().

2019-09-17 11:27:45.076 10934-11006/com.steenriver.buggy V/GamesNativeSDK: Using classes from /data/user/0/com.steenriver.buggy/app_.gpg.classloader/f4e1c1b7d8b3c0b3cf00b4afea4884b6_games.jar.
2019-09-17 11:27:45.076 10934-11006/com.steenriver.buggy I/com.steenriver.buggy: =================================================================
2019-09-17 11:27:45.076 10934-11006/com.steenriver.buggy I/com.steenriver.buggy: ==10934==ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed: 0xe2f9af80 in thread T1
2019-09-17 11:27:45.089 10934-11006/com.steenriver.buggy I/com.steenriver.buggy:     #0 0xcce622c3  (/data/app/com.steenriver.buggy-PIwTBVM7jR0JKx-F78eRqg==/lib/x86/libclang_rt.asan-i686-android.so+0xd32c3)
2019-09-17 11:27:45.089 10934-11006/com.steenriver.buggy I/com.steenriver.buggy:     #1 0xcc4df277  (/data/app/com.steenriver.buggy-PIwTBVM7jR0JKx-F78eRqg==/lib/x86/libbuggy.so+0x252277)
2019-09-17 11:27:45.090 10934-11006/com.steenriver.buggy I/com.steenriver.buggy:     #2 0xcc48b1f0  (/data/app/com.steenriver.buggy-PIwTBVM7jR0JKx-F78eRqg==/lib/x86/libbuggy.so+0x1fe1f0)
2019-09-17 11:27:45.090 10934-11006/com.steenriver.buggy I/com.steenriver.buggy:     #3 0xcc48ba27  (/data/app/com.steenriver.buggy-PIwTBVM7jR0JKx-F78eRqg==/lib/x86/libbuggy.so+0x1fea27)
2019-09-17 11:27:45.090 10934-11006/com.steenriver.buggy I/com.steenriver.buggy:     #4 0xcc484b28  (/data/app/com.steenriver.buggy-PIwTBVM7jR0JKx-F78eRqg==/lib/x86/libbuggy.so+0x1f7b28)
2019-09-17 11:27:45.090 10934-11006/com.steenriver.buggy I/com.steenriver.buggy:     #5 0xcc4c5946  (/data/app/com.steenriver.buggy-PIwTBVM7jR0JKx-F78eRqg==/lib/x86/libbuggy.so+0x238946)
2019-09-17 11:27:45.090 10934-11006/com.steenriver.buggy I/com.steenriver.buggy:     #6 0xcc4222d5  (/data/app/com.steenriver.buggy-PIwTBVM7jR0JKx-F78eRqg==/lib/x86/libbuggy.so+0x1952d5)
2019-09-17 11:27:45.090 10934-11006/com.steenriver.buggy I/com.steenriver.buggy:     #7 0xcc417735  (/data/app/com.steenriver.buggy-PIwTBVM7jR0JKx-F78eRqg==/lib/x86/libbuggy.so+0x18a735)
2019-09-17 11:27:45.090 10934-11006/com.steenriver.buggy I/com.steenriver.buggy:     #8 0xcc5ca4f5  (/data/app/com.steenriver.buggy-PIwTBVM7jR0JKx-F78eRqg==/lib/x86/libbuggy.so+0x33d4f5)
2019-09-17 11:27:45.090 10934-11006/com.steenriver.buggy I/com.steenriver.buggy:     #9 0xcce6d7b2  (/data/app/com.steenriver.buggy-PIwTBVM7jR0JKx-F78eRqg==/lib/x86/libclang_rt.asan-i686-android.so+0xde7b2)
2019-09-17 11:27:45.090 10934-11006/com.steenriver.buggy I/com.steenriver.buggy:     #10 0xcce50be7  (/data/app/com.steenriver.buggy-PIwTBVM7jR0JKx-F78eRqg==/lib/x86/libclang_rt.asan-i686-android.so+0xc1be7)
2019-09-17 11:27:45.091 10934-11006/com.steenriver.buggy I/com.steenriver.buggy:     #11 0xe9690065  (/system/lib/libc.so+0x8f065)
2019-09-17 11:27:45.091 10934-11006/com.steenriver.buggy I/com.steenriver.buggy:     #12 0xe962585b  (/system/lib/libc.so+0x2485b)
2019-09-17 11:27:45.091 10934-11006/com.steenriver.buggy I/com.steenriver.buggy: Address 0xe2f9af80 is a wild pointer.
2019-09-17 11:27:45.091 10934-11006/com.steenriver.buggy I/com.steenriver.buggy: SUMMARY: AddressSanitizer: bad-free (/data/app/com.steenriver.buggy-PIwTBVM7jR0JKx-F78eRqg==/lib/x86/libclang_rt.asan-i686-android.so+0xd32c3) 
2019-09-17 11:27:45.091 10934-11006/com.steenriver.buggy I/com.steenriver.buggy: Thread T1 created by T0 here:
2019-09-17 11:27:45.091 10934-11006/com.steenriver.buggy I/com.steenriver.buggy:     #0 0xcce50a89  (/data/app/com.steenriver.buggy-PIwTBVM7jR0JKx-F78eRqg==/lib/x86/libclang_rt.asan-i686-android.so+0xc1a89)
2019-09-17 11:27:45.091 10934-11006/com.steenriver.buggy I/com.steenriver.buggy:     #1 0xcc5c9d55  (/data/app/com.steenriver.buggy-PIwTBVM7jR0JKx-F78eRqg==/lib/x86/libbuggy.so+0x33cd55)
2019-09-17 11:27:45.091 10934-11006/com.steenriver.buggy I/com.steenriver.buggy:     #2 0xcc5c937d  (/data/app/com.steenriver.buggy-PIwTBVM7jR0JKx-F78eRqg==/lib/x86/libbuggy.so+0x33c37d)
2019-09-17 11:27:45.091 10934-11006/com.steenriver.buggy I/com.steenriver.buggy:     #3 0xe91756d2  (/system/lib/libandroid_runtime.so+0x826d2)
2019-09-17 11:27:45.092 10934-11006/com.steenriver.buggy I/com.steenriver.buggy:     #4 0x72b5794f  (/system/framework/x86/boot-framework.oat+0x3e794f)
2019-09-17 11:27:45.099 10934-11006/com.steenriver.buggy I/com.steenriver.buggy:     #5 0x711d19c7  (/data/dalvik-cache/x86/system@framework@boot-framework.art+0x70c9c7)
2019-09-17 11:27:45.100 10934-11006/com.steenriver.buggy I/com.steenriver.buggy: ==10934==ABORTING

My app's code:

	// Players().FetchSelf() response
	auto pcallback = [&]( gpg::PlayerManager::FetchSelfResponse const& response )
	{
		if ( gpg::IsSuccess( response.status ) )
		{
			self_id_ = response.data.Id();
			const std::string& url = response.data.AvatarUrl( gpg::ImageResolution::ICON );
			LOGI( "Our self id = %s", self_id_.c_str() );
			LOGI( "Our url = %s", url.c_str() );
			DownloadAvatar( url, 4 );
		}
	};
	// AuthActionStarted callback
	auto scallback = [started_callback]( gpg::AuthOperation op )
	{
		is_auth_in_progress_ = true;
		if ( started_callback != nullptr ) started_callback( op );
	};
	// AuthActionFinished callback
	auto fcallback = [finished_callback, pcallback]( gpg::AuthOperation op, gpg::AuthStatus status )
	{
		LOGI("Sign in finished with a result %s", gpg::DebugString( status ).c_str() );
       		is_auth_in_progress_ = false;
		if ( finished_callback != nullptr ) finished_callback( op, status );
		if ( status == gpg::AuthStatus::VALID )
		{
			ASSERT( game_services_ );
			game_services_->Players().FetchSelf( pcallback );	// find out what our own Id is.
			FetchAchievements();
			FetchLeaderboards();
		}
	};

	if (!game_services_)
	{
		LOGI("Uninitialized services, so creating");
		game_services_ = gpg::GameServices::Builder()
			.SetDefaultOnLog( gpg::LogLevel::VERBOSE )
			.SetOnAuthActionStarted( scallback )
			.SetOnAuthActionFinished( fcallback )
			.SetOnMultiplayerInvitationEvent( invitationcallback )
			.Create(pc);
		if ( !game_services_ )
		{
			LOGE( "gpg::GameServices::Builder() returned nil." );
		}
	}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.