Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crash POL 05/05/17 (with fsanitize) #25

Closed
nogu3ira opened this issue May 8, 2017 · 1 comment
Closed

Crash POL 05/05/17 (with fsanitize) #25

nogu3ira opened this issue May 8, 2017 · 1 comment
Labels
bug duplicate

Comments

@nogu3ira
Copy link
Contributor

nogu3ira commented May 8, 2017
edited
Loading 

=================================================================
==7774==ERROR: AddressSanitizer: heap-use-after-free on address 0x60d000aaf258 at pc 0x91ca0f bp 0x7f9213f435a0 sp 0x7f9213f43598
READ of size 8 at 0x60d000aaf258 thread T4
    #0 0x91ca0e in Pol::Core::Party::on_mana_changed(Pol::Mobile::Character*) const (/home/administrador/pol/pol+0x91ca0e)
    #1 0x8c239f in Pol::Network::send_uo_mana(Pol::Network::Client*, Pol::Mobile::Character*, Pol::Core::Vital const*) (/home/administrador/pol/pol+0x8c239f)
    #2 0x8bf5f1 in Pol::Network::ClientInterface::tell_vital_changed(Pol::Mobile::Character*, Pol::Core::Vital const*) (/home/administrador/pol/pol+0x8bf5f1)
    #3 0xa654da in Pol::Core::regen_stats()::{lambda(Pol::Mobile::Character*)#1}::operator()(Pol::Mobile::Character*) const (/home/administrador/pol/pol+0xa654da)
    #4 0xa66682 in Pol::Core::regen_stats() (/home/administrador/pol/pol+0xa66682)
    #5 0x9b4494 in Pol::Core::check_scheduled_tasks(int*, bool*) (/home/administrador/pol/pol+0x9b4494)
    #6 0x92f01d in Pol::Core::tasks_thread() (/home/administrador/pol/pol+0x92f01d)
    #7 0x7f923205648c in Pol::threadhelp::run_thread(void (*)()) (lib/libclib.so+0xa748c)
    #8 0x7f923205664f in Pol::threadhelp::thread_stub2(void*) (lib/libclib.so+0xa764f)
    #9 0x7f92314ff063 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x8063)
    #10 0x7f923009d62c in clone (/lib/x86_64-linux-gnu/libc.so.6+0xe862c)

0x60d000aaf258 is located 8 bytes inside of 136-byte region [0x60d000aaf250,0x60d000aaf2d8)
freed by thread T5 here:
    #0 0x7f923268b477 in operator delete(void*) (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x55477)
    #1 0x784273 in Pol::Module::EPartyRefObjImp::~EPartyRefObjImp() (/home/administrador/pol/pol+0x784273)
    #2 0x7f92322db8c7 in ref_ptr<Pol::Bscript::BObject>::release() (lib/libbscript.so+0x588c7)
    #3 0x7f923236df91 in Pol::Bscript::Executor::ins_leave_block(Pol::Bscript::Instruction const&) (lib/libbscript.so+0xeaf91)
    #4 0x7f923239249c in Pol::Bscript::Executor::execInstr() (lib/libbscript.so+0x10f49c)
    #5 0x5e9399 in Pol::Core::ScriptScheduler::run_ready() (/home/administrador/pol/pol+0x5e9399)
    #6 0x9cca21 in Pol::Core::step_scripts(int*, bool*) (/home/administrador/pol/pol+0x9cca21)
    #7 0x92cef8 in Pol::Core::scripts_thread() (/home/administrador/pol/pol+0x92cef8)
    #8 0x7f923205648c in Pol::threadhelp::run_thread(void (*)()) (lib/libclib.so+0xa748c)
    #9 0x7f923205664f in Pol::threadhelp::thread_stub2(void*) (lib/libclib.so+0xa764f)
    #10 0x7f92314ff063 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x8063)

previously allocated by thread T5 here:
    #0 0x7f923268afff in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x54fff)
    #1 0x7803b1 in Pol::Module::PartyExecutorModule::mf_CreateParty() (/home/administrador/pol/pol+0x7803b1)
    #2 0x7f9232395dec in Pol::Bscript::Executor::execFunc(Pol::Bscript::Token const&) (lib/libbscript.so+0x112dec)
    #3 0x7f9232396914 in Pol::Bscript::Executor::ins_func(Pol::Bscript::Instruction const&) (lib/libbscript.so+0x113914)
    #4 0x7f923239249c in Pol::Bscript::Executor::execInstr() (lib/libbscript.so+0x10f49c)
    #5 0x5e9399 in Pol::Core::ScriptScheduler::run_ready() (/home/administrador/pol/pol+0x5e9399)
    #6 0x9cca21 in Pol::Core::step_scripts(int*, bool*) (/home/administrador/pol/pol+0x9cca21)
    #7 0x92cef8 in Pol::Core::scripts_thread() (/home/administrador/pol/pol+0x92cef8)
    #8 0x7f923205648c in Pol::threadhelp::run_thread(void (*)()) (lib/libclib.so+0xa748c)
    #9 0x7f923205664f in Pol::threadhelp::thread_stub2(void*) (lib/libclib.so+0xa764f)
    #10 0x7f92314ff063 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x8063)

Thread T4 created by T0 here:
    #0 0x7f9232659bba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
    #1 0x7f9232052175 in Pol::threadhelp::create_thread(Pol::threadhelp::ThreadData*, bool) (lib/libclib.so+0xa3175)
    #2 0x933ca6 in Pol::Core::start_threads() (/home/administrador/pol/pol+0x933ca6)
    #3 0x93588f in Pol::xmain_inner(bool) (/home/administrador/pol/pol+0x93588f)
    #4 0x935fc3 in Pol::xmain_outer(bool) (/home/administrador/pol/pol+0x935fc3)
    #5 0x514a79 in Pol::Clib::PolMain::main() (/home/administrador/pol/pol+0x514a79)
    #6 0x7f9231ff9945 in Pol::Clib::ProgramMain::start(int, char**) (lib/libclib.so+0x4a945)
    #7 0x514b05 in main (/home/administrador/pol/pol+0x514b05)
    #8 0x7f922ffd6b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)

Thread T5 created by T0 here:
    #0 0x7f9232659bba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
    #1 0x7f9232052175 in Pol::threadhelp::create_thread(Pol::threadhelp::ThreadData*, bool) (lib/libclib.so+0xa3175)
    #2 0x933cca in Pol::Core::start_threads() (/home/administrador/pol/pol+0x933cca)
    #3 0x93588f in Pol::xmain_inner(bool) (/home/administrador/pol/pol+0x93588f)
    #4 0x935fc3 in Pol::xmain_outer(bool) (/home/administrador/pol/pol+0x935fc3)
    #5 0x514a79 in Pol::Clib::PolMain::main() (/home/administrador/pol/pol+0x514a79)
    #6 0x7f9231ff9945 in Pol::Clib::ProgramMain::start(int, char**) (lib/libclib.so+0x4a945)
    #7 0x514b05 in main (/home/administrador/pol/pol+0x514b05)
    #8 0x7f922ffd6b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)

SUMMARY: AddressSanitizer: heap-use-after-free ??:0 Pol::Core::Party::on_mana_changed(Pol::Mobile::Character*) const
Shadow bytes around the buggy address:
  0x0c1a8014ddf0: fa fa fa fa fa fa fa fa fa fa fa fa 00 00 00 00
  0x0c1a8014de00: 00 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa
  0x0c1a8014de10: fa fa fa fa fa fa 00 00 00 00 00 00 00 00 00 00
  0x0c1a8014de20: 00 00 00 00 00 00 03 fa fa fa fa fa fa fa fa fa
  0x0c1a8014de30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c1a8014de40: fa fa fa fa fa fa fa fa fa fa fd[fd]fd fd fd fd
  0x0c1a8014de50: fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa
  0x0c1a8014de60: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c1a8014de70: 00 00 00 00 04 fa fa fa fa fa fa fa fa fa fa fa
  0x0c1a8014de80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c1a8014de90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Contiguous container OOB:fc
  ASan internal:           fe
==7774==ABORTING

consolepol.20170505_050440crash.txt
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug duplicate
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@frozenblit @nogu3ira