Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

heap-buffer-overflow handle_pointer_constraint_set_region #5383

Closed
KenMacD opened this issue May 25, 2020 · 5 comments · Fixed by #5384
Closed

heap-buffer-overflow handle_pointer_constraint_set_region #5383

KenMacD opened this issue May 25, 2020 · 5 comments · Fixed by #5384
Labels
bug Not working as intended input/pointer

Comments

@KenMacD
Copy link

KenMacD commented May 25, 2020

sway version 1.4-5d13f647 (May 25 2020, branch 'master')

03:17:34.785 [DEBUG] [xwayland/xwm.c:1304] unhandled X11 event: FocusOut (10)
03:17:34.786 [DEBUG] [types/wlr_pointer_constraints_v1.c:242] new locked_pointer 0x61200016bac0 (res 0x60c000359140)
=================================================================
==1569==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60600040ff28 at pc 0x562d6a30bfdb bp 0x7ffc3a0504c0 sp 0x7ffc3a0504b0
WRITE of size 1 at 0x60600040ff28 thread T0
    #0 0x562d6a30bfda in handle_pointer_constraint_set_region ../sway/sway/input/cursor.c:836
    #1 0x7fd104521a66 in wlr_signal_emit_safe ../util/signal.c:29
    #2 0x7fd10450c49d in pointer_constraint_commit ../types/wlr_pointer_constraints_v1.c:132
    #3 0x7fd10450c4b2 in handle_surface_commit ../types/wlr_pointer_constraints_v1.c:140
    #4 0x7fd104521a66 in wlr_signal_emit_safe ../util/signal.c:29
    #5 0x7fd1045167b0 in surface_commit_pending ../types/wlr_surface.c:379
    #6 0x7fd104516b72 in surface_commit ../types/wlr_surface.c:448
    #7 0x7fd103b47a8c  (/usr/lib/libffi.so.7+0x6a8c)
    #8 0x7fd103b4701a  (/usr/lib/libffi.so.7+0x601a)
    #9 0x7fd1045dbf61  (/usr/lib/libwayland-server.so.0+0xcf61)
    #10 0x7fd1045d82db  (/usr/lib/libwayland-server.so.0+0x92db)
    #11 0x7fd1045d9fa9 in wl_event_loop_dispatch (/usr/lib/libwayland-server.so.0+0xafa9)
    #12 0x7fd1045d84e6 in wl_display_run (/usr/lib/libwayland-server.so.0+0x94e6)
    #13 0x562d6a2ecc42 in server_run ../sway/sway/server.c:225
    #14 0x562d6a2eb646 in main ../sway/sway/main.c:409
    #15 0x7fd1041fb001 in __libc_start_main (/usr/lib/libc.so.6+0x27001)
    #16 0x562d6a2d204d in _start (/usr/bin/sway+0x3d04d)

Address 0x60600040ff28 is a wild pointer.
SUMMARY: AddressSanitizer: heap-buffer-overflow ../sway/sway/input/cursor.c:836 in handle_pointer_constraint_set_region
Shadow bytes around the buggy address:
  0x0c0c80079f90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0c80079fa0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0c80079fb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0c80079fc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0c80079fd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c0c80079fe0: fa fa fa fa fa[fa]fa fa fa fa fa fa fa fa fa fa
  0x0c0c80079ff0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0c8007a000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0c8007a010: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0c8007a020: fa fa fa fa 00 00 00 00 00 00 00 fa fa fa fa fa
  0x0c0c8007a030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==1569==ABORTING

#0  0x00007fd104210355 in raise () at /usr/lib/libc.so.6
#1  0x00007fd1041f9853 in abort () at /usr/lib/libc.so.6
#2  0x00007fd104c9ea34 in __sanitizer::Abort() () at /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_posix_libcdep.cpp:155
#3  0x00007fd104caa53d in __sanitizer::Die() () at /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_termination.cpp:58
#4  0x00007fd104c8999e in __asan::ScopedInErrorReport::~ScopedInErrorReport() (this=0x7ffc3a04f846, __in_chrg=<optimized out>) at /build/gcc/src/gcc/libsanitizer/asan/asan_report.cpp:186
        buffer_copy = {
          <__sanitizer::InternalMmapVectorNoCtor<char>> = {
            data_ = 0x7fd0eec72000 '=' <repeats 65 times>, "\n==1569==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60600040ff28 at pc 0x562d6a30bfdb bp 0x7ffc3a0504c0 sp 0x7ffc3a0504"...,
            capacity_bytes_ = 65536,
            size_ = <optimized out>
          }, <No data fields>}
#5  0x00007fd104c89222 in __asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool) (pc=94753055096795, bp=bp@entry=140721281893568, sp=sp@entry=140721281893552, addr=105965437386536, is_write=is_write@entry=true, access_size=access_size@entry=1, exp=0, fatal=true) at /build/gcc/src/gcc/libsanitizer/asan/asan_report.cpp:193
        in_report = {
          error_report_lock_ = {<No data fields>},
          static current_error_ = {
            kind = __asan::kErrorKindGeneric,
            {
              Base = {
                scariness = {
                  score = 41,
                  descr = "1-byte-write-heap-buffer-overflow-far-from-bounds\000\000\000\016\330\310\004\321\177\000\000\000 ^\005\321\177\000\000\062Y\277\004\321\177\000\000`\001\005:\374\177\000\000\036\000\000\000\000\000\000\000\340 ^\005\321\177\000\000 \371\004:\374\177\000\000\000@\205\071\374\177\000\000\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000\000\266Vb\034j?\367\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000`\001\005:\374\177\000\000\333R\310\004\321\177\000\000\000\v\005:\374\177\000\000\274", '\000' <repeats 15 times>, "\032\231\300\004"...
                },
                tid = 0
              },
              DeadlySignal = {
                <__asan::ErrorBase> = {
                  scariness = {
                    score = 41,
                    descr = "1-byte-write-heap-buffer-overflow-far-from-bounds\000\000\000\016\330\310\004\321\177\000\000\000 ^\005\321\177\000\000\062Y\277\004\321\177\000\000`\001\005:\374\177\000\000\036\000\000\000\000\000\000\000\340 ^\005\321\177\000\000 \371\004:\374\177\000\000\000@\205\071\374\177\000\000\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000\000\266Vb\034j?\367\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000`\001\005:\374\177\000\000\333R\310\004\321\177\000\000\000\v\005:\374\177\000\000\274", '\000' <repeats 15 times>, "\032\231\300\004"...
                  },
                  tid = 0
                }, 
                members of __asan::ErrorDeadlySignal:
                signal = {
                  siginfo = 0xffffffff00000000,
                  context = 0x60600040ff28,
                  addr = 0,
                  pc = 0,
                  sp = 0,
                  bp = 73014444144,
                  is_memory_access = 30,
                  write_flag = __sanitizer::SignalContext::UNKNOWN,
                  is_true_faulting_addr = false
                }
              },
              DoubleFree = {
                <__asan::ErrorBase> = {
                  scariness = {
                    score = 41,
                    descr = "1-byte-write-heap-buffer-overflow-far-from-bounds\000\000\000\016\330\310\004\321\177\000\000\000 ^\005\321\177\000\000\062Y\277\004\321\177\000\000`\001\005:\374\177\000\000\036\000\000\000\000\000\000\000\340 ^\005\321\177\000\000 \371\004:\374\177\000\000\000@\205\071\374\177\000\000\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000\000\266Vb\034j?\367\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000`\001\005:\374\177\000\000\333R\310\004\321\177\000\000\000\v\005:\374\177\000\000\274", '\000' <repeats 15 times>, "\032\231\300\004"...
                  },
                  tid = 0
                }, 
                members of __asan::ErrorDoubleFree:
                second_free_stack = 0xffffffff00000000,
                addr_description = {
                  addr = 105965437386536,
                  alloc_tid = 0,
                  free_tid = 0,
                  alloc_stack_id = 0,
                  free_stack_id = 0,
                  chunk_access = {
                    bad_addr = 73014444144,
                    offset = 30,
                    chunk_begin = 140721281893632,
                    chunk_size = 0,
                    user_requested_alignment = 2519,
                    access_type = 2,
                    alloc_type = 0
                  }
                }
              },
              NewDeleteTypeMismatch = {
                <__asan::ErrorBase> = {
                  scariness = {
                    score = 41,
                    descr = "1-byte-write-heap-buffer-overflow-far-from-bounds\000\000\000\016\330\310\004\321\177\000\000\000 ^\005\321\177\000\000\062Y\277\004\321\177\000\000`\001\005:\374\177\000\000\036\000\000\000\000\000\000\000\340 ^\005\321\177\000\000 \371\004:\374\177\000\000\000@\205\071\374\177\000\000\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000\000\266Vb\034j?\367\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000`\001\005:\374\177\000\000\333R\310\004\321\177\000\000\000\v\005:\374\177\000\000\274", '\000' <repeats 15 times>, "\032\231\300\004"...
                  },
                  tid = 0
                }, 
                members of __asan::ErrorNewDeleteTypeMismatch:
                free_stack = 0xffffffff00000000,
                addr_description = {
                  addr = 105965437386536,
                  alloc_tid = 0,
                  free_tid = 0,
                  alloc_stack_id = 0,
                  free_stack_id = 0,
                  chunk_access = {
                    bad_addr = 73014444144,
                    offset = 30,
                    chunk_begin = 140721281893632,
                    chunk_size = 0,
                    user_requested_alignment = 2519,
                    access_type = 2,
                    alloc_type = 0
                  }
                },
                delete_size = 140721281893776,
                delete_alignment = 140721282099671
              },
              FreeNotMalloced = {
                <__asan::ErrorBase> = {
                  scariness = {
                    score = 41,
                    descr = "1-byte-write-heap-buffer-overflow-far-from-bounds\000\000\000\016\330\310\004\321\177\000\000\000 ^\005\321\177\000\000\062Y\277\004\321\177\000\000`\001\005:\374\177\000\000\036\000\000\000\000\000\000\000\340 ^\005\321\177\000\000 \371\004:\374\177\000\000\000@\205\071\374\177\000\000\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000\000\266Vb\034j?\367\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000`\001\005:\374\177\000\000\333R\310\004\321\177\000\000\000\v\005:\374\177\000\000\274", '\000' <repeats 15 times>, "\032\231\300\004"...
                  },
                  tid = 0
                }, 
                members of __asan::ErrorFreeNotMalloced:
                free_stack = 0xffffffff00000000,
                addr_description = {
                  data = {
                    kind = 4259624,
                    {
                      shadow = {
                        addr = 0,
                        kind = __asan::kShadowKindLow,
                        shadow_byte = 0 '\000'
                      },
                      heap = {
                        addr = 0,
                        alloc_tid = 0,
                        free_tid = 0,
                        alloc_stack_id = 112,
                        free_stack_id = 17,
                        chunk_access = {
                          bad_addr = 30,
                          offset = 140721281893632,
                          chunk_begin = 0,
                          chunk_size = 140721282099671,
                          user_requested_alignment = 1424,
                          access_type = 0,
                          alloc_type = 0
                        }
                      },
                      stack = {
                        addr = 0,
                        tid = 0,
                        offset = 0,
                        frame_pc = 73014444144,
                        access_size = 30,
                        frame_descr = 0x7ffc3a050500 "p\005\005:\374\177"
                      },
                      global = {
                        addr = 0,
                        static kMaxGlobals = 4,
                        globals = {{
                            beg = 0,
                            size = 0,
                            size_with_redzone = 73014444144,
                            name = 0x1e <error: Cannot access memory at address 0x1e>,
                            module_name = 0x7ffc3a050500 "p\005\005:\374\177",
                            has_dynamic_init = 0,
                            location = 0x7ffc3a0829d7 <clock_gettime+87>,
                            odr_indicator = 140721281893776
                          }, {
                            beg = 140721282099671,
                            size = 140721281893792,
                            size_with_redzone = 140721281893824,
                            name = 0xf73f6a1c6256b600 <error: Cannot access memory at address 0xf73f6a1c6256b600>,
                            module_name = 0xfbad2887 <error: Cannot access memory at address 0xfbad2887>,
                            has_dynamic_init = 17816075321042449920,
                            location = 0xfbad2887,
                            odr_indicator = 140721281892960
                          }, {
                            beg = 140535695758368,
                            size = 94753055836352,
                            size_with_redzone = 140721281893088,
                            name = 0x7fd10423ee24 <__vfprintf_internal+1140> "A\211\301\351\202\376\377\377\017\037@",
                            module_name = 0x7fd1055e2000 "",
                            has_dynamic_init = 140535705247028,
                            location = 0x6120001822b0,
                            odr_indicator = 140722015238468
                          }, {
                            beg = 719172,
                            size = 16,
                            size_with_redzone = 106790068429488,
                            name = 0x6 <error: Cannot access memory at address 0x6>,
                            module_name = 0x0,
                            has_dynamic_init = 140535705247324,
                            location = 0x7ffc3a0829d7 <clock_gettime+87>,
                            odr_indicator = 0
                          }},
                        reg_sites = {491334, 0, 1, 0},
                        access_size = 0,
                        size = 219 '\333'
                      },
                      addr = 0
                    }
                  }
                }
              },
              AllocTypeMismatch = {
                <__asan::ErrorBase> = {
                  scariness = {
                    score = 41,
                    descr = "1-byte-write-heap-buffer-overflow-far-from-bounds\000\000\000\016\330\310\004\321\177\000\000\000 ^\005\321\177\000\000\062Y\277\004\321\177\000\000`\001\005:\374\177\000\000\036\000\000\000\000\000\000\000\340 ^\005\321\177\000\000 \371\004:\374\177\000\000\000@\205\071\374\177\000\000\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000\000\266Vb\034j?\367\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000`\001\005:\374\177\000\000\333R\310\004\321\177\000\000\000\v\005:\374\177\000\000\274", '\000' <repeats 15 times>, "\032\231\300\004"...
                  },
                  tid = 0
                }, 
                members of __asan::ErrorAllocTypeMismatch:
                dealloc_stack = 0xffffffff00000000,
                alloc_type = 4259624,
                dealloc_type = 24672,
                addr_description = {
                  data = {
                    kind = __asan::kAddressKindWild,
                    {
                      shadow = {
                        addr = 0,
                        kind = __asan::kShadowKindLow,
                        shadow_byte = 0 '\000'
                      },
                      heap = {
                        addr = 0,
                        alloc_tid = 0,
                        free_tid = 73014444144,
                        alloc_stack_id = 30,
                        free_stack_id = 0,
                        chunk_access = {
                          bad_addr = 140721281893632,
                          offset = 0,
                          chunk_begin = 140721282099671,
                          chunk_size = 140721281893776,
                          user_requested_alignment = 2519,
                          access_type = 2,
                          alloc_type = 0
                        }
                      },
                      stack = {
                        addr = 0,
                        tid = 0,
                        offset = 73014444144,
                        frame_pc = 30,
                        access_size = 140721281893632,
                        frame_descr = 0x0
                      },
                      global = {
                        addr = 0,
                        static kMaxGlobals = 4,
                        globals = {{
                            beg = 0,
                            size = 73014444144,
                            size_with_redzone = 30,
                            name = 0x7ffc3a050500 "p\005\005:\374\177",
                            module_name = 0x0,
                            has_dynamic_init = 140721282099671,
                            location = 0x7ffc3a050590,
                            odr_indicator = 140721282099671
                          }, {
                            beg = 140721281893792,
                            size = 140721281893824,
                            size_with_redzone = 17816075321042449920,
                            name = 0xfbad2887 <error: Cannot access memory at address 0xfbad2887>,
                            module_name = 0xf73f6a1c6256b600 <error: Cannot access memory at address 0xf73f6a1c6256b600>,
                            has_dynamic_init = 4222429319,
                            location = 0x7ffc3a050260,
                            odr_indicator = 140535695758368
                          }, {
                            beg = 94753055836352,
                            size = 140721281893088,
                            size_with_redzone = 140535694356004,
                            name = 0x7fd1055e2000 "",
                            module_name = 0x7fd104ca1d34 <__sanitizer::StackDepotBase<__sanitizer::StackDepotNode, 1, 20>::Put(__sanitizer::StackTrace, bool*)+212> "\213L$\bH\205\300uUH\213D$\020\211L$\bI\215<\307\350\241\376\377\377\213L$\bH9\305I\211\300tML\211\356H\211\332H\211ljL$ H\211D$\b\350\016\376\377\377L\213D$\b\213L$ H\205\300t(H\213\\$\020M\211\004\337\353\a\017\037D",
                            has_dynamic_init = 106790068429488,
                            location = 0x7ffc65baf944,
                            odr_indicator = 719172
                          }, {
                            beg = 16,
                            size = 106790068429488,
                            size_with_redzone = 6,
                            name = 0x0,
                            module_name = 0x7fd104ca1e5c <__sanitizer::StackDepotBase<__sanitizer::StackDepotNode, 1, 20>::Put(__sanitizer::StackTrace, bool*)+508> "L\213D$\bL\211E",
                            has_dynamic_init = 140721282099671,
                            location = 0x0,
                            odr_indicator = 491334
                          }},
                        reg_sites = {1, 0, 0, 0},
                        access_size = 94753055096795,
                        size = 192 '\300'
                      },
                      addr = 0
                    }
                  }
                }
              },
              MallocUsableSizeNotOwned = {
                <__asan::ErrorBase> = {
                  scariness = {
                    score = 41,
                    descr = "1-byte-write-heap-buffer-overflow-far-from-bounds\000\000\000\016\330\310\004\321\177\000\000\000 ^\005\321\177\000\000\062Y\277\004\321\177\000\000`\001\005:\374\177\000\000\036\000\000\000\000\000\000\000\340 ^\005\321\177\000\000 \371\004:\374\177\000\000\000@\205\071\374\177\000\000\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000\000\266Vb\034j?\367\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000`\001\005:\374\177\000\000\333R\310\004\321\177\000\000\000\v\005:\374\177\000\000\274", '\000' <repeats 15 times>, "\032\231\300\004"...
                  },
                  tid = 0
                }, 
                members of __asan::ErrorMallocUsableSizeNotOwned:
                stack = 0xffffffff00000000,
                addr_description = {
                  data = {
                    kind = 4259624,
                    {
                      shadow = {
                        addr = 0,
                        kind = __asan::kShadowKindLow,
                        shadow_byte = 0 '\000'
                      },
                      heap = {
                        addr = 0,
                        alloc_tid = 0,
                        free_tid = 0,
                        alloc_stack_id = 112,
                        free_stack_id = 17,
                        chunk_access = {
                          bad_addr = 30,
                          offset = 140721281893632,
                          chunk_begin = 0,
                          chunk_size = 140721282099671,
                          user_requested_alignment = 1424,
                          access_type = 0,
                          alloc_type = 0
                        }
                      },
                      stack = {
                        addr = 0,
                        tid = 0,
                        offset = 0,
                        frame_pc = 73014444144,
                        access_size = 30,
                        frame_descr = 0x7ffc3a050500 "p\005\005:\374\177"
                      },
                      global = {
                        addr = 0,
                        static kMaxGlobals = 4,
                        globals = {{
                            beg = 0,
                            size = 0,
                            size_with_redzone = 73014444144,
                            name = 0x1e <error: Cannot access memory at address 0x1e>,
                            module_name = 0x7ffc3a050500 "p\005\005:\374\177",
                            has_dynamic_init = 0,
                            location = 0x7ffc3a0829d7 <clock_gettime+87>,
                            odr_indicator = 140721281893776
                          }, {
                            beg = 140721282099671,
                            size = 140721281893792,
                            size_with_redzone = 140721281893824,
                            name = 0xf73f6a1c6256b600 <error: Cannot access memory at address 0xf73f6a1c6256b600>,
                            module_name = 0xfbad2887 <error: Cannot access memory at address 0xfbad2887>,
                            has_dynamic_init = 17816075321042449920,
                            location = 0xfbad2887,
                            odr_indicator = 140721281892960
                          }, {
                            beg = 140535695758368,
                            size = 94753055836352,
                            size_with_redzone = 140721281893088,
                            name = 0x7fd10423ee24 <__vfprintf_internal+1140> "A\211\301\351\202\376\377\377\017\037@",
                            module_name = 0x7fd1055e2000 "",
                            has_dynamic_init = 140535705247028,
                            location = 0x6120001822b0,
                            odr_indicator = 140722015238468
                          }, {
                            beg = 719172,
                            size = 16,
                            size_with_redzone = 106790068429488,
                            name = 0x6 <error: Cannot access memory at address 0x6>,
                            module_name = 0x0,
                            has_dynamic_init = 140535705247324,
                            location = 0x7ffc3a0829d7 <clock_gettime+87>,
                            odr_indicator = 0
                          }},
                        reg_sites = {491334, 0, 1, 0},
                        access_size = 0,
                        size = 219 '\333'
                      },
                      addr = 0
                    }
                  }
                }
              },
              SanitizerGetAllocatedSizeNotOwned = {
                <__asan::ErrorBase> = {
                  scariness = {
                    score = 41,
                    descr = "1-byte-write-heap-buffer-overflow-far-from-bounds\000\000\000\016\330\310\004\321\177\000\000\000 ^\005\321\177\000\000\062Y\277\004\321\177\000\000`\001\005:\374\177\000\000\036\000\000\000\000\000\000\000\340 ^\005\321\177\000\000 \371\004:\374\177\000\000\000@\205\071\374\177\000\000\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000\000\266Vb\034j?\367\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000`\001\005:\374\177\000\000\333R\310\004\321\177\000\000\000\v\005:\374\177\000\000\274", '\000' <repeats 15 times>, "\032\231\300\004"...
                  },
                  tid = 0
                }, 
                members of __asan::ErrorSanitizerGetAllocatedSizeNotOwned:
                stack = 0xffffffff00000000,
                addr_description = {
                  data = {
                    kind = 4259624,
                    {
                      shadow = {
                        addr = 0,
                        kind = __asan::kShadowKindLow,
                        shadow_byte = 0 '\000'
                      },
                      heap = {
                        addr = 0,
                        alloc_tid = 0,
                        free_tid = 0,
                        alloc_stack_id = 112,
                        free_stack_id = 17,
                        chunk_access = {
                          bad_addr = 30,
                          offset = 140721281893632,
                          chunk_begin = 0,
                          chunk_size = 140721282099671,
                          user_requested_alignment = 1424,
                          access_type = 0,
                          alloc_type = 0
                        }
                      },
                      stack = {
                        addr = 0,
                        tid = 0,
                        offset = 0,
                        frame_pc = 73014444144,
                        access_size = 30,
                        frame_descr = 0x7ffc3a050500 "p\005\005:\374\177"
                      },
                      global = {
                        addr = 0,
                        static kMaxGlobals = 4,
                        globals = {{
                            beg = 0,
                            size = 0,
                            size_with_redzone = 73014444144,
                            name = 0x1e <error: Cannot access memory at address 0x1e>,
                            module_name = 0x7ffc3a050500 "p\005\005:\374\177",
                            has_dynamic_init = 0,
                            location = 0x7ffc3a0829d7 <clock_gettime+87>,
                            odr_indicator = 140721281893776
                          }, {
                            beg = 140721282099671,
                            size = 140721281893792,
                            size_with_redzone = 140721281893824,
                            name = 0xf73f6a1c6256b600 <error: Cannot access memory at address 0xf73f6a1c6256b600>,
                            module_name = 0xfbad2887 <error: Cannot access memory at address 0xfbad2887>,
                            has_dynamic_init = 17816075321042449920,
                            location = 0xfbad2887,
                            odr_indicator = 140721281892960
                          }, {
                            beg = 140535695758368,
                            size = 94753055836352,
                            size_with_redzone = 140721281893088,
                            name = 0x7fd10423ee24 <__vfprintf_internal+1140> "A\211\301\351\202\376\377\377\017\037@",
                            module_name = 0x7fd1055e2000 "",
                            has_dynamic_init = 140535705247028,
                            location = 0x6120001822b0,
                            odr_indicator = 140722015238468
                          }, {
                            beg = 719172,
                            size = 16,
                            size_with_redzone = 106790068429488,
                            name = 0x6 <error: Cannot access memory at address 0x6>,
                            module_name = 0x0,
                            has_dynamic_init = 140535705247324,
                            location = 0x7ffc3a0829d7 <clock_gettime+87>,
                            odr_indicator = 0
                          }},
                        reg_sites = {491334, 0, 1, 0},
                        access_size = 0,
                        size = 219 '\333'
                      },
                      addr = 0
                    }
                  }
                }
              },
              CallocOverflow = {
                <__asan::ErrorBase> = {
                  scariness = {
                    score = 41,
                    descr = "1-byte-write-heap-buffer-overflow-far-from-bounds\000\000\000\016\330\310\004\321\177\000\000\000 ^\005\321\177\000\000\062Y\277\004\321\177\000\000`\001\005:\374\177\000\000\036\000\000\000\000\000\000\000\340 ^\005\321\177\000\000 \371\004:\374\177\000\000\000@\205\071\374\177\000\000\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000\000\266Vb\034j?\367\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000`\001\005:\374\177\000\000\333R\310\004\321\177\000\000\000\v\005:\374\177\000\000\274", '\000' <repeats 15 times>, "\032\231\300\004"...
                  },
                  tid = 0
                }, 
                members of __asan::ErrorCallocOverflow:
                stack = 0xffffffff00000000,
                count = 105965437386536,
                size = 0
              },
              ReallocArrayOverflow = {
                <__asan::ErrorBase> = {
                  scariness = {
                    score = 41,
                    descr = "1-byte-write-heap-buffer-overflow-far-from-bounds\000\000\000\016\330\310\004\321\177\000\000\000 ^\005\321\177\000\000\062Y\277\004\321\177\000\000`\001\005:\374\177\000\000\036\000\000\000\000\000\000\000\340 ^\005\321\177\000\000 \371\004:\374\177\000\000\000@\205\071\374\177\000\000\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000\000\266Vb\034j?\367\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000`\001\005:\374\177\000\000\333R\310\004\321\177\000\000\000\v\005:\374\177\000\000\274", '\000' <repeats 15 times>, "\032\231\300\004"...
                  },
                  tid = 0
                }, 
                members of __asan::ErrorReallocArrayOverflow:
                stack = 0xffffffff00000000,
                count = 105965437386536,
                size = 0
              },
              PvallocOverflow = {
                <__asan::ErrorBase> = {
                  scariness = {
                    score = 41,
                    descr = "1-byte-write-heap-buffer-overflow-far-from-bounds\000\000\000\016\330\310\004\321\177\000\000\000 ^\005\321\177\000\000\062Y\277\004\321\177\000\000`\001\005:\374\177\000\000\036\000\000\000\000\000\000\000\340 ^\005\321\177\000\000 \371\004:\374\177\000\000\000@\205\071\374\177\000\000\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000\000\266Vb\034j?\367\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000`\001\005:\374\177\000\000\333R\310\004\321\177\000\000\000\v\005:\374\177\000\000\274", '\000' <repeats 15 times>, "\032\231\300\004"...
                  },
                  tid = 0
                }, 
                members of __asan::ErrorPvallocOverflow:
                stack = 0xffffffff00000000,
                size = 105965437386536
              },
              InvalidAllocationAlignment = {
                <__asan::ErrorBase> = {
                  scariness = {
                    score = 41,
                    descr = "1-byte-write-heap-buffer-overflow-far-from-bounds\000\000\000\016\330\310\004\321\177\000\000\000 ^\005\321\177\000\000\062Y\277\004\321\177\000\000`\001\005:\374\177\000\000\036\000\000\000\000\000\000\000\340 ^\005\321\177\000\000 \371\004:\374\177\000\000\000@\205\071\374\177\000\000\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000\000\266Vb\034j?\367\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000`\001\005:\374\177\000\000\333R\310\004\321\177\000\000\000\v\005:\374\177\000\000\274", '\000' <repeats 15 times>, "\032\231\300\004"...
                  },
                  tid = 0
                }, 
                members of __asan::ErrorInvalidAllocationAlignment:
                stack = 0xffffffff00000000,
                alignment = 105965437386536
              },
              InvalidAlignedAllocAlignment = {
                <__asan::ErrorBase> = {
                  scariness = {
                    score = 41,
                    descr = "1-byte-write-heap-buffer-overflow-far-from-bounds\000\000\000\016\330\310\004\321\177\000\000\000 ^\005\321\177\000\000\062Y\277\004\321\177\000\000`\001\005:\374\177\000\000\036\000\000\000\000\000\000\000\340 ^\005\321\177\000\000 \371\004:\374\177\000\000\000@\205\071\374\177\000\000\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000\000\266Vb\034j?\367\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000`\001\005:\374\177\000\000\333R\310\004\321\177\000\000\000\v\005:\374\177\000\000\274", '\000' <repeats 15 times>, "\032\231\300\004"...
                  },
                  tid = 0
                }, 
                members of __asan::ErrorInvalidAlignedAllocAlignment:
                stack = 0xffffffff00000000,
                size = 105965437386536,
                alignment = 0
              },
              InvalidPosixMemalignAlignment = {
                <__asan::ErrorBase> = {
                  scariness = {
                    score = 41,
                    descr = "1-byte-write-heap-buffer-overflow-far-from-bounds\000\000\000\016\330\310\004\321\177\000\000\000 ^\005\321\177\000\000\062Y\277\004\321\177\000\000`\001\005:\374\177\000\000\036\000\000\000\000\000\000\000\340 ^\005\321\177\000\000 \371\004:\374\177\000\000\000@\205\071\374\177\000\000\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000\000\266Vb\034j?\367\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000`\001\005:\374\177\000\000\333R\310\004\321\177\000\000\000\v\005:\374\177\000\000\274", '\000' <repeats 15 times>, "\032\231\300\004"...
                  },
                  tid = 0
                }, 
                members of __asan::ErrorInvalidPosixMemalignAlignment:
                stack = 0xffffffff00000000,
                alignment = 105965437386536
              },
              AllocationSizeTooBig = {
                <__asan::ErrorBase> = {
                  scariness = {
                    score = 41,
                    descr = "1-byte-write-heap-buffer-overflow-far-from-bounds\000\000\000\016\330\310\004\321\177\000\000\000 ^\005\321\177\000\000\062Y\277\004\321\177\000\000`\001\005:\374\177\000\000\036\000\000\000\000\000\000\000\340 ^\005\321\177\000\000 \371\004:\374\177\000\000\000@\205\071\374\177\000\000\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000\000\266Vb\034j?\367\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000`\001\005:\374\177\000\000\333R\310\004\321\177\000\000\000\v\005:\374\177\000\000\274", '\000' <repeats 15 times>, "\032\231\300\004"...
                  },
                  tid = 0
                }, 
                members of __asan::ErrorAllocationSizeTooBig:
                stack = 0xffffffff00000000,
                user_size = 105965437386536,
                total_size = 0,
                max_size = 0
              },
              RssLimitExceeded = {
                <__asan::ErrorBase> = {
                  scariness = {
                    score = 41,
                    descr = "1-byte-write-heap-buffer-overflow-far-from-bounds\000\000\000\016\330\310\004\321\177\000\000\000 ^\005\321\177\000\000\062Y\277\004\321\177\000\000`\001\005:\374\177\000\000\036\000\000\000\000\000\000\000\340 ^\005\321\177\000\000 \371\004:\374\177\000\000\000@\205\071\374\177\000\000\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000\000\266Vb\034j?\367\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000`\001\005:\374\177\000\000\333R\310\004\321\177\000\000\000\v\005:\374\177\000\000\274", '\000' <repeats 15 times>, "\032\231\300\004"...
                  },
                  tid = 0
                }, 
                members of __asan::ErrorRssLimitExceeded:
                stack = 0xffffffff00000000
              },
              OutOfMemory = {
                <__asan::ErrorBase> = {
                  scariness = {
                    score = 41,
                    descr = "1-byte-write-heap-buffer-overflow-far-from-bounds\000\000\000\016\330\310\004\321\177\000\000\000 ^\005\321\177\000\000\062Y\277\004\321\177\000\000`\001\005:\374\177\000\000\036\000\000\000\000\000\000\000\340 ^\005\321\177\000\000 \371\004:\374\177\000\000\000@\205\071\374\177\000\000\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000\000\266Vb\034j?\367\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000`\001\005:\374\177\000\000\333R\310\004\321\177\000\000\000\v\005:\374\177\000\000\274", '\000' <repeats 15 times>, "\032\231\300\004"...
                  },
                  tid = 0
                }, 
                members of __asan::ErrorOutOfMemory:
                stack = 0xffffffff00000000,
                requested_size = 105965437386536
              },
              StringFunctionMemoryRangesOverlap = {
                <__asan::ErrorBase> = {
                  scariness = {
                    score = 41,
                    descr = "1-byte-write-heap-buffer-overflow-far-from-bounds\000\000\000\016\330\310\004\321\177\000\000\000 ^\005\321\177\000\000\062Y\277\004\321\177\000\000`\001\005:\374\177\000\000\036\000\000\000\000\000\000\000\340 ^\005\321\177\000\000 \371\004:\374\177\000\000\000@\205\071\374\177\000\000\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000\000\266Vb\034j?\367\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000`\001\005:\374\177\000\000\333R\310\004\321\177\000\000\000\v\005:\374\177\000\000\274", '\000' <repeats 15 times>, "\032\231\300\004"...
                  },
                  tid = 0
                }, 
                members of __asan::ErrorStringFunctionMemoryRangesOverlap:
                stack = 0xffffffff00000000,
                length1 = 105965437386536,
                length2 = 0,
                addr1_description = {
                  data = {
                    kind = __asan::kAddressKindWild,
                    {
                      shadow = {
                        addr = 0,
                        kind = (unknown: 112),
                        shadow_byte = 0 '\000'
                      },
                      heap = {
                        addr = 0,
                        alloc_tid = 73014444144,
                        free_tid = 30,
                        alloc_stack_id = 973407488,
                        free_stack_id = 32764,
                        chunk_access = {
                          bad_addr = 0,
                          offset = 140721282099671,
                          chunk_begin = 140721281893776,
                          chunk_size = 140721282099671,
                          user_requested_alignment = 1440,
                          access_type = 0,
                          alloc_type = 0
                        }
                      },
                      stack = {
                        addr = 0,
                        tid = 73014444144,
                        offset = 30,
                        frame_pc = 140721281893632,
                        access_size = 0,
                        frame_descr = 0x7ffc3a0829d7 <clock_gettime+87> "I\213J\bH\211\302I\213C(H\205\322xfA\213r\030H9\312v\nH)\312H\017\257\326H\001\320A\213J\034I\213s A\213\022\071\323u\271H\323\350H=\377ɚ;v\026\061\322H-"
                      },
                      global = {
                        addr = 0,
                        static kMaxGlobals = 4,
                        globals = {{
                            beg = 73014444144,
                            size = 30,
                            size_with_redzone = 140721281893632,
                            name = 0x0,
                            module_name = 0x7ffc3a0829d7 <clock_gettime+87> "I\213J\bH\211\302I\213C(H\205\322xfA\213r\030H9\312v\nH)\312H\017\257\326H\001\320A\213J\034I\213s A\213\022\071\323u\271H\323\350H=\377ɚ;v\026\061\322H-",
                            has_dynamic_init = 140721281893776,
                            location = 0x7ffc3a0829d7 <clock_gettime+87>,
                            odr_indicator = 140721281893792
                          }, {
                            beg = 140721281893824,
                            size = 17816075321042449920,
                            size_with_redzone = 4222429319,
                            name = 0xf73f6a1c6256b600 <error: Cannot access memory at address 0xf73f6a1c6256b600>,
                            module_name = 0xfbad2887 <error: Cannot access memory at address 0xfbad2887>,
                            has_dynamic_init = 140721281892960,
                            location = 0x7fd104395420 <_IO_2_1_stderr_>,
                            odr_indicator = 94753055836352
                          }, {
                            beg = 140721281893088,
                            size = 140535694356004,
                            size_with_redzone = 140535714947072,
                            name = 0x7fd104ca1d34 <__sanitizer::StackDepotBase<__sanitizer::StackDepotNode, 1, 20>::Put(__sanitizer::StackTrace, bool*)+212> "\213L$\bH\205\300uUH\213D$\020\211L$\bI\215<\307\350\241\376\377\377\213L$\bH9\305I\211\300tML\211\356H\211\332H\211ljL$ H\211D$\b\350\016\376\377\377L\213D$\b\213L$ H\205\300t(H\213\\$\020M\211\004\337\353\a\017\037D",
                            module_name = 0x6120001822b0 "\003",
                            has_dynamic_init = 140722015238468,
                            location = 0xaf944,
                            odr_indicator = 16
                          }, {
                            beg = 106790068429488,
                            size = 6,
                            size_with_redzone = 0,
                            name = 0x7fd104ca1e5c <__sanitizer::StackDepotBase<__sanitizer::StackDepotNode, 1, 20>::Put(__sanitizer::StackTrace, bool*)+508> "L\213D$\bL\211E",
                            module_name = 0x7ffc3a0829d7 <clock_gettime+87> "I\213J\bH\211\302I\213C(H\205\322xfA\213r\030H9\312v\nH)\312H\017\257\326H\001\320A\213J\034I\213s A\213\022\071\323u\271H\323\350H=\377ɚ;v\026\061\322H-",
                            has_dynamic_init = 0,
                            location = 0x77f46,
                            odr_indicator = 1
                          }},
                        reg_sites = {0, 0, 1781579739, 22061},
                        access_size = 140721281893568,
                        size = 176 '\260'
                      },
                      addr = 0
                    }
                  }
                },
                addr2_description = {
                  data = {
                    kind = __asan::kAddressKindShadow,
                    {
                      shadow = {
                        addr = 140535705406160,
                        kind = __asan::kShadowKindGap,
                        shadow_byte = 250 '\372'
                      },
                      heap = {
                        addr = 140535705406160,
                        alloc_tid = 64001,
                        free_tid = 140535714947296,
                        alloc_stack_id = 973407136,
                        free_stack_id = 32764,
                        chunk_access = {
                          bad_addr = 140721273520128,
                          offset = 1,
                          chunk_begin = 30,
                          chunk_size = 17816075321042449920,
                          user_requested_alignment = 1,
                          access_type = 0,
                          alloc_type = 0
                        }
                      },
                      stack = {
                        addr = 140535705406160,
                        tid = 64001,
                        offset = 140535714947296,
                        frame_pc = 140721281893280,
                        access_size = 140721273520128,
                        frame_descr = 0x1 <error: Cannot access memory at address 0x1>
                      },
                      global = {
                        addr = 140535705406160,
                        static kMaxGlobals = 4,
                        globals = {{
                            beg = 64001,
                            size = 140535714947296,
                            size_with_redzone = 140721281893280,
                            name = 0x7ffc39854000 <error: Cannot access memory at address 0x7ffc39854000>,
                            module_name = 0x1 <error: Cannot access memory at address 0x1>,
                            has_dynamic_init = 30,
                            location = 0xf73f6a1c6256b600,
                            odr_indicator = 1
                          }, {
                            beg = 140535704617348,
                            size = 140721281895392,
                            size_with_redzone = 106721350680512,
                            name = 0x7ffc3a0503a0 "\260\003\005:\374\177",
                            module_name = 0x1 <error: Cannot access memory at address 0x1>,
                            has_dynamic_init = 106721350680512,
                            location = 0x7fd104c800ab <__interceptor_free(void*)+171>,
                            odr_indicator = 140721281893296
                          }, {
                            beg = 2,
                            size = 140535705108714,
                            size_with_redzone = 140535698129342,
                            name = 0x7fd104c8063a <__interceptor_calloc(__sanitizer::uptr, __sanitizer::uptr)+298> "H\211ƅ\333u\027H\307E\300",
                            module_name = 0x7fd1044deef3 <surface_send_configure+64> "I\211\304H\205\300\017\204*\001",
                            has_dynamic_init = 140535698136763,
                            location = 0x1,
                            odr_indicator = 140535698153088
                          }, {
                            beg = 140535705108651,
                            size = 140721281893376,
                            size_with_redzone = 2,
                            name = 0x7fd104c800ea <__interceptor_free(void*)+234> "H\211ƅ\333t/H\211mЃ\373\001\017\204\271",
                            module_name = 0xf73f6a1c6256b600 <error: Cannot access memory at address 0xf73f6a1c6256b600>,
                            has_dynamic_init = 17590160236724,
                            location = 0x10,
                            odr_indicator = 140721281895712
                          }},
                        reg_sites = {973409632, 32764, 973409504, 32764},
                        access_size = 624,
                        size = 192 '\300'
                      },
                      addr = 140535705406160
                    }
                  }
                },
                function = 0x7fd104c4a0fd <read_msghdr(void*, __sanitizer::__sanitizer_msghdr*, SSIZE_T)+797> "I\213\\$ H\205\333t\016M\213l$(M\205\355\017\205\253\006"
              },
              StringFunctionSizeOverflow = {
                <__asan::ErrorBase> = {
                  scariness = {
                    score = 41,
                    descr = "1-byte-write-heap-buffer-overflow-far-from-bounds\000\000\000\016\330\310\004\321\177\000\000\000 ^\005\321\177\000\000\062Y\277\004\321\177\000\000`\001\005:\374\177\000\000\036\000\000\000\000\000\000\000\340 ^\005\321\177\000\000 \371\004:\374\177\000\000\000@\205\071\374\177\000\000\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000\000\266Vb\034j?\367\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000`\001\005:\374\177\000\000\333R\310\004\321\177\000\000\000\v\005:\374\177\000\000\274", '\000' <repeats 15 times>, "\032\231\300\004"...
                  },
                  tid = 0
                }, 
                members of __asan::ErrorStringFunctionSizeOverflow:
                stack = 0xffffffff00000000,
                addr_description = {
                  data = {
                    kind = 4259624,
                    {
                      shadow = {
                        addr = 0,
                        kind = __asan::kShadowKindLow,
                        shadow_byte = 0 '\000'
                      },
                      heap = {
                        addr = 0,
                        alloc_tid = 0,
                        free_tid = 0,
                        alloc_stack_id = 112,
                        free_stack_id = 17,
                        chunk_access = {
                          bad_addr = 30,
                          offset = 140721281893632,
                          chunk_begin = 0,
                          chunk_size = 140721282099671,
                          user_requested_alignment = 1424,
                          access_type = 0,
                          alloc_type = 0
                        }
                      },
                      stack = {
                        addr = 0,
                        tid = 0,
                        offset = 0,
                        frame_pc = 73014444144,
                        access_size = 30,
                        frame_descr = 0x7ffc3a050500 "p\005\005:\374\177"
                      },
                      global = {
                        addr = 0,
                        static kMaxGlobals = 4,
                        globals = {{
                            beg = 0,
                            size = 0,
                            size_with_redzone = 73014444144,
                            name = 0x1e <error: Cannot access memory at address 0x1e>,
                            module_name = 0x7ffc3a050500 "p\005\005:\374\177",
                            has_dynamic_init = 0,
                            location = 0x7ffc3a0829d7 <clock_gettime+87>,
                            odr_indicator = 140721281893776
                          }, {
                            beg = 140721282099671,
                            size = 140721281893792,
                            size_with_redzone = 140721281893824,
                            name = 0xf73f6a1c6256b600 <error: Cannot access memory at address 0xf73f6a1c6256b600>,
                            module_name = 0xfbad2887 <error: Cannot access memory at address 0xfbad2887>,
                            has_dynamic_init = 17816075321042449920,
                            location = 0xfbad2887,
                            odr_indicator = 140721281892960
                          }, {
                            beg = 140535695758368,
                            size = 94753055836352,
                            size_with_redzone = 140721281893088,
                            name = 0x7fd10423ee24 <__vfprintf_internal+1140> "A\211\301\351\202\376\377\377\017\037@",
                            module_name = 0x7fd1055e2000 "",
                            has_dynamic_init = 140535705247028,
                            location = 0x6120001822b0,
                            odr_indicator = 140722015238468
                          }, {
                            beg = 719172,
                            size = 16,
                            size_with_redzone = 106790068429488,
                            name = 0x6 <error: Cannot access memory at address 0x6>,
                            module_name = 0x0,
                            has_dynamic_init = 140535705247324,
                            location = 0x7ffc3a0829d7 <clock_gettime+87>,
                            odr_indicator = 0
                          }},
                        reg_sites = {491334, 0, 1, 0},
                        access_size = 0,
                        size = 219 '\333'
                      },
                      addr = 0
                    }
                  }
                },
                size = 140721281893568
              },
              BadParamsToAnnotateContiguousContainer = {
                <__asan::ErrorBase> = {
                  scariness = {
                    score = 41,
                    descr = "1-byte-write-heap-buffer-overflow-far-from-bounds\000\000\000\016\330\310\004\321\177\000\000\000 ^\005\321\177\000\000\062Y\277\004\321\177\000\000`\001\005:\374\177\000\000\036\000\000\000\000\000\000\000\340 ^\005\321\177\000\000 \371\004:\374\177\000\000\000@\205\071\374\177\000\000\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000\000\266Vb\034j?\367\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000`\001\005:\374\177\000\000\333R\310\004\321\177\000\000\000\v\005:\374\177\000\000\274", '\000' <repeats 15 times>, "\032\231\300\004"...
                  },
                  tid = 0
                }, 
                members of __asan::ErrorBadParamsToAnnotateContiguousContainer:
                stack = 0xffffffff00000000,
                beg = 105965437386536,
                end = 0,
                old_mid = 0,
                new_mid = 0
              },
              ODRViolation = {
                <__asan::ErrorBase> = {
                  scariness = {
                    score = 41,
                    descr = "1-byte-write-heap-buffer-overflow-far-from-bounds\000\000\000\016\330\310\004\321\177\000\000\000 ^\005\321\177\000\000\062Y\277\004\321\177\000\000`\001\005:\374\177\000\000\036\000\000\000\000\000\000\000\340 ^\005\321\177\000\000 \371\004:\374\177\000\000\000@\205\071\374\177\000\000\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000\000\266Vb\034j?\367\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000`\001\005:\374\177\000\000\333R\310\004\321\177\000\000\000\v\005:\374\177\000\000\274", '\000' <repeats 15 times>, "\032\231\300\004"...
                  },
                  tid = 0
                }, 
                members of __asan::ErrorODRViolation:
                global1 = {
                  beg = 18446744069414584320,
                  size = 105965437386536,
                  size_with_redzone = 0,
                  name = 0x0,
                  module_name = 0x0,
                  has_dynamic_init = 73014444144,
                  location = 0x1e,
                  odr_indicator = 140721281893632
                },
                global2 = {
                  beg = 0,
                  size = 140721282099671,
                  size_with_redzone = 140721281893776,
                  name = 0x7ffc3a0829d7 <clock_gettime+87> "I\213J\bH\211\302I\213C(H\205\322xfA\213r\030H9\312v\nH)\312H\017\257\326H\001\320A\213J\034I\213s A\213\022\071\323u\271H\323\350H=\377ɚ;v\026\061\322H-",
                  module_name = 0x7ffc3a0505a0 "\263\212\265A",
                  has_dynamic_init = 140721281893824,
                  location = 0xf73f6a1c6256b600,
                  odr_indicator = 4222429319
                },
                stack_id1 = 1649849856,
                stack_id2 = 4148128284
              },
              InvalidPointerPair = {
                <__asan::ErrorBase> = {
                  scariness = {
                    score = 41,
                    descr = "1-byte-write-heap-buffer-overflow-far-from-bounds\000\000\000\016\330\310\004\321\177\000\000\000 ^\005\321\177\000\000\062Y\277\004\321\177\000\000`\001\005:\374\177\000\000\036\000\000\000\000\000\000\000\340 ^\005\321\177\000\000 \371\004:\374\177\000\000\000@\205\071\374\177\000\000\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000\000\266Vb\034j?\367\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000`\001\005:\374\177\000\000\333R\310\004\321\177\000\000\000\v\005:\374\177\000\000\274", '\000' <repeats 15 times>, "\032\231\300\004"...
                  },
                  tid = 0
                }, 
                members of __asan::ErrorInvalidPointerPair:
                pc = 18446744069414584320,
                bp = 105965437386536,
                sp = 0,
                addr1_description = {
                  data = {
                    kind = __asan::kAddressKindWild,
                    {
                      shadow = {
                        addr = 0,
                        kind = (unknown: 112),
                        shadow_byte = 0 '\000'
                      },
                      heap = {
                        addr = 0,
                        alloc_tid = 73014444144,
                        free_tid = 30,
                        alloc_stack_id = 973407488,
                        free_stack_id = 32764,
                        chunk_access = {
                          bad_addr = 0,
                          offset = 140721282099671,
                          chunk_begin = 140721281893776,
                          chunk_size = 140721282099671,
                          user_requested_alignment = 1440,
                          access_type = 0,
                          alloc_type = 0
                        }
                      },
                      stack = {
                        addr = 0,
                        tid = 73014444144,
                        offset = 30,
                        frame_pc = 140721281893632,
                        access_size = 0,
                        frame_descr = 0x7ffc3a0829d7 <clock_gettime+87> "I\213J\bH\211\302I\213C(H\205\322xfA\213r\030H9\312v\nH)\312H\017\257\326H\001\320A\213J\034I\213s A\213\022\071\323u\271H\323\350H=\377ɚ;v\026\061\322H-"
                      },
                      global = {
                        addr = 0,
                        static kMaxGlobals = 4,
                        globals = {{
                            beg = 73014444144,
                            size = 30,
                            size_with_redzone = 140721281893632,
                            name = 0x0,
                            module_name = 0x7ffc3a0829d7 <clock_gettime+87> "I\213J\bH\211\302I\213C(H\205\322xfA\213r\030H9\312v\nH)\312H\017\257\326H\001\320A\213J\034I\213s A\213\022\071\323u\271H\323\350H=\377ɚ;v\026\061\322H-",
                            has_dynamic_init = 140721281893776,
                            location = 0x7ffc3a0829d7 <clock_gettime+87>,
                            odr_indicator = 140721281893792
                          }, {
                            beg = 140721281893824,
                            size = 17816075321042449920,
                            size_with_redzone = 4222429319,
                            name = 0xf73f6a1c6256b600 <error: Cannot access memory at address 0xf73f6a1c6256b600>,
                            module_name = 0xfbad2887 <error: Cannot access memory at address 0xfbad2887>,
                            has_dynamic_init = 140721281892960,
                            location = 0x7fd104395420 <_IO_2_1_stderr_>,
                            odr_indicator = 94753055836352
                          }, {
                            beg = 140721281893088,
                            size = 140535694356004,
                            size_with_redzone = 140535714947072,
                            name = 0x7fd104ca1d34 <__sanitizer::StackDepotBase<__sanitizer::StackDepotNode, 1, 20>::Put(__sanitizer::StackTrace, bool*)+212> "\213L$\bH\205\300uUH\213D$\020\211L$\bI\215<\307\350\241\376\377\377\213L$\bH9\305I\211\300tML\211\356H\211\332H\211ljL$ H\211D$\b\350\016\376\377\377L\213D$\b\213L$ H\205\300t(H\213\\$\020M\211\004\337\353\a\017\037D",
                            module_name = 0x6120001822b0 "\003",
                            has_dynamic_init = 140722015238468,
                            location = 0xaf944,
                            odr_indicator = 16
                          }, {
                            beg = 106790068429488,
                            size = 6,
                            size_with_redzone = 0,
                            name = 0x7fd104ca1e5c <__sanitizer::StackDepotBase<__sanitizer::StackDepotNode, 1, 20>::Put(__sanitizer::StackTrace, bool*)+508> "L\213D$\bL\211E",
                            module_name = 0x7ffc3a0829d7 <clock_gettime+87> "I\213J\bH\211\302I\213C(H\205\322xfA\213r\030H9\312v\nH)\312H\017\257\326H\001\320A\213J\034I\213s A\213\022\071\323u\271H\323\350H=\377ɚ;v\026\061\322H-",
                            has_dynamic_init = 0,
                            location = 0x77f46,
                            odr_indicator = 1
                          }},
                        reg_sites = {0, 0, 1781579739, 22061},
                        access_size = 140721281893568,
                        size = 176 '\260'
                      },
                      addr = 0
                    }
                  }
                },
                addr2_description = {
                  data = {
                    kind = __asan::kAddressKindShadow,
                    {
                      shadow = {
                        addr = 140535705406160,
                        kind = __asan::kShadowKindGap,
                        shadow_byte = 250 '\372'
                      },
                      heap = {
                        addr = 140535705406160,
                        alloc_tid = 64001,
                        free_tid = 140535714947296,
                        alloc_stack_id = 973407136,
                        free_stack_id = 32764,
                        chunk_access = {
                          bad_addr = 140721273520128,
                          offset = 1,
                          chunk_begin = 30,
                          chunk_size = 17816075321042449920,
                          user_requested_alignment = 1,
                          access_type = 0,
                          alloc_type = 0
                        }
                      },
                      stack = {
                        addr = 140535705406160,
                        tid = 64001,
                        offset = 140535714947296,
                        frame_pc = 140721281893280,
                        access_size = 140721273520128,
                        frame_descr = 0x1 <error: Cannot access memory at address 0x1>
                      },
                      global = {
                        addr = 140535705406160,
                        static kMaxGlobals = 4,
                        globals = {{
                            beg = 64001,
                            size = 140535714947296,
                            size_with_redzone = 140721281893280,
                            name = 0x7ffc39854000 <error: Cannot access memory at address 0x7ffc39854000>,
                            module_name = 0x1 <error: Cannot access memory at address 0x1>,
                            has_dynamic_init = 30,
                            location = 0xf73f6a1c6256b600,
                            odr_indicator = 1
                          }, {
                            beg = 140535704617348,
                            size = 140721281895392,
                            size_with_redzone = 106721350680512,
                            name = 0x7ffc3a0503a0 "\260\003\005:\374\177",
                            module_name = 0x1 <error: Cannot access memory at address 0x1>,
                            has_dynamic_init = 106721350680512,
                            location = 0x7fd104c800ab <__interceptor_free(void*)+171>,
                            odr_indicator = 140721281893296
                          }, {
                            beg = 2,
                            size = 140535705108714,
                            size_with_redzone = 140535698129342,
                            name = 0x7fd104c8063a <__interceptor_calloc(__sanitizer::uptr, __sanitizer::uptr)+298> "H\211ƅ\333u\027H\307E\300",
                            module_name = 0x7fd1044deef3 <surface_send_configure+64> "I\211\304H\205\300\017\204*\001",
                            has_dynamic_init = 140535698136763,
                            location = 0x1,
                            odr_indicator = 140535698153088
                          }, {
                            beg = 140535705108651,
                            size = 140721281893376,
                            size_with_redzone = 2,
                            name = 0x7fd104c800ea <__interceptor_free(void*)+234> "H\211ƅ\333t/H\211mЃ\373\001\017\204\271",
                            module_name = 0xf73f6a1c6256b600 <error: Cannot access memory at address 0xf73f6a1c6256b600>,
                            has_dynamic_init = 17590160236724,
                            location = 0x10,
                            odr_indicator = 140721281895712
                          }},
                        reg_sites = {973409632, 32764, 973409504, 32764},
                        access_size = 624,
                        size = 192 '\300'
                      },
                      addr = 140535705406160
                    }
                  }
                }
              },
              Generic = {
                <__asan::ErrorBase> = {
                  scariness = {
                    score = 41,
                    descr = "1-byte-write-heap-buffer-overflow-far-from-bounds\000\000\000\016\330\310\004\321\177\000\000\000 ^\005\321\177\000\000\062Y\277\004\321\177\000\000`\001\005:\374\177\000\000\036\000\000\000\000\000\000\000\340 ^\005\321\177\000\000 \371\004:\374\177\000\000\000@\205\071\374\177\000\000\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000\000\266Vb\034j?\367\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000`\001\005:\374\177\000\000\333R\310\004\321\177\000\000\000\v\005:\374\177\000\000\274", '\000' <repeats 15 times>, "\032\231\300\004"...
                  },
                  tid = 0
                }, 
                members of __asan::ErrorGeneric:
                addr_description = {
                  data = {
                    kind = __asan::kAddressKindWild,
                    {
                      shadow = {
                        addr = 105965437386536,
                        kind = __asan::kShadowKindLow,
                        shadow_byte = 0 '\000'
                      },
                      heap = {
                        addr = 105965437386536,
                        alloc_tid = 0,
                        free_tid = 0,
                        alloc_stack_id = 0,
                        free_stack_id = 0,
                        chunk_access = {
                          bad_addr = 73014444144,
                          offset = 30,
                          chunk_begin = 140721281893632,
                          chunk_size = 0,
                          user_requested_alignment = 2519,
                          access_type = 2,
                          alloc_type = 0
                        }
                      },
                      stack = {
                        addr = 105965437386536,
                        tid = 0,
                        offset = 0,
                        frame_pc = 0,
                        access_size = 73014444144,
                        frame_descr = 0x1e <error: Cannot access memory at address 0x1e>
                      },
                      global = {
                        addr = 105965437386536,
                        static kMaxGlobals = 4,
                        globals = {{
                            beg = 0,
                            size = 0,
                            size_with_redzone = 0,
                            name = 0x1100000070 <error: Cannot access memory at address 0x1100000070>,
                            module_name = 0x1e <error: Cannot access memory at address 0x1e>,
                            has_dynamic_init = 140721281893632,
                            location = 0x0,
                            odr_indicator = 140721282099671
                          }, {
                            beg = 140721281893776,
                            size = 140721282099671,
                            size_with_redzone = 140721281893792,
                            name = 0x7ffc3a0505c0 "\a",
                            module_name = 0xf73f6a1c6256b600 <error: Cannot access memory at address 0xf73f6a1c6256b600>,
                            has_dynamic_init = 4222429319,
                            location = 0xf73f6a1c6256b600,
                            odr_indicator = 4222429319
                          }, {
                            beg = 140721281892960,
                            size = 140535695758368,
                            size_with_redzone = 94753055836352,
                            name = 0x7ffc3a0502e0 "",
                            module_name = 0x7fd10423ee24 <__vfprintf_internal+1140> "A\211\301\351\202\376\377\377\017\037@",
                            has_dynamic_init = 140535714947072,
                            location = 0x7fd104ca1d34 <__sanitizer::StackDepotBase<__sanitizer::StackDepotNode, 1, 20>::Put(__sanitizer::StackTrace, bool*)+212>,
                            odr_indicator = 106790068429488
                          }, {
                            beg = 140722015238468,
                            size = 719172,
                            size_with_redzone = 16,
                            name = 0x6120001822b0 "\003",
                            module_name = 0x6 <error: Cannot access memory at address 0x6>,
                            has_dynamic_init = 0,
                            location = 0x7fd104ca1e5c <__sanitizer::StackDepotBase<__sanitizer::StackDepotNode, 1, 20>::Put(__sanitizer::StackTrace, bool*)+508>,
                            odr_indicator = 140721282099671
                          }},
                        reg_sites = {0, 0, 491334, 0},
                        access_size = 1,
                        size = 0 '\000'
                      },
                      addr = 105965437386536
                    }
                  }
                },
                pc = 94753055096795,
                bp = 140721281893568,
                sp = 140721281893552,
                access_size = 1,
                bug_descr = 0x7fd104cc8ad0 "heap-buffer-overflow",
                is_write = true,
                shadow_val = 250 '\372'
              }
            }
          },
          halt_on_error_ = true
        }
        error = {
          <__asan::ErrorBase> = {
            scariness = {
              score = 41,
              descr = "1-byte-write-heap-buffer-overflow-far-from-bounds\000\000\000\016\330\310\004\321\177\000\000\000 ^\005\321\177\000\000\062Y\277\004\321\177\000\000`\001\005:\374\177\000\000\036\000\000\000\000\000\000\000\340 ^\005\321\177\000\000 \371\004:\374\177\000\000\000@\205\071\374\177\000\000\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000\000\266Vb\034j?\367\001\000\000\000\000\000\000\000\036\000\000\000\000\000\000\000`\001\005:\374\177\000\000\333R\310\004\321\177\000\000\000\v\005:\374\177\000\000\274", '\000' <repeats 15 times>, "\032\231\300\004"...
            },
            tid = 0
          }, 
          members of __asan::ErrorGeneric:
          addr_description = {
            data = {
              kind = __asan::kAddressKindWild,
              {
                shadow = {
                  addr = 105965437386536,
                  kind = __asan::kShadowKindLow,
                  shadow_byte = 0 '\000'
                },
                heap = {
                  addr = 105965437386536,
                  alloc_tid = 0,
                  free_tid = 0,
                  alloc_stack_id = 0,
                  free_stack_id = 0,
                  chunk_access = {
                    bad_addr = 73014444144,
                    offset = 30,
                    chunk_begin = 140721281893632,
                    chunk_size = 0,
                    user_requested_alignment = 2519,
                    access_type = 2,
                    alloc_type = 0
                  }
                },
                stack = {
                  addr = 105965437386536,
                  tid = 0,
                  offset = 0,
                  frame_pc = 0,
                  access_size = 73014444144,
                  frame_descr = 0x1e <error: Cannot access memory at address 0x1e>
                },
                global = {
                  addr = 105965437386536,
                  static kMaxGlobals = 4,
                  globals = {{
                      beg = 0,
                      size = 0,
                      size_with_redzone = 0,
                      name = 0x1100000070 <error: Cannot access memory at address 0x1100000070>,
                      module_name = 0x1e <error: Cannot access memory at address 0x1e>,
                      has_dynamic_init = 140721281893632,
                      location = 0x0,
                      odr_indicator = 140721282099671
                    }, {
                      beg = 140721281893776,
                      size = 140721282099671,
                      size_with_redzone = 140721281893792,
                      name = 0x7ffc3a0505c0 "\a",
                      module_name = 0xf73f6a1c6256b600 <error: Cannot access memory at address 0xf73f6a1c6256b600>,
                      has_dynamic_init = 4222429319,
                      location = 0xf73f6a1c6256b600,
                      odr_indicator = 4222429319
                    }, {
                      beg = 140721281892960,
                      size = 140535695758368,
                      size_with_redzone = 94753055836352,
                      name = 0x7ffc3a0502e0 "",
                      module_name = 0x7fd10423ee24 <__vfprintf_internal+1140> "A\211\301\351\202\376\377\377\017\037@",
                      has_dynamic_init = 140535714947072,
                      location = 0x7fd104ca1d34 <__sanitizer::StackDepotBase<__sanitizer::StackDepotNode, 1, 20>::Put(__sanitizer::StackTrace, bool*)+212>,
                      odr_indicator = 106790068429488
                    }, {
                      beg = 140722015238468,
                      size = 719172,
                      size_with_redzone = 16,
                      name = 0x6120001822b0 "\003",
                      module_name = 0x6 <error: Cannot access memory at address 0x6>,
                      has_dynamic_init = 0,
                      location = 0x7fd104ca1e5c <__sanitizer::StackDepotBase<__sanitizer::StackDepotNode, 1, 20>::Put(__sanitizer::StackTrace, bool*)+508>,
                      odr_indicator = 140721282099671
                    }},
                  reg_sites = {0, 0, 491334, 0},
                  access_size = 1,
                  size = 0 '\000'
                },
                addr = 105965437386536
              }
            }
          },
          pc = 94753055096795,
          bp = 140721281893568,
          sp = 140721281893552,
          access_size = 1,
          bug_descr = 0x7fd104cc8ad0 "heap-buffer-overflow",
          is_write = true,
          shadow_val = 250 '\372'
        }
#6  0x00007fd104c8a2bf in __asan::__asan_report_store1(__sanitizer::uptr) (addr=<optimized out>) at /build/gcc/src/gcc/libsanitizer/asan/asan_rtl.cpp:122
        bp = 140721281893568
        pc = <optimized out>
        local_stack = 140721281893712
        sp = 140721281893552
#7  0x0000562d6a30bfdb in handle_pointer_constraint_set_region (listener=<optimized out>, data=<optimized out>) at ../sway/sway/input/cursor.c:836
        cursor = <optimized out>
#8  0x00007fd104521a67 in wlr_signal_emit_safe (signal=signal@entry=0x61200016bbb8, data=data@entry=0x0) at ../util/signal.c:29
        pos = 0x606000410128
        l = 0x606000410128
#9  0x00007fd10450c49e in pointer_constraint_commit (constraint=0x61200016bac0) at ../types/wlr_pointer_constraints_v1.c:132
        updated_region = true
#10 0x00007fd10450c4b3 in handle_surface_commit (listener=<optimized out>, data=<optimized out>) at ../types/wlr_pointer_constraints_v1.c:140
        constraint = <optimized out>
#11 0x00007fd104521a67 in wlr_signal_emit_safe (signal=signal@entry=0x618000074f20, data=data@entry=0x618000074c80) at ../util/signal.c:29
        pos = 0x61200016bb60
        l = 0x61200016bb60
#12 0x00007fd1045167b1 in surface_commit_pending (surface=surface@entry=0x618000074c80) at ../types/wlr_surface.c:379
        invalid_buffer = false
        subsurface = 0x618000074e68
#13 0x00007fd104516b73 in surface_commit (client=<optimized out>, resource=<optimized out>) at ../types/wlr_surface.c:448
        surface = 0x618000074c80
        subsurface = <optimized out>
#14 0x00007fd103b47a8d in  () at /usr/lib/libffi.so.7
#15 0x00007fd103b4701b in  () at /usr/lib/libffi.so.7
#16 0x00007fd1045dbf62 in  () at /usr/lib/libwayland-server.so.0
#17 0x00007fd1045d82dc in  () at /usr/lib/libwayland-server.so.0
#18 0x00007fd1045d9faa in wl_event_loop_dispatch () at /usr/lib/libwayland-server.so.0
#19 0x00007fd1045d84e7 in wl_display_run () at /usr/lib/libwayland-server.so.0
#20 0x0000562d6a2ecc43 in server_run (server=0x562d6a3fd1e0 <server>) at ../sway/sway/server.c:225
#21 0x0000562d6a2eb647 in main (argc=<optimized out>, argv=<optimized out>) at ../sway/sway/main.c:409
        verbose = 0
        debug = 1
        validate = 0
        allow_unsupported_gpu = 0
        long_options = {{
            name = 0x562d6a39cbc0 "help",
            has_arg = 0,
            flag = 0x0,
            val = 104
          }, {
            name = 0x562d6a39cc00 "config",
            has_arg = 1,
            flag = 0x0,
            val = 99
          }, {
            name = 0x562d6a39cc40 "validate",
            has_arg = 0,
            flag = 0x0,
            val = 67
          }, {
            name = 0x562d6a39cc80 "debug",
            has_arg = 0,
            flag = 0x0,
            val = 100
          }, {
            name = 0x562d6a39ccc0 "version",
            has_arg = 0,
            flag = 0x0,
            val = 118
          }, {
            name = 0x562d6a39cd00 "verbose",
            has_arg = 0,
            flag = 0x0,
            val = 86
          }, {
            name = 0x562d6a39cd40 "get-socketpath",
            has_arg = 0,
            flag = 0x0,
            val = 112
          }, {
            name = 0x562d6a39cd80 "unsupported-gpu",
            has_arg = 0,
            flag = 0x0,
            val = 117
          }, {
            name = 0x562d6a39cdc0 "my-next-gpu-wont-be-nvidia",
            has_arg = 0,
            flag = 0x0,
            val = 117
          }, {
            name = 0x0,
            has_arg = 0,
            flag = 0x0,
            val = 0
          }}
        config_path = 0x0
        usage = 0x562d6a39c160 "Usage: sway [options] [command]\n\n  -h, --help", ' ' <repeats 13 times>, "Show help message and quit.\n  -c, --config <config>  Specify a config file.\n  -C, --validate         Check the validity of the config file, th"...
        c = <optimized out>
Xyene added a commit to Xyene/sway that referenced this issue May 25, 2020
@Xyene
input/cursor: fix heap-buffer overflow in constraint set_region
6770231 
Fixes swaywm#5383, caused by an oversight in 6f0a0bd.
@Xyene Xyene mentioned this issue May 25, 2020
Merged
Xyene added a commit to Xyene/sway that referenced this issue May 25, 2020
@Xyene
input/cursor: fix heap-buffer overflow in constraint set_region
fb8c30a 
Fixes swaywm#5383, caused by an oversight in 6f0a0bd.
Xyene added a commit to Xyene/sway that referenced this issue May 25, 2020
@Xyene
input/cursor: fix heap-buffer overflow in constraint set_region
875a4c4 
Fixes swaywm#5383, caused by an oversight in 6f0a0bd.
@Xyene
Copy link
Member

Xyene commented May 25, 2020

Thanks for reporting this, could you give #5384 a try and see if it fixes the issue for you?

@Xyene Xyene added bug Not working as intended input/pointer labels May 25, 2020
emersion pushed a commit that referenced this issue May 25, 2020
@Xyene @emersion
input/cursor: fix heap-buffer overflow in constraint set_region
34e0cad 
Fixes #5383, caused by an oversight in 6f0a0bd.
@KenMacD
Copy link
Author

KenMacD commented May 25, 2020

@Xyene wow that was fast. Thank you! Looks like it's been merged to master so I'll rebuild and test it out tonight.

@attritionorg
Copy link

@KenMacD Can you cliff notes on how this bug was triggered? Thanks!

@KenMacD
Copy link
Author

KenMacD commented May 27, 2020

@attritionorg Sure. It happened when exiting Stardew Valley. Specifically stardew installed with stardew_valley_1_4_3_379_34693.sh and SMAPI-3.5.0-installer.zip, but I doubt that matters.

@attritionorg
Copy link

@KenMacD Exactly what I needed, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Not working as intended input/pointer
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

input/cursor: fix heap-buffer overflow in constraint set_region Xyene/sway
3 participants
@KenMacD @Xyene @attritionorg