Created
August 26, 2018 21:49
-
-
Save DrMcCoy/0fd8777a1a179bd921de3192895f24d0 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ==8357==ERROR: AddressSanitizer: heap-use-after-free on address 0x61e0000e9480 at pc 0x55b2272a4e09 bp 0x7f72dbe2ba40 sp 0x7f72dbe2ba30 | |
| READ of size 8 at 0x61e0000e9480 thread T7 (GameInstance) | |
| #0 0x55b2272a4e08 in Aurora::NWScript::ObjectReference::operator=(Aurora::NWScript::Object const*) /home/drmccoy/projects/xoreos/xoreos/src/aurora/nwscript/objectref.cpp:55 | |
| #1 0x55b22720f3b2 in Aurora::NWScript::Variable::operator=(Aurora::NWScript::Object*) /home/drmccoy/projects/xoreos/xoreos/src/aurora/nwscript/variable.cpp:214 | |
| #2 0x55b227218d19 in Aurora::NWScript::Variable::Variable(Aurora::NWScript::Object*) /home/drmccoy/projects/xoreos/xoreos/src/aurora/nwscript/variable.cpp:63 | |
| #3 0x55b2271be942 in Aurora::NWScript::NCSFile::o_const(Aurora::NWScript::NCSFile::InstructionType) /home/drmccoy/projects/xoreos/xoreos/src/aurora/nwscript/ncsfile.cpp:502 | |
| #4 0x55b2271b207c in Aurora::NWScript::NCSFile::executeStep() /home/drmccoy/projects/xoreos/xoreos/src/aurora/nwscript/ncsfile.cpp:411 | |
| #5 0x55b2271b3cf1 in Aurora::NWScript::NCSFile::execute(Aurora::NWScript::Object*, Aurora::NWScript::Object*) /home/drmccoy/projects/xoreos/xoreos/src/aurora/nwscript/ncsfile.cpp:380 | |
| #6 0x55b2271bbbc6 in Aurora::NWScript::NCSFile::run(Aurora::NWScript::ScriptState const&, Aurora::NWScript::Object*, Aurora::NWScript::Object*) /home/drmccoy/projects/xoreos/xoreos/src/aurora/nwscript/ncsfile.cpp:373 | |
| #7 0x55b225b371d5 in Engines::KotOR::ScriptContainer::runScript(Common::UString const&, Aurora::NWScript::ScriptState const&, Aurora::NWScript::Object*, Aurora::NWScript::Object*) /home/drmccoy/projects/xoreos/xoreos/src/engines/kotor/script/container.cpp:172 | |
| #8 0x55b225ae2287 in Engines::KotOR::Module::handleActions() /home/drmccoy/projects/xoreos/xoreos/src/engines/kotor/module.cpp:680 | |
| #9 0x55b225b020c2 in Engines::KotOR::Module::processEventQueue() /home/drmccoy/projects/xoreos/xoreos/src/engines/kotor/module.cpp:535 | |
| #10 0x55b225a3744d in Engines::KotOR::Game::runModule() /home/drmccoy/projects/xoreos/xoreos/src/engines/kotor/game.cpp:96 | |
| #11 0x55b225a3bbda in Engines::KotOR::Game::run() /home/drmccoy/projects/xoreos/xoreos/src/engines/kotor/game.cpp:76 | |
| #12 0x55b225a1b350 in Engines::KotOR::KotOREngine::run() /home/drmccoy/projects/xoreos/xoreos/src/engines/kotor/kotor.cpp:128 | |
| #13 0x55b2262468d6 in Engines::GameInstanceEngine::run() /home/drmccoy/projects/xoreos/xoreos/src/engines/enginemanager.cpp:222 | |
| #14 0x55b2262484d0 in Engines::EngineManager::run(Engines::GameInstance&) const /home/drmccoy/projects/xoreos/xoreos/src/engines/enginemanager.cpp:249 | |
| #15 0x55b226249e9b in Engines::GameThread::threadMethod() /home/drmccoy/projects/xoreos/xoreos/src/engines/gamethread.cpp:87 | |
| #16 0x55b2272bf253 in Common::Thread::threadHelper(void*) /home/drmccoy/projects/xoreos/xoreos/src/common/thread.cpp:113 | |
| #17 0x7f72fd3777bb in SDL_RunThread /var/tmp/portage/media-libs/libsdl2-2.0.8-r2/work/SDL2-2.0.8/src/thread/SDL_thread.c:283 | |
| #18 0x7f72fd3de228 in RunThread /var/tmp/portage/media-libs/libsdl2-2.0.8-r2/work/SDL2-2.0.8/src/thread/pthread/SDL_systhread.c:74 | |
| #19 0x7f72fdfd39a9 in start_thread /var/tmp/portage/sys-libs/glibc-2.27-r6/work/glibc-2.27/nptl/pthread_create.c:463 | |
| #20 0x7f72f999a56e in clone (/lib64/libc.so.6+0x10456e) | |
| 0x61e0000e9480 is located 0 bytes inside of 2536-byte region [0x61e0000e9480,0x61e0000e9e68) | |
| freed by thread T7 (GameInstance) here: | |
| #0 0x7f72fe2dc738 in operator delete(void*, unsigned long) /var/tmp/portage/sys-devel/gcc-8.2.0-r2/work/gcc-8.2.0/libsanitizer/asan/asan_new_delete.cc:151 | |
| #1 0x55b225aa6eb2 in void Common::DeallocatorDefault::destroy<Engines::KotOR::Object>(Engines::KotOR::Object*) /home/drmccoy/projects/xoreos/xoreos/src/common/deallocator.h:44 | |
| #2 0x55b225aa6eb2 in Common::PtrList<Engines::KotOR::Object, Common::DeallocatorDefault>::erase(std::_List_iterator<Engines::KotOR::Object*>) /home/drmccoy/projects/xoreos/xoreos/src/common/ptrlist.h:65 | |
| #3 0x55b225aa6eb2 in Common::PtrList<Engines::KotOR::Object, Common::DeallocatorDefault>::remove(Engines::KotOR::Object* const&) /home/drmccoy/projects/xoreos/xoreos/src/common/ptrlist.h:97 | |
| #4 0x55b225aa6eb2 in Engines::KotOR::Area::removeObject(Engines::KotOR::Object*) /home/drmccoy/projects/xoreos/xoreos/src/engines/kotor/area.cpp:747 | |
| #5 0x55b225b3a322 in boost::_mfi::mf1<void, Engines::KotOR::Functions, Aurora::NWScript::FunctionContext&>::operator()(Engines::KotOR::Functions*, Aurora::NWScript::FunctionContext&) const /usr/include/boost/bind/mem_fn_template.hpp:165 | |
| #6 0x55b225b3a322 in void boost::_bi::list2<boost::_bi::value<Engines::KotOR::Functions*>, boost::arg<1> >::operator()<boost::_mfi::mf1<void, Engines::KotOR::Functions, Aurora::NWScript::FunctionContext&>, boost::_bi::rrlist1<Aurora::NWScript::FunctionContext&> >(boost::_bi::type<void>, boost::_mfi::mf1<void, Engines::KotOR::Functions, Aurora::NWScript::FunctionContext&>&, boost::_bi::rrlist1<Aurora::NWScript::FunctionContext&>&, int) /usr/include/boost/bind/bind.hpp:319 | |
| #7 0x55b225b3a322 in void boost::_bi::bind_t<void, boost::_mfi::mf1<void, Engines::KotOR::Functions, Aurora::NWScript::FunctionContext&>, boost::_bi::list2<boost::_bi::value<Engines::KotOR::Functions*>, boost::arg<1> > >::operator()<Aurora::NWScript::FunctionContext&>(Aurora::NWScript::FunctionContext&) /usr/include/boost/bind/bind.hpp:1306 | |
| #8 0x55b225b3a322 in boost::detail::function::void_function_obj_invoker1<boost::_bi::bind_t<void, boost::_mfi::mf1<void, Engines::KotOR::Functions, Aurora::NWScript::FunctionContext&>, boost::_bi::list2<boost::_bi::value<Engines::KotOR::Functions*>, boost::arg<1> > >, void, Aurora::NWScript::FunctionContext&>::invoke(boost::detail::function::function_buffer&, Aurora::NWScript::FunctionContext&) /usr/include/boost/function/function_template.hpp:159 | |
| #9 0x55b2271939c9 in boost::function1<void, Aurora::NWScript::FunctionContext&>::operator()(Aurora::NWScript::FunctionContext&) const /usr/include/boost/function/function_template.hpp:759 | |
| #10 0x55b2271939c9 in Aurora::NWScript::FunctionManager::call(unsigned int, Aurora::NWScript::FunctionContext&) const /home/drmccoy/projects/xoreos/xoreos/src/aurora/nwscript/functionman.cpp:109 | |
| #11 0x55b2271d6190 in Aurora::NWScript::NCSFile::callEngine(Aurora::NWScript::FunctionContext&, unsigned int, unsigned char) /home/drmccoy/projects/xoreos/xoreos/src/aurora/nwscript/ncsfile.cpp:580 | |
| #12 0x55b2271d76b0 in Aurora::NWScript::NCSFile::o_action(Aurora::NWScript::NCSFile::InstructionType) /home/drmccoy/projects/xoreos/xoreos/src/aurora/nwscript/ncsfile.cpp:627 | |
| #13 0x55b2271b207c in Aurora::NWScript::NCSFile::executeStep() /home/drmccoy/projects/xoreos/xoreos/src/aurora/nwscript/ncsfile.cpp:411 | |
| #14 0x55b2271b3cf1 in Aurora::NWScript::NCSFile::execute(Aurora::NWScript::Object*, Aurora::NWScript::Object*) /home/drmccoy/projects/xoreos/xoreos/src/aurora/nwscript/ncsfile.cpp:380 | |
| #15 0x55b2271bbbc6 in Aurora::NWScript::NCSFile::run(Aurora::NWScript::ScriptState const&, Aurora::NWScript::Object*, Aurora::NWScript::Object*) /home/drmccoy/projects/xoreos/xoreos/src/aurora/nwscript/ncsfile.cpp:373 | |
| #16 0x55b225b371d5 in Engines::KotOR::ScriptContainer::runScript(Common::UString const&, Aurora::NWScript::ScriptState const&, Aurora::NWScript::Object*, Aurora::NWScript::Object*) /home/drmccoy/projects/xoreos/xoreos/src/engines/kotor/script/container.cpp:172 | |
| #17 0x55b225ae2287 in Engines::KotOR::Module::handleActions() /home/drmccoy/projects/xoreos/xoreos/src/engines/kotor/module.cpp:680 | |
| #18 0x55b225b020c2 in Engines::KotOR::Module::processEventQueue() /home/drmccoy/projects/xoreos/xoreos/src/engines/kotor/module.cpp:535 | |
| #19 0x55b225a3744d in Engines::KotOR::Game::runModule() /home/drmccoy/projects/xoreos/xoreos/src/engines/kotor/game.cpp:96 | |
| #20 0x55b225a3bbda in Engines::KotOR::Game::run() /home/drmccoy/projects/xoreos/xoreos/src/engines/kotor/game.cpp:76 | |
| #21 0x55b225a1b350 in Engines::KotOR::KotOREngine::run() /home/drmccoy/projects/xoreos/xoreos/src/engines/kotor/kotor.cpp:128 | |
| #22 0x55b2262468d6 in Engines::GameInstanceEngine::run() /home/drmccoy/projects/xoreos/xoreos/src/engines/enginemanager.cpp:222 | |
| #23 0x55b2262484d0 in Engines::EngineManager::run(Engines::GameInstance&) const /home/drmccoy/projects/xoreos/xoreos/src/engines/enginemanager.cpp:249 | |
| #24 0x55b226249e9b in Engines::GameThread::threadMethod() /home/drmccoy/projects/xoreos/xoreos/src/engines/gamethread.cpp:87 | |
| #25 0x55b2272bf253 in Common::Thread::threadHelper(void*) /home/drmccoy/projects/xoreos/xoreos/src/common/thread.cpp:113 | |
| #26 0x7f72fd3777bb in SDL_RunThread /var/tmp/portage/media-libs/libsdl2-2.0.8-r2/work/SDL2-2.0.8/src/thread/SDL_thread.c:283 | |
| previously allocated by thread T7 (GameInstance) here: | |
| #0 0x7f72fe2db1c0 in operator new(unsigned long) /var/tmp/portage/sys-devel/gcc-8.2.0-r2/work/gcc-8.2.0/libsanitizer/asan/asan_new_delete.cc:90 | |
| #1 0x55b225a99e73 in Engines::KotOR::Area::loadCreatures(std::vector<Aurora::GFF3Struct const*, std::allocator<Aurora::GFF3Struct const*> > const&) /home/drmccoy/projects/xoreos/xoreos/src/engines/kotor/area.cpp:440 | |
| #2 0x55b225a9bc6c in Engines::KotOR::Area::loadGIT(Aurora::GFF3Struct const&) /home/drmccoy/projects/xoreos/xoreos/src/engines/kotor/area.cpp:352 | |
| #3 0x55b225a9c71a in Engines::KotOR::Area::load() /home/drmccoy/projects/xoreos/xoreos/src/engines/kotor/area.cpp:108 | |
| #4 0x55b225a9e1dd in Engines::KotOR::Area::Area(Engines::KotOR::Module&, Common::UString const&) /home/drmccoy/projects/xoreos/xoreos/src/engines/kotor/area.cpp:78 | |
| #5 0x55b225ad6dc2 in Engines::KotOR::Module::loadArea() /home/drmccoy/projects/xoreos/xoreos/src/engines/kotor/module.cpp:251 | |
| #6 0x55b225afeae4 in Engines::KotOR::Module::loadModule(Common::UString const&, Common::UString const&, Engines::KotOR::ObjectType) /home/drmccoy/projects/xoreos/xoreos/src/engines/kotor/module.cpp:140 | |
| #7 0x55b225bc35e8 in Engines::KotOR::CharacterGenerationMenu::start() /home/drmccoy/projects/xoreos/xoreos/src/engines/kotor/gui/chargen/charactergeneration.cpp:220 | |
| #8 0x55b225bd3dba in Engines::KotOR::QuickCharPanel::callbackActive(Engines::Widget&) /home/drmccoy/projects/xoreos/xoreos/src/engines/kotor/gui/chargen/quickchar.cpp:75 | |
| #9 0x55b2262d5d49 in Engines::GUI::checkWidgetActive(Engines::Widget*) /home/drmccoy/projects/xoreos/xoreos/src/engines/aurora/gui.cpp:492 | |
| #10 0x55b2262de07e in Engines::GUI::mouseUp(SDL_Event const&) /home/drmccoy/projects/xoreos/xoreos/src/engines/aurora/gui.cpp:539 | |
| #11 0x55b2262e0394 in Engines::GUI::mouseUp(SDL_Event const&) /home/drmccoy/projects/xoreos/xoreos/src/engines/aurora/gui.cpp:526 | |
| #12 0x55b2262e0394 in Engines::GUI::processEventQueue() /home/drmccoy/projects/xoreos/xoreos/src/engines/aurora/gui.cpp:204 | |
| #13 0x55b2262e6f0f in Engines::GUI::run(unsigned int) /home/drmccoy/projects/xoreos/xoreos/src/engines/aurora/gui.cpp:134 | |
| #14 0x55b2262eb1be in Engines::GUI::sub(Engines::GUI&, unsigned int, bool, bool) /home/drmccoy/projects/xoreos/xoreos/src/engines/aurora/gui.cpp:371 | |
| #15 0x55b225baf728 in Engines::KotOR::ClassSelectionMenu::callbackActive(Engines::Widget&) /home/drmccoy/projects/xoreos/xoreos/src/engines/kotor/gui/chargen/classselection.cpp:218 | |
| #16 0x55b2262d5d49 in Engines::GUI::checkWidgetActive(Engines::Widget*) /home/drmccoy/projects/xoreos/xoreos/src/engines/aurora/gui.cpp:492 | |
| #17 0x55b2262de07e in Engines::GUI::mouseUp(SDL_Event const&) /home/drmccoy/projects/xoreos/xoreos/src/engines/aurora/gui.cpp:539 | |
| #18 0x55b2262e0394 in Engines::GUI::mouseUp(SDL_Event const&) /home/drmccoy/projects/xoreos/xoreos/src/engines/aurora/gui.cpp:526 | |
| #19 0x55b2262e0394 in Engines::GUI::processEventQueue() /home/drmccoy/projects/xoreos/xoreos/src/engines/aurora/gui.cpp:204 | |
| #20 0x55b2262e6cec in Engines::GUI::run(unsigned int) /home/drmccoy/projects/xoreos/xoreos/src/engines/aurora/gui.cpp:132 | |
| #21 0x55b2262eb1be in Engines::GUI::sub(Engines::GUI&, unsigned int, bool, bool) /home/drmccoy/projects/xoreos/xoreos/src/engines/aurora/gui.cpp:371 | |
| #22 0x55b225b5ac71 in Engines::KotOR::MainMenu::callbackActive(Engines::Widget&) /home/drmccoy/projects/xoreos/xoreos/src/engines/kotor/gui/main/main.cpp:197 | |
| #23 0x55b2262d5d49 in Engines::GUI::checkWidgetActive(Engines::Widget*) /home/drmccoy/projects/xoreos/xoreos/src/engines/aurora/gui.cpp:492 | |
| #24 0x55b2262de07e in Engines::GUI::mouseUp(SDL_Event const&) /home/drmccoy/projects/xoreos/xoreos/src/engines/aurora/gui.cpp:539 | |
| #25 0x55b2262e0394 in Engines::GUI::mouseUp(SDL_Event const&) /home/drmccoy/projects/xoreos/xoreos/src/engines/aurora/gui.cpp:526 | |
| #26 0x55b2262e0394 in Engines::GUI::processEventQueue() /home/drmccoy/projects/xoreos/xoreos/src/engines/aurora/gui.cpp:204 | |
| #27 0x55b2262e6cec in Engines::GUI::run(unsigned int) /home/drmccoy/projects/xoreos/xoreos/src/engines/aurora/gui.cpp:132 | |
| #28 0x55b225a3af29 in Engines::KotOR::Game::mainMenu() /home/drmccoy/projects/xoreos/xoreos/src/engines/kotor/game.cpp:150 | |
| #29 0x55b225a3bbbf in Engines::KotOR::Game::run() /home/drmccoy/projects/xoreos/xoreos/src/engines/kotor/game.cpp:75 | |
| #30 0x55b225a1b350 in Engines::KotOR::KotOREngine::run() /home/drmccoy/projects/xoreos/xoreos/src/engines/kotor/kotor.cpp:128 | |
| #31 0x55b2262468d6 in Engines::GameInstanceEngine::run() /home/drmccoy/projects/xoreos/xoreos/src/engines/enginemanager.cpp:222 | |
| #32 0x55b2262484d0 in Engines::EngineManager::run(Engines::GameInstance&) const /home/drmccoy/projects/xoreos/xoreos/src/engines/enginemanager.cpp:249 | |
| Thread T7 (GameInstance) created by T0 here: | |
| #0 0x7f72fe236b73 in __interceptor_pthread_create /var/tmp/portage/sys-devel/gcc-8.2.0-r2/work/gcc-8.2.0/libsanitizer/asan/asan_interceptors.cc:202 | |
| #1 0x7f72fd3de296 in SDL_SYS_CreateThread /var/tmp/portage/media-libs/libsdl2-2.0.8-r2/work/SDL2-2.0.8/src/thread/pthread/SDL_systhread.c:115 | |
| SUMMARY: AddressSanitizer: heap-use-after-free /home/drmccoy/projects/xoreos/xoreos/src/aurora/nwscript/objectref.cpp:55 in Aurora::NWScript::ObjectReference::operator=(Aurora::NWScript::Object const*) | |
| Shadow bytes around the buggy address: | |
| 0x0c3c80015240: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| 0x0c3c80015250: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| 0x0c3c80015260: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| 0x0c3c80015270: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa | |
| 0x0c3c80015280: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa | |
| =>0x0c3c80015290:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| 0x0c3c800152a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| 0x0c3c800152b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| 0x0c3c800152c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| 0x0c3c800152d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| 0x0c3c800152e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| Shadow byte legend (one shadow byte represents 8 application bytes): | |
| Addressable: 00 | |
| Partially addressable: 01 02 03 04 05 06 07 | |
| Heap left redzone: fa | |
| Freed heap region: fd | |
| Stack left redzone: f1 | |
| Stack mid redzone: f2 | |
| Stack right redzone: f3 | |
| Stack after return: f5 | |
| Stack use after scope: f8 | |
| Global redzone: f9 | |
| Global init order: f6 | |
| Poisoned by user: f7 | |
| Container overflow: fc | |
| Array cookie: ac | |
| Intra object redzone: bb | |
| ASan internal: fe | |
| Left alloca redzone: ca | |
| Right alloca redzone: cb | |
| ==8357==ABORTING |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment