-
-
Save Milek7/86cc84da915963a885d97f84fec5ed50 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
================================================================= | |
==26627==ERROR: AddressSanitizer: heap-use-after-free on address 0x616000625ebc at pc 0x564324118f3e bp 0x7fd73266c7d0 sp 0x7fd73266c7c0 | |
READ of size 4 at 0x616000625ebc thread T34 (ottd:game) | |
#0 0x564324118f3d in ReplaceChain(Vehicle**, DoCommandFlag, bool, bool*) (/home/milek7/ottd3/build/openttd+0xc46f3d) | |
#1 0x56432411c07c in CmdAutoreplaceVehicle(unsigned int, DoCommandFlag, unsigned int, unsigned int, char const*) (/home/milek7/ottd3/build/openttd+0xc4a07c) | |
#2 0x5643241792de in DoCommand(unsigned int, unsigned int, unsigned int, DoCommandFlag, unsigned int, char const*) (/home/milek7/ottd3/build/openttd+0xca72de) | |
#3 0x5643248da087 in CallVehicleTicks() (/home/milek7/ottd3/build/openttd+0x1408087) | |
#4 0x56432454ec86 in StateGameLoop() (/home/milek7/ottd3/build/openttd+0x107cc86) | |
#5 0x564323eb960e in ClientNetworkGameSocketHandler::GameLoop() (/home/milek7/ottd3/build/openttd+0x9e760e) | |
#6 0x564323ea347c in NetworkGameLoop() (/home/milek7/ottd3/build/openttd+0x9d147c) | |
#7 0x564324557474 in GameLoop() (/home/milek7/ottd3/build/openttd+0x1085474) | |
#8 0x5643240dcad2 in VideoDriver::GameLoop() (/home/milek7/ottd3/build/openttd+0xc0aad2) | |
#9 0x5643240dd307 in VideoDriver::GameThread() (/home/milek7/ottd3/build/openttd+0xc0b307) | |
#10 0x5643240dfd77 in std::thread::_State_impl<std::thread::_Invoker<std::tuple<StartNewThread<void (*)(VideoDriver*), VideoDriver*>(std::thread*, char const*, void (*&&)(VideoDriver*), VideoDriver*&&)::{lambda(char const*, void (*&&)(VideoDriver*), VideoDriver*&&)#1}, char const*, void (*)(VideoDriver*), VideoDriver*> > >::_M_run() (/home/milek7/ottd3/build/openttd+0xc0dd77) | |
#11 0x7fd79222d5f3 in execute_native_thread_routine /home/milek7/gcc-git/src/gcc/libstdc++-v3/src/c++11/thread.cc:82 | |
#12 0x7fd792393298 in start_thread (/usr/lib/libpthread.so.0+0x9298) | |
#13 0x7fd791f18052 in __GI___clone (/usr/lib/libc.so.6+0xff052) | |
0x616000625ebc is located 60 bytes inside of 568-byte region [0x616000625e80,0x6160006260b8) | |
freed by thread T34 (ottd:game) here: | |
#0 0x7fd794a1ccb9 in __interceptor_free /home/milek7/gcc-git/src/gcc/libsanitizer/asan/asan_malloc_linux.cpp:127 | |
#1 0x564324021eff in Pool<Vehicle, unsigned int, 512ul, 1044480ul, (PoolType)1, false, true>::PoolItem<&_vehicle_pool>::operator delete(void*) (/home/milek7/ottd3/build/openttd+0xb4feff) | |
previously allocated by thread T34 (ottd:game) here: | |
#0 0x7fd794a1d229 in __interceptor_calloc /home/milek7/gcc-git/src/gcc/libsanitizer/asan/asan_malloc_linux.cpp:154 | |
#1 0x5643248c5e22 in Pool<Vehicle, unsigned int, 512ul, 1044480ul, (PoolType)1, false, true>::GetNew(unsigned long) (/home/milek7/ottd3/build/openttd+0x13f3e22) | |
Thread T34 (ottd:game) created by T0 here: | |
#0 0x7fd794983907 in __interceptor_pthread_create /home/milek7/gcc-git/src/gcc/libsanitizer/asan/asan_interceptors.cpp:216 | |
#1 0x7fd79222d8ea in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) /home/milek7/gcc-git/src/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:663 | |
#2 0x564324b2b367 (/home/milek7/ottd3/build/openttd+0x1659367) | |
SUMMARY: AddressSanitizer: heap-use-after-free (/home/milek7/ottd3/build/openttd+0xc46f3d) in ReplaceChain(Vehicle**, DoCommandFlag, bool, bool*) | |
Shadow bytes around the buggy address: | |
0x0c2c800bcb80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa | |
0x0c2c800bcb90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa | |
0x0c2c800bcba0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa | |
0x0c2c800bcbb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa | |
0x0c2c800bcbc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa | |
=>0x0c2c800bcbd0: fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd | |
0x0c2c800bcbe0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
0x0c2c800bcbf0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
0x0c2c800bcc00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
0x0c2c800bcc10: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa | |
0x0c2c800bcc20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa | |
Shadow byte legend (one shadow byte represents 8 application bytes): | |
Addressable: 00 | |
Partially addressable: 01 02 03 04 05 06 07 | |
Heap left redzone: fa | |
Freed heap region: fd | |
Stack left redzone: f1 | |
Stack mid redzone: f2 | |
Stack right redzone: f3 | |
Stack after return: f5 | |
Stack use after scope: f8 | |
Global redzone: f9 | |
Global init order: f6 | |
Poisoned by user: f7 | |
Container overflow: fc | |
Array cookie: ac | |
Intra object redzone: bb | |
ASan internal: fe | |
Left alloca redzone: ca | |
Right alloca redzone: cb | |
Shadow gap: cc | |
==26627==ABORTING |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment