Skip to content

Instantly share code, notes, and snippets.

@Milek7

Milek7/crash Secret

Created May 11, 2021 15:05
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Milek7/bcf34cff943b99d30d1ca5631ac5ae32 to your computer and use it in GitHub Desktop.
Save Milek7/bcf34cff943b99d30d1ca5631ac5ae32 to your computer and use it in GitHub Desktop.
=================================================================
==20179==ERROR: AddressSanitizer: heap-use-after-free on address 0x614000145051 at pc 0x55814cd2c9f8 bp 0x7f0ed2d714d0 sp 0x7f0ed2d714c0
WRITE of size 1 at 0x614000145051 thread T34 (ottd:game)
#0 0x55814cd2c9f7 in TCPConnecter::Kill() /home/milek7/ottd3/src/network/core/tcp_connect.cpp:91
#1 0x55814cdb98da in ClientNetworkCoordinatorSocketHandler::Receive_SERVER_TURN_CONNECT(Packet*) /home/milek7/ottd3/src/network/network_coordinator.cpp:350
#2 0x55814cd43178 in NetworkCoordinatorSocketHandler::HandlePacket(Packet*) /home/milek7/ottd3/src/network/core/tcp_coordinator.cpp:53
#3 0x55814cd431ce in NetworkCoordinatorSocketHandler::ReceivePackets() /home/milek7/ottd3/src/network/core/tcp_coordinator.cpp:71
#4 0x55814cdbc41e in ClientNetworkCoordinatorSocketHandler::SendReceive() /home/milek7/ottd3/src/network/network_coordinator.cpp:623
#5 0x55814cd55214 in NetworkBackgroundLoop() /home/milek7/ottd3/src/network/network.cpp:988
#6 0x55814d4edde4 in GameLoop() /home/milek7/ottd3/src/openttd.cpp:1466
#7 0x55814cf9fd44 in VideoDriver::GameLoop() /home/milek7/ottd3/src/video/video_driver.cpp:37
#8 0x55814cf9fee0 in VideoDriver::GameThread() /home/milek7/ottd3/src/video/video_driver.cpp:44
#9 0x55814cfa0247 in VideoDriver::GameThreadThunk(VideoDriver*) /home/milek7/ottd3/src/video/video_driver.cpp:81
#10 0x55814cfa3136 in StartNewThread<void (*)(VideoDriver*), VideoDriver*>(std::thread*, char const*, void (*&&)(VideoDriver*), VideoDriver*&&)::{lambda(char const*, void (*&&)(VideoDriver*), VideoDriver*&&)#1}::operator()(char const*, void (*&&)(VideoDriver*), VideoDriver*&&) const /home/milek7/ottd3/src/video/../thread.h:54
#11 0x55814cfa4737 in void std::__invoke_impl<void, StartNewThread<void (*)(VideoDriver*), VideoDriver*>(std::thread*, char const*, void (*&&)(VideoDriver*), VideoDriver*&&)::{lambda(char const*, void (*&&)(VideoDriver*), VideoDriver*&&)#1}, char const*, void (*)(VideoDriver*), VideoDriver*>(std::__invoke_other, StartNewThread<void (*)(VideoDriver*), VideoDriver*>(std::thread*, char const*, void (*&&)(VideoDriver*), VideoDriver*&&)::{lambda(char const*, void (*&&&&)(VideoDriver*), VideoDriver*&&)#1}, char const*&&, void (*&&)(VideoDriver*), VideoDriver*&&) /usr/include/c++/12.0.0/bits/invoke.h:61
#12 0x55814cfa460f in _ZSt8__invokeIZ14StartNewThreadIPFvP11VideoDriverEJS2_EEbPSt6threadPKcOT_DpOT0_EUlS8_OS4_OS2_E_JS8_S4_S2_EENSt15__invoke_resultIS9_JDpSB_EE4typeESA_SD_ /usr/include/c++/12.0.0/bits/invoke.h:96
#13 0x55814cfa4506 in void std::thread::_Invoker<std::tuple<StartNewThread<void (*)(VideoDriver*), VideoDriver*>(std::thread*, char const*, void (*&&)(VideoDriver*), VideoDriver*&&)::{lambda(char const*, void (*&&)(VideoDriver*), VideoDriver*&&)#1}, char const*, void (*)(VideoDriver*), VideoDriver*> >::_M_invoke<0ul, 1ul, 2ul, 3ul>(std::_Index_tuple<0ul, 1ul, 2ul, 3ul>) /usr/include/c++/12.0.0/bits/std_thread.h:253
#14 0x55814cfa4487 in std::thread::_Invoker<std::tuple<StartNewThread<void (*)(VideoDriver*), VideoDriver*>(std::thread*, char const*, void (*&&)(VideoDriver*), VideoDriver*&&)::{lambda(char const*, void (*&&)(VideoDriver*), VideoDriver*&&)#1}, char const*, void (*)(VideoDriver*), VideoDriver*> >::operator()() /usr/include/c++/12.0.0/bits/std_thread.h:260
#15 0x55814cfa446b in std::thread::_State_impl<std::thread::_Invoker<std::tuple<StartNewThread<void (*)(VideoDriver*), VideoDriver*>(std::thread*, char const*, void (*&&)(VideoDriver*), VideoDriver*&&)::{lambda(char const*, void (*&&)(VideoDriver*), VideoDriver*&&)#1}, char const*, void (*)(VideoDriver*), VideoDriver*> > >::_M_run() /usr/include/c++/12.0.0/bits/std_thread.h:211
#16 0x7f0f33fa55f3 in execute_native_thread_routine /home/milek7/gcc-git/src/gcc/libstdc++-v3/src/c++11/thread.cc:82
#17 0x7f0f3410b298 in start_thread (/usr/lib/libpthread.so.0+0x9298)
#18 0x7f0f33c90052 in __GI___clone (/usr/lib/libc.so.6+0xff052)
0x614000145051 is located 17 bytes inside of 400-byte region [0x614000145040,0x6140001451d0)
freed by thread T34 (ottd:game) here:
#0 0x7f0f36797c99 in operator delete(void*, unsigned long) /home/milek7/gcc-git/src/gcc/libsanitizer/asan/asan_new_delete.cpp:172
#1 0x55814cdc9f3e in NetworkReuseStunConnecter::~NetworkReuseStunConnecter() (/home/milek7/ottd3/build/openttd+0xaf7bf3e)
#2 0x55814cd311a6 in TCPConnecter::CheckCallbacks() /home/milek7/ottd3/src/network/core/tcp_connect.cpp:418
#3 0x55814cd55219 in NetworkBackgroundLoop() /home/milek7/ottd3/src/network/network.cpp:989
#4 0x55814d4edde4 in GameLoop() /home/milek7/ottd3/src/openttd.cpp:1466
#5 0x55814cf9fd44 in VideoDriver::GameLoop() /home/milek7/ottd3/src/video/video_driver.cpp:37
#6 0x55814cf9fee0 in VideoDriver::GameThread() /home/milek7/ottd3/src/video/video_driver.cpp:44
#7 0x55814cfa0247 in VideoDriver::GameThreadThunk(VideoDriver*) /home/milek7/ottd3/src/video/video_driver.cpp:81
#8 0x55814cfa3136 in StartNewThread<void (*)(VideoDriver*), VideoDriver*>(std::thread*, char const*, void (*&&)(VideoDriver*), VideoDriver*&&)::{lambda(char const*, void (*&&)(VideoDriver*), VideoDriver*&&)#1}::operator()(char const*, void (*&&)(VideoDriver*), VideoDriver*&&) const /home/milek7/ottd3/src/video/../thread.h:54
#9 0x55814cfa4737 in void std::__invoke_impl<void, StartNewThread<void (*)(VideoDriver*), VideoDriver*>(std::thread*, char const*, void (*&&)(VideoDriver*), VideoDriver*&&)::{lambda(char const*, void (*&&)(VideoDriver*), VideoDriver*&&)#1}, char const*, void (*)(VideoDriver*), VideoDriver*>(std::__invoke_other, StartNewThread<void (*)(VideoDriver*), VideoDriver*>(std::thread*, char const*, void (*&&)(VideoDriver*), VideoDriver*&&)::{lambda(char const*, void (*&&&&)(VideoDriver*), VideoDriver*&&)#1}, char const*&&, void (*&&)(VideoDriver*), VideoDriver*&&) /usr/include/c++/12.0.0/bits/invoke.h:61
#10 0x55814cfa460f in _ZSt8__invokeIZ14StartNewThreadIPFvP11VideoDriverEJS2_EEbPSt6threadPKcOT_DpOT0_EUlS8_OS4_OS2_E_JS8_S4_S2_EENSt15__invoke_resultIS9_JDpSB_EE4typeESA_SD_ /usr/include/c++/12.0.0/bits/invoke.h:96
#11 0x55814cfa4506 in void std::thread::_Invoker<std::tuple<StartNewThread<void (*)(VideoDriver*), VideoDriver*>(std::thread*, char const*, void (*&&)(VideoDriver*), VideoDriver*&&)::{lambda(char const*, void (*&&)(VideoDriver*), VideoDriver*&&)#1}, char const*, void (*)(VideoDriver*), VideoDriver*> >::_M_invoke<0ul, 1ul, 2ul, 3ul>(std::_Index_tuple<0ul, 1ul, 2ul, 3ul>) /usr/include/c++/12.0.0/bits/std_thread.h:253
#12 0x55814cfa4487 in std::thread::_Invoker<std::tuple<StartNewThread<void (*)(VideoDriver*), VideoDriver*>(std::thread*, char const*, void (*&&)(VideoDriver*), VideoDriver*&&)::{lambda(char const*, void (*&&)(VideoDriver*), VideoDriver*&&)#1}, char const*, void (*)(VideoDriver*), VideoDriver*> >::operator()() /usr/include/c++/12.0.0/bits/std_thread.h:260
#13 0x55814cfa446b in std::thread::_State_impl<std::thread::_Invoker<std::tuple<StartNewThread<void (*)(VideoDriver*), VideoDriver*>(std::thread*, char const*, void (*&&)(VideoDriver*), VideoDriver*&&)::{lambda(char const*, void (*&&)(VideoDriver*), VideoDriver*&&)#1}, char const*, void (*)(VideoDriver*), VideoDriver*> > >::_M_run() /usr/include/c++/12.0.0/bits/std_thread.h:211
#14 0x7f0f33fa55f3 in execute_native_thread_routine /home/milek7/gcc-git/src/gcc/libstdc++-v3/src/c++11/thread.cc:82
previously allocated by thread T34 (ottd:game) here:
#0 0x7f0f36796b39 in operator new(unsigned long) /home/milek7/gcc-git/src/gcc/libsanitizer/asan/asan_new_delete.cpp:99
#1 0x55814cdb949e in ClientNetworkCoordinatorSocketHandler::Receive_SERVER_STUN_CONNECT(Packet*) /home/milek7/ottd3/src/network/network_coordinator.cpp:338
#2 0x55814cd43112 in NetworkCoordinatorSocketHandler::HandlePacket(Packet*) /home/milek7/ottd3/src/network/core/tcp_coordinator.cpp:52
#3 0x55814cd431ce in NetworkCoordinatorSocketHandler::ReceivePackets() /home/milek7/ottd3/src/network/core/tcp_coordinator.cpp:71
#4 0x55814cdbc41e in ClientNetworkCoordinatorSocketHandler::SendReceive() /home/milek7/ottd3/src/network/network_coordinator.cpp:623
#5 0x55814cd55214 in NetworkBackgroundLoop() /home/milek7/ottd3/src/network/network.cpp:988
#6 0x55814d4edde4 in GameLoop() /home/milek7/ottd3/src/openttd.cpp:1466
#7 0x55814cf9fd44 in VideoDriver::GameLoop() /home/milek7/ottd3/src/video/video_driver.cpp:37
#8 0x55814cf9fee0 in VideoDriver::GameThread() /home/milek7/ottd3/src/video/video_driver.cpp:44
#9 0x55814cfa0247 in VideoDriver::GameThreadThunk(VideoDriver*) /home/milek7/ottd3/src/video/video_driver.cpp:81
#10 0x55814cfa3136 in StartNewThread<void (*)(VideoDriver*), VideoDriver*>(std::thread*, char const*, void (*&&)(VideoDriver*), VideoDriver*&&)::{lambda(char const*, void (*&&)(VideoDriver*), VideoDriver*&&)#1}::operator()(char const*, void (*&&)(VideoDriver*), VideoDriver*&&) const /home/milek7/ottd3/src/video/../thread.h:54
#11 0x55814cfa4737 in void std::__invoke_impl<void, StartNewThread<void (*)(VideoDriver*), VideoDriver*>(std::thread*, char const*, void (*&&)(VideoDriver*), VideoDriver*&&)::{lambda(char const*, void (*&&)(VideoDriver*), VideoDriver*&&)#1}, char const*, void (*)(VideoDriver*), VideoDriver*>(std::__invoke_other, StartNewThread<void (*)(VideoDriver*), VideoDriver*>(std::thread*, char const*, void (*&&)(VideoDriver*), VideoDriver*&&)::{lambda(char const*, void (*&&&&)(VideoDriver*), VideoDriver*&&)#1}, char const*&&, void (*&&)(VideoDriver*), VideoDriver*&&) /usr/include/c++/12.0.0/bits/invoke.h:61
#12 0x55814cfa460f in _ZSt8__invokeIZ14StartNewThreadIPFvP11VideoDriverEJS2_EEbPSt6threadPKcOT_DpOT0_EUlS8_OS4_OS2_E_JS8_S4_S2_EENSt15__invoke_resultIS9_JDpSB_EE4typeESA_SD_ /usr/include/c++/12.0.0/bits/invoke.h:96
#13 0x55814cfa4506 in void std::thread::_Invoker<std::tuple<StartNewThread<void (*)(VideoDriver*), VideoDriver*>(std::thread*, char const*, void (*&&)(VideoDriver*), VideoDriver*&&)::{lambda(char const*, void (*&&)(VideoDriver*), VideoDriver*&&)#1}, char const*, void (*)(VideoDriver*), VideoDriver*> >::_M_invoke<0ul, 1ul, 2ul, 3ul>(std::_Index_tuple<0ul, 1ul, 2ul, 3ul>) /usr/include/c++/12.0.0/bits/std_thread.h:253
#14 0x55814cfa4487 in std::thread::_Invoker<std::tuple<StartNewThread<void (*)(VideoDriver*), VideoDriver*>(std::thread*, char const*, void (*&&)(VideoDriver*), VideoDriver*&&)::{lambda(char const*, void (*&&)(VideoDriver*), VideoDriver*&&)#1}, char const*, void (*)(VideoDriver*), VideoDriver*> >::operator()() /usr/include/c++/12.0.0/bits/std_thread.h:260
#15 0x55814cfa446b in std::thread::_State_impl<std::thread::_Invoker<std::tuple<StartNewThread<void (*)(VideoDriver*), VideoDriver*>(std::thread*, char const*, void (*&&)(VideoDriver*), VideoDriver*&&)::{lambda(char const*, void (*&&)(VideoDriver*), VideoDriver*&&)#1}, char const*, void (*)(VideoDriver*), VideoDriver*> > >::_M_run() /usr/include/c++/12.0.0/bits/std_thread.h:211
#16 0x7f0f33fa55f3 in execute_native_thread_routine /home/milek7/gcc-git/src/gcc/libstdc++-v3/src/c++11/thread.cc:82
Thread T34 (ottd:game) created by T0 here:
#0 0x7f0f366fb907 in __interceptor_pthread_create /home/milek7/gcc-git/src/gcc/libsanitizer/asan/asan_interceptors.cpp:216
#1 0x7f0f33fa58ea in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) /home/milek7/gcc-git/src/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:663
#2 0x55814cfa328f in bool StartNewThread<void (*)(VideoDriver*), VideoDriver*>(std::thread*, char const*, void (*&&)(VideoDriver*), VideoDriver*&&) /home/milek7/ottd3/src/video/../thread.h:49
#3 0x55814cfa03b8 in VideoDriver::StartGameThread() /home/milek7/ottd3/src/video/video_driver.cpp:87
#4 0x55814cf993e5 in VideoDriver_SDL_Base::MainLoop() /home/milek7/ottd3/src/video/sdl2_v.cpp:657
#5 0x55814d4e7733 in openttd_main(int, char**) /home/milek7/ottd3/src/openttd.cpp:800
#6 0x55814ce16cc8 in main /home/milek7/ottd3/src/os/unix/unix.cpp:262
#7 0x7f0f33bb8b24 in __libc_start_main (/usr/lib/libc.so.6+0x27b24)
SUMMARY: AddressSanitizer: heap-use-after-free /home/milek7/ottd3/src/network/core/tcp_connect.cpp:91 in TCPConnecter::Kill()
Shadow bytes around the buggy address:
0x0c28800209b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa
0x0c28800209c0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c28800209d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c28800209e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c28800209f0: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa
=>0x0c2880020a00: fa fa fa fa fa fa fa fa fd fd[fd]fd fd fd fd fd
0x0c2880020a10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2880020a20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2880020a30: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa
0x0c2880020a40: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c2880020a50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==20179==ABORTING
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment