| ID | Category [?] | Severity [?] | Reproducibility | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 05512 | Misc. | Critical (emulator) | Always | Apr 10, 2014, 22:24 | Jan 3, 2015, 20:25 |
| Tester | Firewave | View Status | Public | Platform | MESS (Self-compiled) |
| Assigned To | etabeta | Resolution | Fixed | OS | Linux |
| Status [?] | Resolved | Driver | |||
| Version | 0.153 | Fixed in Version | 0.154 | Build | 64-bit |
| Fixed in Git Commit | Github Pull Request # | ||||
| Summary |
 05512: All sg1000.c sets: AddressSanitizer: heap-use-after-free - with 8K carts |
||||
| Description |
This happens with all carts, that have a rom size of 8192 since it will always try to copy at least 0x4000 bytes.
==1720==ERROR: AddressSanitizer: heap-use-after-free on address 0x6250000838ff at pc 0x3147505 bp 0x7fffd66cb100 sp 0x7fffd66cb0f8
READ of size 16384 at 0x6250000838ff thread T0
#0 0x3147504 in sega8_cart_slot_device::call_load() /home/notroot/trunk/src/emu/bus/sega8/sega8_slot.c:378
#1 0x5445a16 in device_image_interface::finish_load() /home/notroot/trunk/src/emu/diimage.c:1048
#2 0x54cc1a7 in image_postdevice_init(running_machine&) /home/notroot/trunk/src/emu/image.c:268
#3 0x54ae01d in driver_device::device_start() /home/notroot/trunk/src/emu/driver.c:230
#4 0x542e063 in device_t::start() /home/notroot/trunk/src/emu/device.c:392
#5 0x55fc92b in running_machine::start_all_devices() /home/notroot/trunk/src/emu/machine.c:1095
#6 0x55fa0dd in running_machine::start() /home/notroot/trunk/src/emu/machine.c:281
#7 0x55fd18d in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:349
#8 0x55f46d7 in mame_execute(emu_options&, osd_interface&) /home/notroot/trunk/src/emu/mame.c:194
#9 0x53f5518 in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:237
#10 0x2c0fba5 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:379
#11 0x7febc8b19de4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260
#12 0xd1cb8c in _start (/home/notroot/trunk/mess64d+0xd1cb8c)
0x6250000846c0 is located 0 bytes to the right of 9664-byte region [0x625000082100,0x6250000846c0)
freed by thread T0 here:
#0 0xd06929 in free /home/ben/development/llvm/3.4/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:64
#1 0x56fbc58 in operator delete[](void*) /home/notroot/trunk/src/lib/util/corealloc.h:78
#2 0x56fbc58 in softlist_parser::expat_free(void*) /home/notroot/trunk/src/emu/softlist.c:802
#3 0x5a0013c in XML_ParserFree /home/notroot/trunk/src/lib/expat/xmlparse.c:1175
#4 0x56fb9f5 in softlist_parser::softlist_parser(software_list_device&, astring&) /home/notroot/trunk/src/emu/softlist.c:777
#5 0x56f9ea5 in software_list_device::parse() /home/notroot/trunk/src/emu/softlist.c:569
#6 0x56f9cc8 in software_list_device::first_software_info() /home/notroot/trunk/src/emu/softlist.h:209
#7 0x56f9cc8 in software_list_device::find(char const*, software_info*) /home/notroot/trunk/src/emu/softlist.c:543
#8 0x5446d8b in device_image_interface::find_software_item(char const*, bool) /home/notroot/trunk/src/emu/diimage.c:1222
#9 0x5444b48 in device_image_interface::load_software_part(char const*, software_part*&) /home/notroot/trunk/src/emu/diimage.c:1252
#10 0x5443866 in device_image_interface::load_internal(char const*, bool, int, option_resolution*, bool) /home/notroot/trunk/src/emu/diimage.c:888
#11 0x54cb753 in image_device_init(running_machine&) /home/notroot/trunk/src/emu/image.c:221
#12 0x54cc5f5 in image_init(running_machine&) /home/notroot/trunk/src/emu/image.c:297
#13 0x55f9caf in running_machine::start() /home/notroot/trunk/src/emu/machine.c:263
#14 0x55fd18d in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:349
#15 0x55f46d7 in mame_execute(emu_options&, osd_interface&) /home/notroot/trunk/src/emu/mame.c:194
#16 0x53f5518 in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:237
#17 0x2c0fba5 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:379
#18 0x7febc8b19de4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260
previously allocated by thread T0 here:
#0 0xd06aa9 in __interceptor_malloc /home/ben/development/llvm/3.4/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:74
#1 0x59ae2ea in malloc_file_line(unsigned long, char const*, int, bool, bool, bool) /home/notroot/trunk/src/lib/util/corealloc.c:104
#2 0x56fbba5 in operator new[](unsigned long, char const*, int, zeromem_t const&) /home/notroot/trunk/src/lib/util/corealloc.h:90
#3 0x56fbba5 in softlist_parser::expat_malloc(unsigned long) /home/notroot/trunk/src/emu/softlist.c:791
#4 0x5a02ee5 in XML_GetBuffer /home/notroot/trunk/src/lib/expat/xmlparse.c:1713
#5 0x5a0289d in XML_Parse /home/notroot/trunk/src/lib/expat/xmlparse.c:1602
#6 0x56fb993 in softlist_parser::softlist_parser(software_list_device&, astring&) /home/notroot/trunk/src/emu/softlist.c:769
#7 0x56f9ea5 in software_list_device::parse() /home/notroot/trunk/src/emu/softlist.c:569
#8 0x56f9cc8 in software_list_device::first_software_info() /home/notroot/trunk/src/emu/softlist.h:209
#9 0x56f9cc8 in software_list_device::find(char const*, software_info*) /home/notroot/trunk/src/emu/softlist.c:543
#10 0x5446d8b in device_image_interface::find_software_item(char const*, bool) /home/notroot/trunk/src/emu/diimage.c:1222
#11 0x5444b48 in device_image_interface::load_software_part(char const*, software_part*&) /home/notroot/trunk/src/emu/diimage.c:1252
#12 0x5443866 in device_image_interface::load_internal(char const*, bool, int, option_resolution*, bool) /home/notroot/trunk/src/emu/diimage.c:888
#13 0x54cb753 in image_device_init(running_machine&) /home/notroot/trunk/src/emu/image.c:221
#14 0x54cc5f5 in image_init(running_machine&) /home/notroot/trunk/src/emu/image.c:297
#15 0x55f9caf in running_machine::start() /home/notroot/trunk/src/emu/machine.c:263
#16 0x55fd18d in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:349
#17 0x55f46d7 in mame_execute(emu_options&, osd_interface&) /home/notroot/trunk/src/emu/mame.c:194
#18 0x53f5518 in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:237
#19 0x2c0fba5 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:379
#20 0x7febc8b19de4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260
|
||||
| Steps To Reproduce | |||||
| Additional Information | |||||
| Github Commit | |||||
| Flags | |||||
| Regression Version | |||||
| Affected Sets / Systems | All sg1000.c sets | ||||
|
Attached Files
|
|||||
 No.10705
Firewave Senior Tester
May 13, 2014, 22:34
|
Fixed in r30412. |
|---|