Viewing Issue Advanced Details
Jump to Notes ]
nintendo/snes.cpp
ID Category [?] Severity [?] Reproducibility Date Submitted Last Update
05883 Crash/Freeze Critical (emulator) Always Mar 19, 2015, 11:17 Nov 5, 2022, 09:26
Tester Firewave View Status Public Platform
Assigned To Resolution Fixed OS
Status [?] Resolved Driver
nintendo/snes.cpp
Version 0.159 Fixed in Version Build Debug
Fixed in Git Commit Github Pull Request #
Summary MESS-specific 05883: snespal [sgboyj]: [debug] AddressSanitizer: heap-use-after-free saving save state
Description Doesn't happen with snes.

==31175==ERROR: AddressSanitizer: heap-use-after-free on address 0x7fcc20c01800 at pc 0x000000eb081c bp 0x7fff62f24010 sp 0x7fff62f237c8
READ of size 64074 at 0x7fcc20c01800 thread T0
    #0 0xeb081b in __asan_memcpy /home/development/llvm/3.6.0/final/llvm.src/projects/compiler-rt/lib/asan/asan_interceptors.cc:435:3
    #1 0x6750c5a in read_buf /home/notroot/trunk/3rdparty/zlib/deflate.c:1088:5
    #2 0x6750c5a in fill_window /home/notroot/trunk/3rdparty/zlib/deflate.c:1467
    #3 0x675cba4 in deflate_slow /home/notroot/trunk/3rdparty/zlib/deflate.c:1745:13
    #4 0x6755fb2 in deflate /home/notroot/trunk/3rdparty/zlib/deflate.c:905:48
    #5 0x5fb6879 in osd_or_zlib_write(core_file*, void const*, unsigned long long, unsigned int, unsigned int*) /home/notroot/trunk/src/lib/util/corefile.c:1028:10
    #6 0x5fb6879 in core_fwrite(core_file*, void const*, unsigned int) /home/notroot/trunk/src/lib/util/corefile.c:789
    #7 0x5b19bb9 in emu_file::write(void const*, unsigned int) /home/notroot/trunk/src/emu/fileio.c:609:10
    #8 0x5d08001 in save_manager::write_file(emu_file&) /home/notroot/trunk/src/emu/save.c:317:7
    #9 0x5c2187f in running_machine::handle_saveload() /home/notroot/trunk/src/emu/machine.c:916:84
    #10 0x5c20125 in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:405:5
    #11 0x5c18316 in machine_manager::execute() /home/notroot/trunk/src/emu/mame.c:222:11
    #12 0x5a489fc in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:220:15
    #13 0x2f2588f in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:290:9
    #14 0x7fcc2e480ec4 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
    #15 0xe40368 in _start (/home/notroot/trunk/mess64d+0xe40368)

0x7fcc20c01800 is located 0 bytes inside of 239743-byte region [0x7fcc20c01800,0x7fcc20c3c07f)
freed by thread T0 here:
    #0 0xec7042 in free /home/development/llvm/3.6.0/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:30:3
    #1 0x677d108 in osd_free(void*) /home/notroot/trunk/src/osd/modules/lib/osdlib_unix.c:103:2
    #2 0x5fb2a04 in free_file_line(void*, char const*, int, bool) /home/notroot/trunk/src/lib/util/corealloc.c:178:2
    #3 0x5f77b0f in operator delete[](void*) /home/notroot/trunk/src/lib/util/corealloc.h:66:87
    #4 0x5f77b0f in bitmap_t::reset() /home/notroot/trunk/src/lib/util/bitmap.c:208
    #5 0x5f77b0f in bitmap_t::allocate(int, int, int, int) /home/notroot/trunk/src/lib/util/bitmap.c:134
    #6 0x5f79260 in bitmap_t::resize(int, int, int, int) /home/notroot/trunk/src/lib/util/bitmap.c:183:3
    #7 0x5d1b203 in screen_device::realloc_screen_bitmaps() /home/notroot/trunk/src/emu/screen.c:538:3
    #8 0x5d191e6 in screen_device::configure(int, int, rectangle const&, long long) /home/notroot/trunk/src/emu/screen.c:456:2
    #9 0x5270365 in snes_ppu_device::dynamic_res_change() /home/notroot/trunk/src/emu/video/snes_ppu.c:2012:3
    #10 0x5270365 in snes_ppu_device::write(address_space&, unsigned int, unsigned char) /home/notroot/trunk/src/emu/video/snes_ppu.c:2468
    #11 0x2dc5d01 in snes_state::snes_w_io(address_space&, unsigned int, unsigned char, unsigned char) /home/notroot/trunk/src/mame/machine/snes.c:484:3
    #12 0x1f02543 in snes_console_state::snessgb_hi_w(address_space&, unsigned int, unsigned char, unsigned char) /home/notroot/trunk/src/mess/drivers/snes.c:905:4
    #13 0x1f02543 in snes_console_state::snessgb_lo_w(address_space&, unsigned int, unsigned char, unsigned char) /home/notroot/trunk/src/mess/drivers/snes.c:913
    #14 0x5c986d0 in delegate_base<void, address_space&, unsigned int, unsigned char, unsigned char, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam>::operator()(address_space&, unsigned int, unsigned char, unsigned char) const /home/notroot/trunk/src/lib/util/delegate.h:655:90
    #15 0x5c986d0 in handler_entry_write::write8(address_space&, unsigned int, unsigned char, unsigned char) const /home/notroot/trunk/src/emu/memory.c:420
    #16 0x5c986d0 in address_space_specific<unsigned char, (endianness_t)0, true>::write_native(unsigned int, unsigned char) /home/notroot/trunk/src/emu/memory.c:1141
    #17 0x5c977d8 in address_space_specific<unsigned char, (endianness_t)0, true>::write_byte(unsigned int, unsigned char) /home/notroot/trunk/src/emu/memory.c:1426:70
    #18 0x3aa2e7e in g65816_device::g65816i_write_8_normal(unsigned int, unsigned int) /home/notroot/trunk/src/emu/cpu/g65816/g65816.c:244:2
    #19 0x3b1f927 in g65816_device::g65816i_9d_M1X1() /home/notroot/trunk/src/emu/cpu/g65816/g65816op.h:1666:1
    #20 0x3b2cc71 in g65816_device::g65816i_execute_M1X1(int) /home/notroot/trunk/src/emu/cpu/g65816/g65816op.h:1954:4
    #21 0x3aacf66 in g65816_device::execute_run() /home/notroot/trunk/src/emu/cpu/g65816/g65816.c:709:23
    #22 0x3aacf66 in non-virtual thunk to g65816_device::execute_run() /home/notroot/trunk/src/emu/cpu/g65816/g65816.c:706
    #23 0x5d0e76c in device_execute_interface::run() /home/notroot/trunk/src/emu/diexec.h:191:15
    #24 0x5d0e76c in device_scheduler::timeslice() /home/notroot/trunk/src/emu/schedule.c:476
    #25 0x5c20108 in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:397:5
    #26 0x5c18316 in machine_manager::execute() /home/notroot/trunk/src/emu/mame.c:222:11
    #27 0x5a489fc in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:220:15
    #28 0x2f2588f in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:290:9
    #29 0x7fcc2e480ec4 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)

previously allocated by thread T0 here:
    #0 0xec7322 in __interceptor_malloc /home/development/llvm/3.6.0/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:40:3
    #1 0x677d0f8 in osd_malloc_array(unsigned long) /home/notroot/trunk/src/osd/modules/lib/osdlib_unix.c:89:9
    #2 0x5fb218a in malloc_file_line(unsigned long, char const*, int, bool, bool, bool) /home/notroot/trunk/src/lib/util/corealloc.c:112:25
    #3 0x5f77d3b in operator new[](unsigned long) /home/notroot/trunk/src/lib/util/corealloc.h:64:97
    #4 0x5f77d3b in bitmap_t::allocate(int, int, int, int) /home/notroot/trunk/src/lib/util/bitmap.c:149
    #5 0x5d18fd2 in screen_device::register_screen_bitmap(bitmap_t&) /home/notroot/trunk/src/emu/screen.c:803:2
    #6 0x1e90e21 in gb_lcd_device::common_start() /home/notroot/trunk/src/mess/video/gb_lcd.c:217:2
    #7 0x1e9421b in sgb_lcd_device::device_start() /home/notroot/trunk/src/mess/video/gb_lcd.c:326:2
    #8 0x5a65c8d in device_t::start() /home/notroot/trunk/src/emu/device.c:409:2
    #9 0x5c1f63e in running_machine::start_all_devices() /home/notroot/trunk/src/emu/machine.c:1105:6
    #10 0x5c1cd41 in running_machine::start() /home/notroot/trunk/src/emu/machine.c:287:2
    #11 0x5c1fe5a in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:351:3
    #12 0x5c18316 in machine_manager::execute() /home/notroot/trunk/src/emu/mame.c:222:11
    #13 0x5a489fc in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:220:15
    #14 0x2f2588f in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:290:9
    #15 0x7fcc2e480ec4 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)

SUMMARY: AddressSanitizer: heap-use-after-free /home/development/llvm/3.6.0/final/llvm.src/projects/compiler-rt/lib/asan/asan_interceptors.cc:435 __asan_memcpy
Shadow bytes around the buggy address:
  0x0ffa041782b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0ffa041782c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0ffa041782d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0ffa041782e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0ffa041782f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0ffa04178300:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0ffa04178310: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0ffa04178320: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0ffa04178330: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0ffa04178340: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0ffa04178350: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
Steps To Reproduce
Additional Information
Github Commit
Flags Debug build specific
Regression Version
Affected Sets / Systems snespal [sgboyj]
Attached Files
  
Relationships
There are no relationship linked to this issue.
Notes
4
User avatar
No.11527
Tafoid
Administrator
Mar 19, 2015, 11:38
 Windows 0.159 Debug MESS (Official) shows:

-----------------------------------------------------
Exception at EIP=762A9D8C (register_frame_ctor+0x7314fbdc): ACCESS VIOLATION
While attempting to read memory at 185A2000
-----------------------------------------------------
EAX=00000000 EBX=05C3CE0E ECX=00003C93 EDX=00000000
ESI=185A1FFE EDI=05C3D60C EBP=0028BA78 ESP=0028BA70
-----------------------------------------------------
Stack crawl:
  0028BA78: 762A9D8C (malloc+0x009e)
  0028BAC8: 01F17582 (deflate_slow+0x03e2)
  0028BB18: 01F194F9 (deflate+0x00f9)
  0028BB78: 01CCD01B (core_fwrite(core_file*, void const*, unsigned int)+0x00fb)

  0028BB98: 01B57B88 (emu_file::write(void const*, unsigned int)+0x0028)
  0028BBF8: 01B0DCC0 (save_manager::write_file(emu_file&)+0x0160)
  0028BDF8: 01AF06CE (running_machine::handle_saveload()+0x023e)
  0028BE98: 01AF16C3 (running_machine::run(bool)+0x0293)
  0028F898: 01ADE655 (machine_manager::execute()+0x03d5)
  0028FA78: 01BB0DDF (cli_frontend::execute(int, char**)+0x156f)
  0028FE98: 00C7753F (utf8_main(int, char**)+0x029f)
  0028FEC8: 01F1F9C1 (wmain+0x0071)
  0028FF88: 004013F0 (__tmainCRTStartup+0x0270)
  0028FF94: 76DD338A (BaseThreadInitThunk+0x0012)
  0028FFD4: 777A9F72 (RtlInitializeExceptionChain+0x0063)
  0028FFEC: 777A9F45 (RtlInitializeExceptionChain+0x0036)
User avatar
No.13964
Osso
Moderator
Jul 6, 2017, 13:10
 Fixed in 0.170 or 0.171. Don't have a debug 0.170, but in 0.169 it crashes, in 0.171 it doesn't.
User avatar
No.14594
Firewave
Senior Tester
Dec 31, 2017, 23:45
 Still happening in 0.193

READ of size 40608 at 0x7f594fd5a800 thread T0
    #0 0x14bc561 in __asan_memcpy /opt/media/clang_nightly/llvm/utils/release/final/llvm.src/projects/compiler-rt/lib/asan/asan_interceptors.cc:466:3
    #1 0xf4a45d0 in read_buf /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../3rdparty/zlib/deflate.c:1176:5
    #2 0xf4a45d0 in fill_window /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../3rdparty/zlib/deflate.c:1534
    #3 0xf4b1e7a in deflate_slow /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../3rdparty/zlib/deflate.c:1941:13
    #4 0xf4aa468 in deflate /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../3rdparty/zlib/deflate.c:1003:18
    #5 0xf18c9ca in compress /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/corefile.cpp:110:46
    #6 0xf18c9ca in osd_or_zlib_write /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/corefile.cpp:1050
    #7 0xf18c9ca in util::(anonymous namespace)::core_osd_file::write(void const*, unsigned int) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/corefile.cpp:920
    #8 0xe479c28 in emu_file::write(void const*, unsigned int) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/fileio.cpp:584:18
    #9 0xe77804f in save_manager::write_file(emu_file&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/save.cpp:326:12
    #10 0xe6a5d0b in running_machine::handle_saveload() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:923:108
    #11 0xe6a3210 in running_machine::run(bool) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:364:5
    #12 0x8cd10e0 in mame_machine_manager::execute() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:236:19
    #13 0x8e1e0d3 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:257:22
    #14 0x8e20ee0 in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:273:3
    #15 0x8cd3717 in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:336:18
    #16 0x8acddf2 in main /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:216:9
    #17 0x7f596ebdb82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #18 0x1431838 in _start (/mnt/mame/mame64+0x1431838)

0x7f594fd5a800 is located 0 bytes inside of 212784-byte region [0x7f594fd5a800,0x7f594fd8e730)
freed by thread T0 here:
    #0 0x14fe4c2 in operator delete[](void*) /opt/media/clang_nightly/llvm/utils/release/final/llvm.src/projects/compiler-rt/lib/asan/asan_new_delete.cc:141:3
    #1 0xf13f5fb in operator() /usr/lib/gcc/x86_64-linux-gnu/5.4.0/../../../../include/c++/5.4.0/bits/unique_ptr.h:119:2
    #2 0xf13f5fb in reset /usr/lib/gcc/x86_64-linux-gnu/5.4.0/../../../../include/c++/5.4.0/bits/unique_ptr.h:581
    #3 0xf13f5fb in reset /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/bitmap.cpp:277
    #4 0xf13f5fb in bitmap_t::allocate(int, int, int, int) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/bitmap.cpp:196
    #5 0xf140c3e in bitmap_t::resize(int, int, int, int) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/bitmap.cpp:250:3
    #6 0xe7a992d in screen_device::realloc_screen_bitmaps() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/screen.cpp:1131:18
    #7 0xe7a61fa in screen_device::configure(int, int, rectangle const&, long) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/screen.cpp:1049:2
    #8 0xd6197bf in dynamic_res_change /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/video/snes_ppu.cpp
    #9 0xd6197bf in snes_ppu_device::write(address_space&, unsigned int, unsigned char) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/video/snes_ppu.cpp:2476
    #10 0x76f45aa in snes_state::snes_w_io(address_space&, unsigned int, unsigned char, unsigned char) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/mame/machine/snes.cpp:484:10
    #11 0x7694f33 in snessgb_hi_w /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/mame/drivers/snes.cpp:909:4
    #12 0x7694f33 in snes_console_state::snessgb_lo_w(address_space&, unsigned int, unsigned char, unsigned char) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/mame/drivers/snes.cpp:917
    #13 0xe24e059 in operator() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:544:11
    #14 0xe24e059 in write8 /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.cpp:468
    #15 0xe24e059 in write_native /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.cpp:1192
    #16 0xe24e059 in address_space_specific<unsigned char, (endianness_t)0, 0, true>::write_byte(unsigned int, unsigned char) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.cpp:1477
    #17 0xa68a047 in g65816_device::g65816i_write_8_normal(unsigned int, unsigned int) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/g65816/g65816.cpp:253:2
    #18 0xa6f3e8c in g65816_device::g65816i_9d_M1X1() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/g65816/g65816op.h:1668:1
    #19 0xa6fe7a5 in g65816_device::g65816i_execute_M1X1(int) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/g65816/g65816op.h:1956:4
    #20 0xa693e47 in execute_run /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/g65816/g65816.cpp:718:22
    #21 0xa693e47 in non-virtual thunk to g65816_device::execute_run() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/g65816/g65816.cpp
    #22 0xe78e272 in run /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/diexec.h:188:15
    #23 0xe78e272 in device_scheduler::timeslice() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:481
    #24 0xe6a324b in running_machine::run(bool) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:357:17
    #25 0x8cd10e0 in mame_machine_manager::execute() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:236:19
    #26 0x8e1e0d3 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:257:22
    #27 0x8e20ee0 in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:273:3
    #28 0x8cd3717 in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:336:18
    #29 0x8acddf2 in main /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:216:9
    #30 0x7f596ebdb82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

previously allocated by thread T0 here:
    #0 0x14fd8a2 in operator new[](unsigned long) /opt/media/clang_nightly/llvm/utils/release/final/llvm.src/projects/compiler-rt/lib/asan/asan_new_delete.cc:95:3
    #1 0xf13f7e6 in bitmap_t::allocate(int, int, int, int) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/bitmap.cpp:210:16
    #2 0xe7a5f50 in screen_device::register_screen_bitmap(bitmap_t&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/screen.cpp:1505:9
    #3 0xd3f060d in dmg_ppu_device::common_start() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/video/gb_lcd.cpp:362:12
    #4 0xd3f5538 in sgb_ppu_device::device_start() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/video/gb_lcd.cpp:515:2
    #5 0xe0e345d in device_t::start() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/device.cpp:489:2
    #6 0xe6a1f65 in running_machine::start_all_devices() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:1040:13
    #7 0xe6a005d in running_machine::start() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:265:2
    #8 0xe6a2a41 in running_machine::run(bool) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:310:3
    #9 0x8cd10e0 in mame_machine_manager::execute() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:236:19
    #10 0x8e1e0d3 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:257:22
    #11 0x8e20ee0 in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:273:3
    #12 0x8cd3717 in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:336:18
    #13 0x8acddf2 in main /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:216:9
    #14 0x7f596ebdb82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

SUMMARY: AddressSanitizer: heap-use-after-free /opt/media/clang_nightly/llvm/utils/release/final/llvm.src/projects/compiler-rt/lib/asan/asan_interceptors.cc:466:3 in __asan_memcpy
Shadow bytes around the buggy address:
  0x0feba9fa34b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0feba9fa34c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0feba9fa34d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0feba9fa34e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0feba9fa34f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0feba9fa3500:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0feba9fa3510: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0feba9fa3520: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0feba9fa3530: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0feba9fa3540: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0feba9fa3550: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
User avatar
No.20742
Firewave
Senior Tester
Nov 5, 2022, 09:26
 No ASAN error reported with 0.249 on Linux.