- --
Viewing Issue Advanced Details
ID | Category [?] | Severity [?] | Reproducibility | Date Submitted | Last Update |
---|---|---|---|---|---|
08502 | Misc. | Critical (emulator) | Always | Nov 4, 2022, 14:18 | Nov 22, 2022, 23:26 |
Tester | Firewave | View Status | Public | Platform | MAME (Self-compiled) |
Assigned To | Resolution | Open | OS | Linux (64-bit) | |
Status [?] | Acknowledged | Driver | |||
Version | 0.249 | Fixed in Version | Build | 64-bit | |
Fixed in Git Commit | Github Pull Request # | ||||
Summary | 08502: samcoupe: AddressSanitizer: heap-buffer-overflow with -str 2 | ||||
Description |
==16352==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6160000ebb78 at pc 0x7f4a6a0c4b48 bp 0x7fffc4e550c0 sp 0x7fffc4e550b8 READ of size 4 at 0x6160000ebb78 thread T0 #0 0x7f4a6a0c4b47 in operator unsigned int /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/palette.h:61:47 #1 0x7f4a6a0c4b47 in software_renderer<unsigned int, 0, 0, 0, 16, 8, 0, false, true>::get_texel_palette16(render_texinfo const&, int, int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/rendersw.hxx:148:16 #2 0x7f4a6a0a84e6 in software_renderer<unsigned int, 0, 0, 0, 16, 8, 0, false, true>::draw_quad_palette16_none(render_primitive const&, unsigned int*, unsigned int, software_renderer<unsigned int, 0, 0, 0, 16, 8, 0, false, true>::quad_setup_data const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/rendersw.hxx:684:22 #3 0x7f4a6a0a5f43 in software_renderer<unsigned int, 0, 0, 0, 16, 8, 0, false, true>::setup_and_draw_textured_quad(render_primitive const&, unsigned int*, int, int, unsigned int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/rendersw.hxx:1782:5 #4 0x7f4a6a09f802 in software_renderer<unsigned int, 0, 0, 0, 16, 8, 0, false, true>::draw_primitives(render_primitive_list const&, void*, unsigned int, unsigned int, unsigned int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/rendersw.hxx:1867:7 #5 0x7f4a6a0987c8 in video_manager::create_snapshot_bitmap(screen_device*) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:1046:3 #6 0x7f4a6a097568 in video_manager::save_snapshot(screen_device*, util::core_file&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:329:2 #7 0x7f4a6a095e55 in video_manager::recompute_speed(attotime const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:1005:5 #8 0x7f4a6a0930e8 in video_manager::frame_update(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:261:4 #9 0x7f4a69f8c7c8 in screen_device::vblank_begin(int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/screen.cpp:1646:21 #10 0x7f4a69f75304 in operator() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:765:11 #11 0x7f4a69f75304 in device_scheduler::execute_timers() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:951:5 #12 0x7f4a69f70858 in device_scheduler::timeslice() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:505:2 #13 0x7f4a69e084a7 in running_machine::run(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:329:17 #14 0x7f4a6cf6ef7f in mame_machine_manager::execute() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:290:19 #15 0x7f4a6d1638d6 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:275:22 #16 0x7f4a6d16741f in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:291:3 #17 0x7f4a6cf73d5f in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:454:18 #18 0x7f4a6a14a58b in main /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:191:9 #19 0x7f4a28649209 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 #20 0x7f4a286492bb in __libc_start_main csu/../csu/libc-start.c:389:3 #21 0x7f4a478d4260 in _start (/mnt/s/GitHub/mame/mame+0x1d397260) (BuildId: 603d3d1c300651feb2a8e3ac6e9cb58d3f85e77b) 0x6160000ebb78 is located 240 bytes to the right of 520-byte region [0x6160000eb880,0x6160000eba88) allocated by thread T0 here: #0 0x7f4a47991e7d in operator new(unsigned long) (/mnt/s/GitHub/mame/mame+0x1d454e7d) (BuildId: 603d3d1c300651feb2a8e3ac6e9cb58d3f85e77b) #1 0x7f4a6166ef7d in allocate /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/new_allocator.h:137:27 #2 0x7f4a6166ef7d in std::allocator_traits<std::allocator<rgb_t> >::allocate(std::allocator<rgb_t>&, unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/alloc_traits.h:464:20 #3 0x7f4a616a9e93 in _M_allocate /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/stl_vector.h:378:20 #4 0x7f4a616a9e93 in std::vector<rgb_t, std::allocator<rgb_t> >::_M_default_append(unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/vector.tcc:650:34 #5 0x7f4a616a1712 in std::vector<rgb_t, std::allocator<rgb_t> >::resize(unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/stl_vector.h:1011:4 #6 0x7f4a69e55e2a in render_container::bcg_lookup_table(int, unsigned int&, palette_t*) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/render.cpp:691:17 #7 0x7f4a69e55bad in render_texture::get_adjusted_palette(render_container&, unsigned int&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/render.cpp #8 0x7f4a69e60324 in render_target::add_container_primitives(render_primitive_list&, render_target::object_transform const&, render_target::object_transform const&, render_container&, int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/render.cpp:2384:49 #9 0x7f4a69e5d8b1 in render_target::get_primitives() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/render.cpp:1427:5 #10 0x7f4a6a223df1 in renderer_sdl1::get_primitives() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/modules/render/drawsdl.cpp:680:25 #11 0x7f4a6a16889c in sdl_window_info::update() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/window.cpp:601:50 #12 0x7f4a6a1570b3 in sdl_osd_interface::update(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/video.cpp:108:12 #13 0x7f4a6a092d4d in video_manager::frame_update(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:238:18 #14 0x7f4a69f8c7c8 in screen_device::vblank_begin(int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/screen.cpp:1646:21 #15 0x7f4a69f75304 in operator() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:765:11 #16 0x7f4a69f75304 in device_scheduler::execute_timers() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:951:5 #17 0x7f4a69f70858 in device_scheduler::timeslice() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:505:2 #18 0x7f4a69e084a7 in running_machine::run(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:329:17 #19 0x7f4a6cf6ef7f in mame_machine_manager::execute() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:290:19 #20 0x7f4a6d1638d6 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:275:22 #21 0x7f4a6d16741f in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:291:3 #22 0x7f4a6cf73d5f in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:454:18 #23 0x7f4a6a14a58b in main /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:191:9 #24 0x7f4a28649209 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 SUMMARY: AddressSanitizer: heap-buffer-overflow /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/palette.h:61:47 in operator unsigned int Shadow bytes around the buggy address: 0x0c2c80015710: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c2c80015720: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c2c80015730: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c2c80015740: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c2c80015750: 00 fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x0c2c80015760: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa[fa] 0x0c2c80015770: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2c80015780: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2c80015790: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2c800157a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2c800157b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb |
||||
Steps To Reproduce | |||||
Additional Information | |||||
Github Commit | |||||
Flags | |||||
Regression Version | |||||
Affected Sets / Systems | samcoupe | ||||
Attached Files
|
|||||
Relationships
There are no relationship linked to this issue. |
Notes
1
No.20856
Firewave Senior Tester
Nov 22, 2022, 23:26
|
0.249 reports the following in valgrind:==29779== Use of uninitialised value of size 8 ==29779== at 0xFCF1D18: samcoupe_state::sam_video_update_callback(int) (../../../../../src/mame/samcoupe/samcoupe.cpp:479) ==29779== by 0xA307019: util::detail::delegate_base<delegate_late_bind, void, int>::operator()(int) const (delegate.h:765) ==29779== by 0x184BD123: device_scheduler::execute_timers() (../../../../../src/emu/schedule.cpp:951) ==29779== by 0x184BBB18: device_scheduler::timeslice() (../../../../../src/emu/schedule.cpp:505) ==29779== by 0x183FA05E: running_machine::run(bool) (../../../../../src/emu/machine.cpp:329) ==29779== by 0x158A3C3B: mame_machine_manager::execute() (../../../../../src/frontend/mame/mame.cpp:290) ==29779== by 0x16778542: cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) (../../../../../src/frontend/mame/clifront.cpp:275) ==29779== by 0x16779538: cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) (../../../../../src/frontend/mame/clifront.cpp:291) ==29779== by 0x158A4D65: emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) (../../../../../src/frontend/mame/mame.cpp:454) ==29779== by 0x18558061: main (../../../../../src/osd/sdl/sdlmain.cpp:191) ==29779== Uninitialised value was created by a heap allocation ==29779== at 0x1C480F01: operator new(unsigned long) (vg_replace_malloc.c:434) ==29779== by 0xFCFBABC: std::__detail::_MakeUniq<samcoupe_state>::__single_object std::make_unique<samcoupe_state, machine_config const&, emu::detail::device_type_impl_base const&, char const*&>(machine_config const&, emu::detail::device_type_impl_base const&, char const*&) (unique_ptr.h:1065) ==29779== by 0xFCFBA6F: std::unique_ptr<device_t, std::default_delete<device_t> > emu::detail::device_type_impl_base::create_driver<samcoupe_state>(emu::detail::device_type_impl_base const&, machine_config const&, char const*, device_t*, unsigned int) (device.h:213) ==29779== by 0x15E9D6A2: emu::detail::device_type_impl_base::create(machine_config const&, char const*, device_t*, unsigned int) const (device.h:281) ==29779== by 0x15E9D594: auto machine_config::device_add<emu::detail::device_type_impl_base const&, int>(char const*, emu::detail::device_type_impl_base const&, int&&) (mconfig.h:193) ==29779== by 0x1840ACA4: machine_config::machine_config(game_driver const&, emu_options&) (../../../../../src/emu/mconfig.cpp:51) ==29779== by 0x158A3BEE: mame_machine_manager::execute() (../../../../../src/frontend/mame/mame.cpp:282) ==29779== by 0x16778542: cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) (../../../../../src/frontend/mame/clifront.cpp:275) ==29779== by 0x16779538: cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) (../../../../../src/frontend/mame/clifront.cpp:291) ==29779== by 0x158A4D65: emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) (../../../../../src/frontend/mame/mame.cpp:454) ==29779== by 0x18558061: main (../../../../../src/osd/sdl/sdlmain.cpp:191) This might not be the cause of the out-of-bounds access though. |
---|