Issue 664: sanitize-addresses: crash talking to same dialog twice: - FreedroidRPG issues

Title	sanitize-addresses: crash talking to same dialog twice:
Priority	important	Status	resolved
Assigned To	Xenux	Keywords
Linked issues		Watchers	Xenux

Submitted on 2013-04-14 11h30 by matthiaskrgr, last changed by matthiaskrgr.

Files
File name	Uploaded	Type	Edit	Remove
dialog_crash.jpg	matthiaskrgr, 2013-04-14.11:30:05	image/jpeg

Messages
Author: matthiaskrgr	Date: 2013-04-14 11h30
Game crashes when I talk to any npc twice: INFO: AddressSanitizer ignores mlock/mlockall/munlock/munlockall ALSA lib pcm.c:7339:(snd_pcm_recover) underrun occurred ================================================================= ==8737== ERROR: AddressSanitizer: heap-use-after-free on address 0x600800019150 at pc 0x48aaa5 bp 0x7fff70e77860 sp 0x7fff70e77858 READ of size 1 at 0x600800019150 thread T0 #0 0x48aaa4 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x48aaa4) #1 0x48ab47 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x48ab47) #2 0x4f3990 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4f3990) #3 0x4f3bf4 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4f3bf4) #4 0x4ef7e3 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4ef7e3) #5 0x4cb823 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4cb823) #6 0x47df6b (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x47df6b) #7 0x47f8cd (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x47f8cd) #8 0x4a7a4e (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4a7a4e) #9 0x415229 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x415229) #10 0x7fcf68b9da14 (/usr/lib/libc-2.17.so+0x21a14) #11 0x4159bc (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4159bc) 0x600800019150 is located 0 bytes inside of 47-byte region [0x600800019150,0x60080001917f) freed by thread T0 here: #0 0x7fcf6a6494aa (/usr/lib/libasan.so.0.0.0+0x154aa) #1 0x4c920c (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4c920c) previously allocated by thread T0 here: #0 0x7fcf6a649655 (/usr/lib/libasan.so.0.0.0+0x15655) #1 0x48d404 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x48d404) Shadow bytes around the buggy address: 0x0c017fffb1d0: fa fa 00 00 00 00 04 fa fa fa 00 00 00 00 04 fa 0x0c017fffb1e0: fa fa 00 00 00 00 04 fa fa fa 00 00 00 00 00 00 0x0c017fffb1f0: fa fa 00 00 00 00 00 00 fa fa fd fd fd fd fd fa 0x0c017fffb200: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa 0x0c017fffb210: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa =>0x0c017fffb220: fa fa fd fd fd fd fd fa fa fa[fd]fd fd fd fd fd 0x0c017fffb230: fa fa 00 00 00 00 00 00 fa fa 00 00 00 00 00 00 0x0c017fffb240: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fa 0x0c017fffb250: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fa 0x0c017fffb260: fa fa 00 00 00 00 00 00 fa fa fd fd fd fd fd fa 0x0c017fffb270: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap righ redzone: fb Freed Heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 ASan internal: fe ==8737== ABORTING addr2line -e ./src/freedroidRPG 0x48aaa4 0x48ab47 0x4f3990 0x4f3bf4 0x4ef7e3 0x4cb823 0x47df6b 0x47f8cd 0x4a7a4e 0x4152290x4159bc 0x4c920c 0x48d404 /home/matthias/vcs/git/freedroid/src/text.c:399 /home/matthias/vcs/git/freedroid/src/text.c:529 /home/matthias/vcs/git/freedroid/src/widgets/widget_text_list.c:88 /home/matthias/vcs/git/freedroid/src/widgets/widget_text_list.c:151 /home/matthias/vcs/git/freedroid/src/widgets/widget_group.c:163 /home/matthias/vcs/git/freedroid/src/chat.c:746 /home/matthias/vcs/git/freedroid/src/influ.c:1556 /home/matthias/vcs/git/freedroid/src/influ.c:1647 /home/matthias/vcs/git/freedroid/src/main.c:106 ??:0 /home/matthias/vcs/git/freedroid/src/chat.c:149 /home/matthias/vcs/git/freedroid/src/text_public.c:58 @ commit 2a1aef1e0a4762de5e9153f1089e0a43b06adb1d Attached dialog_crash.jpg.
Author: Xenux	Date: 2013-08-24 09h00
I can't reproduce this bug.
Author: matthiaskrgr	Date: 2013-08-24 09h11
You need to compile with a special ./configure flag. Try ./autogen.sh ; ./configure --enable-sanitize-address ; make clean ; make and try again
Author: Xenux	Date: 2013-08-24 09h51
I can't still reproduce it. :(
Author: matthiaskrgr	Date: 2013-08-24 10h05
Mmh I think you need gcc 4.8 or newer for this. Backtracke here: ================================================================= ==31399== ERROR: AddressSanitizer: heap-use-after-free on address 0x60060009a270 at pc 0x490ba1 bp 0x7fff3b6632b0 sp 0x7fff3b6632a8 READ of size 1 at 0x60060009a270 thread T0 #0 0x490ba0 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x490ba0) #1 0x490c89 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x490c89) #2 0x4fc4c9 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4fc4c9) #3 0x4fc748 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4fc748) #4 0x4f81a3 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4f81a3) #5 0x4d32cc (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4d32cc) #6 0x483427 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x483427) #7 0x484e2e (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x484e2e) #8 0x4ae61e (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4ae61e) #9 0x504877 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x504877) #10 0x517337 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x517337) #11 0x510363 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x510363) #12 0x5048e4 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x5048e4) #13 0x415c64 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x415c64) #14 0x7fa4b3ffabc4 (/usr/lib/libc-2.18.so+0x21bc4) #15 0x41640c (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x41640c) 0x60060009a270 is located 0 bytes inside of 18-byte region [0x60060009a270,0x60060009a282) freed by thread T0 here: #0 0x7fa4b5ab147a (/usr/lib/libasan.so.0.0.0+0x1547a) #1 0x4d0ba4 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4d0ba4) #2 0x4d3c14 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4d3c14) #3 0x483427 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x483427) #4 0x484e2e (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x484e2e) #5 0x4ae61e (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4ae61e) #6 0x504877 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x504877) #7 0x517337 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x517337) #8 0x510363 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x510363) #9 0x5048e4 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x5048e4) #10 0x415c64 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x415c64) #11 0x7fa4b3ffabc4 (/usr/lib/libc-2.18.so+0x21bc4) previously allocated by thread T0 here: #0 0x7fa4b5ab1625 (/usr/lib/libasan.so.0.0.0+0x15625) #1 0x4936a5 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4936a5) #2 0x493b0f (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x493b0f) #3 0x493b97 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x493b97) #4 0x4d1551 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4d1551) #5 0x4d3fed (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4d3fed) #6 0x483427 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x483427) #7 0x484e2e (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x484e2e) #8 0x4ae61e (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4ae61e) #9 0x504877 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x504877) #10 0x517337 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x517337) #11 0x510363 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x510363) #12 0x5048e4 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x5048e4) #13 0x415c64 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x415c64) #14 0x7fa4b3ffabc4 (/usr/lib/libc-2.18.so+0x21bc4) Shadow bytes around the buggy address: 0x0c014000b3f0: fd fd fa fa 00 00 00 00 fa fa fd fd fd fa fa fa 0x0c014000b400: fd fd fd fd fa fa fd fd fd fa fa fa fd fd fd fa 0x0c014000b410: fa fa 00 00 04 fa fa fa 00 00 00 01 fa fa fd fd 0x0c014000b420: fd fa fa fa fd fd fd fd fa fa fd fd fd fa fa fa 0x0c014000b430: fd fd fd fd fa fa fd fd fd fd fa fa 00 00 00 00 =>0x0c014000b440: fa fa fd fd fd fa fa fa fd fd fd fa fa fa[fd]fd 0x0c014000b450: fd fa fa fa fd fd fd fd fa fa fd fd fd fa fa fa 0x0c014000b460: fd fd fd fd fa fa fd fd fd fa fa fa 00 00 00 00 0x0c014000b470: fa fa 00 00 04 fa fa fa 00 00 00 06 fa fa fd fd 0x0c014000b480: fd fa fa fa fd fd fd fa fa fa 00 00 00 fa fa fa 0x0c014000b490: fd fd fd fd fa fa fd fd fd fa fa fa fd fd fd fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap righ redzone: fb Freed Heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 ASan internal: fe ==31399== ABORTING addr2line -e ./src/freedroidRPG 0x490ba0 0x490c89 0x4fc4c9 0x4fc748 0x4f81a3 0x4d32cc 0x484e2e 0x4ae61e 0x504877 0x517337 0x510363 0x5048e4 0x415c64 0x41640c 0x4d0ba4 0x4d3c14 0x483427 0x484e2e 0x4ae61e 0x504877 0x517337 0x510363 0x5048e4 0x415c64 0x4936a5 0x493b0f 0x493b97 0x4d1551 0x4d3fed 0x483427 0x484e2e 0x4ae61e 0x504877 0x517337 0x510363 0x5048e4 0x415c64 /home/matthias/vcs/git/freedroid/src/text.c:399 /home/matthias/vcs/git/freedroid/src/text.c:528 /home/matthias/vcs/git/freedroid/src/widgets/widget_text_list.c:88 /home/matthias/vcs/git/freedroid/src/widgets/widget_text_list.c:151 /home/matthias/vcs/git/freedroid/src/widgets/widget_group.c:163 /home/matthias/vcs/git/freedroid/src/chat.c:746 /home/matthias/vcs/git/freedroid/src/influ.c:1647 /home/matthias/vcs/git/freedroid/src/main.c:106 /home/matthias/vcs/git/freedroid/src/lvledit/lvledit.c:251 /home/matthias/vcs/git/freedroid/src/lvledit/lvledit_menu.c:1089 /home/matthias/vcs/git/freedroid/src/lvledit/lvledit_input.c:193 /home/matthias/vcs/git/freedroid/src/lvledit/lvledit.c:281 /home/matthias/vcs/git/freedroid/src/main.c:185 ??:? /home/matthias/vcs/git/freedroid/src/chat.c:149 /home/matthias/vcs/git/freedroid/src/chat.c:868 /home/matthias/vcs/git/freedroid/src/influ.c:1556 /home/matthias/vcs/git/freedroid/src/influ.c:1647 /home/matthias/vcs/git/freedroid/src/main.c:106 /home/matthias/vcs/git/freedroid/src/lvledit/lvledit.c:251 /home/matthias/vcs/git/freedroid/src/lvledit/lvledit_menu.c:1089 /home/matthias/vcs/git/freedroid/src/lvledit/lvledit_input.c:193 /home/matthias/vcs/git/freedroid/src/lvledit/lvledit.c:281 /home/matthias/vcs/git/freedroid/src/main.c:185 /home/matthias/vcs/git/freedroid/src/text_public.c:58 /home/matthias/vcs/git/freedroid/src/text_public.c:200 /home/matthias/vcs/git/freedroid/src/text_public.c:216 /home/matthias/vcs/git/freedroid/src/chat.c:332 /home/matthias/vcs/git/freedroid/src/chat.c:897 /home/matthias/vcs/git/freedroid/src/influ.c:1556 /home/matthias/vcs/git/freedroid/src/influ.c:1647 /home/matthias/vcs/git/freedroid/src/main.c:106 /home/matthias/vcs/git/freedroid/src/lvledit/lvledit.c:251 /home/matthias/vcs/git/freedroid/src/lvledit/lvledit_menu.c:1089 /home/matthias/vcs/git/freedroid/src/lvledit/lvledit_input.c:193 /home/matthias/vcs/git/freedroid/src/lvledit/lvledit.c:281 /home/matthias/vcs/git/freedroid/src/main.c:185 @ 8354b7eff5294a134bb2f43418f25f7ede06f942
Author: matthiaskrgr	Date: 2013-08-29 15h13
Fixed in 7e2884fccae10589bb205c3f16afa74456566644 . Thanks

History
Date	User	Action	Args
2013-08-29 15:13:45	matthiaskrgr	set	status: open -> resolved assignedto: Xenux messages: + msg2537 nosy: + Xenux
2013-08-24 10:05:12	matthiaskrgr	set	messages: + msg2530
2013-08-24 09:51:53	Xenux	set	messages: + msg2529
2013-08-24 09:11:19	matthiaskrgr	set	messages: + msg2522
2013-08-24 09:00:19	Xenux	set	messages: + msg2520
2013-04-14 11:30:05	matthiaskrgr	create