Issue 665: sanitize-addresses: crash with tux pathfinding - FreedroidRPG issues

Submitted on 2013-04-14 11h41 by matthiaskrgr, last changed by jesusalva.

Files
File name	Uploaded	Type	Edit	Remove
pathfinding1.jpg	matthiaskrgr, 2013-04-14.11:41:11	image/jpeg
pathfinding2.jpg	matthiaskrgr, 2013-04-14.11:42:02	image/jpeg
there.jpg	matthiaskrgr, 2013-04-14.11:42:47	image/jpeg

Messages
Author: matthiaskrgr	Date: 2013-04-14 11h41
When I try to lead tux out of the bump in the wall by moving the mouse move target there, the game crashes. IIRC Fluzz said the pathfinder was trying to leave the map or something like that. INFO: AddressSanitizer ignores mlock/mlockall/munlock/munlockall ================================================================= ==11349== ERROR: AddressSanitizer: global-buffer-overflow on address 0x0000007faee6 at pc 0x4e3530 bp 0x7fff8c181450 sp 0x7fff8c181448 READ of size 1 at 0x0000007faee6 thread T0 #0 0x4e352f (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e352f) #1 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #2 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #3 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #4 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #5 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #6 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #7 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #8 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #9 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #10 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #11 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #12 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #13 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #14 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #15 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #16 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #17 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #18 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #19 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #20 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #21 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #22 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #23 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #24 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #25 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #26 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #27 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #28 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #29 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #30 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #31 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #32 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #33 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #34 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #35 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #36 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #37 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #38 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #39 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #40 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #41 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #42 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #43 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #44 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #45 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #46 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #47 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #48 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #49 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #50 0x4e3039 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3039) #51 0x4e3cdd (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4e3cdd) #52 0x47eac0 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x47eac0) #53 0x4a7a4e (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4a7a4e) #54 0x415229 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x415229) #55 0x7fe4c24a8a14 (/usr/lib/libc-2.17.so+0x21a14) #56 0x4159bc (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4159bc) 0x0000007faee6 is located 26 bytes to the left of global variable 'stop_stamp (benchmark.c)' (0x7faf00) of size 4 'stop_stamp (benchmark.c)' is ascii string '' 0x0000007faee6 is located 22 bytes to the right of global variable 'recursion_grid (pathfinder.c)' (0x7f87c0) of size 10000 Shadow bytes around the buggy address: 0x0000800f7580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0000800f7590: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0000800f75a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0000800f75b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0000800f75c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0000800f75d0: 00 00 00 00 00 00 00 00 00 00 f9 f9[f9]f9 f9 f9 0x0000800f75e0: 04 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 0x0000800f75f0: 00 00 00 00 00 00 02 f9 f9 f9 f9 f9 04 f9 f9 f9 0x0000800f7600: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 0x0000800f7610: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00 0x0000800f7620: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap righ redzone: fb Freed Heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 ASan internal: fe ==11349== ABORTING addr2line -e ./src/freedroidRPG 0x4e352f 0x4e3039 0x4e3cdd 0x47eac0 0x4a7a4e0x415229 0x4159bc /home/matthias/vcs/git/freedroid/src/pathfinder.c:226 /home/matthias/vcs/git/freedroid/src/pathfinder.c:233 /home/matthias/vcs/git/freedroid/src/pathfinder.c:76 /home/matthias/vcs/git/freedroid/src/influ.c:710 ??:0 ??:? @ 2a1aef1e0a4762de5e9153f1089e0a43b06adb1d Attached pathfinding1.jpg.
Author: Xenux	Date: 2013-08-24 09h17
Fluzz, do you work on pathfinding? Have you fixed this bug?
Author: matthiaskrgr	Date: 2013-08-24 09h26
The bugs is still present. IIRC Fluzz said it was quite difficult to fix and parts of the parthfinding would need ot be rewritten and that it was full of hacks or something like that.
Author: fluzz	Date: 2013-08-24 19h09
Yes, I started to work it, but did not yet have time to finish. That's not a matter of hacks. The pathfinder code is clean, but was not fully adapted after the removal of 'level interfaces'. But yes, the fix is not a simple one, even if not hard to write.
Author: jesusalva	Date: 2014-06-12 14h49
Resolved by Fluzz with RR 2068.

History
Date	User	Action	Args
2014-06-12 14:49:52	jesusalva	set	status: open -> resolved messages: + msg2806
2013-08-24 19:09:17	fluzz	set	messages: + msg2532
2013-08-24 09:26:40	matthiaskrgr	set	messages: + msg2527
2013-08-24 09:17:47	Xenux	set	messages: + msg2525
2013-04-14 11:42:47	matthiaskrgr	set	files: + there.jpg
2013-04-14 11:42:02	matthiaskrgr	set	files: + pathfinding2.jpg
2013-04-14 11:41:11	matthiaskrgr	create