Issue 666: sanitize-addresses: crash calling craft_addons() and upgrade_items() from map label - FreedroidRPG issues

Title	sanitize-addresses: crash calling craft_addons() and upgrade_items() from map label
Priority	important	Status	resolved
Assigned To	Xenux	Keywords
Linked issues		Watchers	Xenux

Submitted on 2013-04-14 11h50 by matthiaskrgr, last changed by matthiaskrgr.

Files
File name	Uploaded	Type	Edit	Remove
label.jpg	matthiaskrgr, 2013-04-14.11:50:20	image/jpeg

Messages
Author: matthiaskrgr	Date: 2013-04-14 11h50
When I do craft_addons() upgrade_items() with a map label, the game crashes as I closed the upgrade_item screen without having upgraded an item. INFO: AddressSanitizer ignores mlock/mlockall/munlock/munlockall ================================================================= ==14131== ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60a4000146b4 at pc 0x43b492 bp 0x7fffdcb10a70 sp 0x7fffdcb10a68 READ of size 2 at 0x60a4000146b4 thread T0 #0 0x43b491 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x43b491) #1 0x43bf35 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x43bf35) #2 0x43de99 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x43de99) #3 0x442088 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x442088) #4 0x7f7d92c9ed94 (/usr/lib/liblua.so.5.2.1+0xcd94) #5 0x7f7d92caa083 (/usr/lib/liblua.so.5.2.1+0x18083) #6 0x7f7d92c9f068 (/usr/lib/liblua.so.5.2.1+0xd068) #7 0x7f7d92c9e6bb (/usr/lib/liblua.so.5.2.1+0xc6bb) #8 0x7f7d92c9f2a0 (/usr/lib/liblua.so.5.2.1+0xd2a0) #9 0x7f7d92c9b39c (/usr/lib/liblua.so.5.2.1+0x939c) #10 0x444bfc (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x444bfc) #11 0x43824d (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x43824d) #12 0x47fabd (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x47fabd) #13 0x4a7a4e (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4a7a4e) #14 0x4fba87 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4fba87) #15 0x50daee (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x50daee) #16 0x506da3 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x506da3) #17 0x4fbafc (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4fbafc) #18 0x415234 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x415234) #19 0x7f7d921f3a14 (/usr/lib/libc-2.17.so+0x21a14) #20 0x4159bc (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4159bc) 0x60a4000146b4 is located 332 bytes to the left of 73632-byte region [0x60a400014800,0x60a4000267a0) allocated by thread T0 here: #0 0x7f7d93c9f655 (/usr/lib/libasan.so.0.0.0+0x15655) #1 0x48d404 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x48d404) Shadow bytes around the buggy address: 0x0c14ffffa880: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c14ffffa890: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c14ffffa8a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c14ffffa8b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c14ffffa8c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x0c14ffffa8d0: fa fa fa fa fa fa[fa]fa fa fa fa fa fa fa fa fa 0x0c14ffffa8e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c14ffffa8f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c14ffffa900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c14ffffa910: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c14ffffa920: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap righ redzone: fb Freed Heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 ASan internal: fe ==14131== ABORTING addr2line -e ./src/freedroidRPG 0x43b491 0x43bf35 0x43de99 0x442088 0x444bfc 0x43824d 0x47fabd 0x4a7a4e 0x4fba87 0x50daee 0x506da3 0x4fbafc 0x415234 0x7f7d921f3a14 0x48d404 /home/matthias/vcs/git/freedroid/src/item_upgrades.c:417 /home/matthias/vcs/git/freedroid/src/item_upgrades_ui.c:406 /home/matthias/vcs/git/freedroid/src/item_upgrades_ui.c:758 /home/matthias/vcs/git/freedroid/src/lua.c:602 /home/matthias/vcs/git/freedroid/src/lua.c:1509 (discriminator 1) /home/matthias/vcs/git/freedroid/src/event.c:251 /home/matthias/vcs/git/freedroid/src/influ.c:452 /home/matthias/vcs/git/freedroid/src/main.c:106 /home/matthias/vcs/git/freedroid/src/lvledit/lvledit.c:251 /home/matthias/vcs/git/freedroid/src/lvledit/lvledit_menu.c:1052 /home/matthias/vcs/git/freedroid/src/lvledit/lvledit_input.c:193 /home/matthias/vcs/git/freedroid/src/lvledit/lvledit.c:281 /home/matthias/vcs/git/freedroid/src/main.c:185 ??:0 /home/matthias/vcs/git/freedroid/src/text_public.c:58 @ 2a1aef1e0a4762de5e9153f1089e0a43b06adb1d Attached label.jpg.
Author: matthiaskrgr	Date: 2013-08-22 23h34
Patch: Review Request 1934 / http://rb.freedroid.org/r/1934/
Author: matthiaskrgr	Date: 2013-08-23 08h38
Fixed in 18fbfa465f7f491b563c4b5f63a5fc0569ef34c3. Thanks

History
Date	User	Action	Args
2013-08-23 08:38:57	matthiaskrgr	set	status: open -> resolved assignedto: Xenux messages: + msg2519 nosy: + Xenux
2013-08-22 23:34:31	matthiaskrgr	set	messages: + msg2517
2013-04-14 11:50:20	matthiaskrgr	create