open editor, plant map label, select map label and cut it; the game crashes:
=================================================================
==15295==ERROR: AddressSanitizer: heap-use-after-free on address 0x6020000eb070
at pc 0x7f6786d3877d bp 0x7ffca3ec5890 sp 0x7ffca3ec5038
READ of size 1 at 0x6020000eb070 thread T0
#0 0x7f6786d3877c in __interceptor_strcmp
/build/gcc-multilib/src/gcc-5-20150519/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:179
#1 0x4d16db in del_map_label /home/matthias/vcs/git/freedroid/src/map_label.c:65
#2 0x4e3f50 in action_remove_map_label lvledit/lvledit_actions.c:686
#3 0x4ffc2b in level_editor_delete_selection lvledit/lvledit_tool_select.c:950
#4 0x49c95b in input_key /home/matthias/vcs/git/freedroid/src/keyboard.c:747
#5 0x49d281 in input_key_event
/home/matthias/vcs/git/freedroid/src/keyboard.c:804
#6 0x49d281 in input_key_press
/home/matthias/vcs/git/freedroid/src/keyboard.c:821
#7 0x4994e7 in input_handle /home/matthias/vcs/git/freedroid/src/input.c:119
#8 0x4e9356 in leveleditor_process_input lvledit/lvledit_input.c:186
#9 0x4e07f4 in LevelEditor lvledit/lvledit.c:282
#10 0x418f14 in main /home/matthias/vcs/git/freedroid/src/main.c:188
#11 0x7f678544a78f in __libc_start_main (/usr/lib/libc.so.6+0x2078f)
#12 0x419748 in _start
(/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x419748)
0x6020000eb070 is located 0 bytes inside of 2-byte region
[0x6020000eb070,0x6020000eb072)
freed by thread T0 here:
#0 0x7f6786d896da in __interceptor_free
/build/gcc-multilib/src/gcc-5-20150519/libsanitizer/asan/asan_malloc_linux.cc:28
#1 0x4e3dea in level_editor_action_change_map_label_user
lvledit/lvledit_actions.c:649
#2 0x4fdefa in place_map_label lvledit/lvledit_tool_place.c:247
#3 0x4fdefa in leveleditor_place_input lvledit/lvledit_tool_place.c:685
#4 0x504c27 in forward_event lvledit/lvledit_widget_map.c:53
#5 0x504c27 in map_handle_event lvledit/lvledit_widget_map.c:94
#6 0x4d6934 in group_mouse_event widgets/widget_group.c:89
#7 0x4d6934 in widget_group_handle_event widgets/widget_group.c:183
#8 0x49938a in input_handle /home/matthias/vcs/git/freedroid/src/input.c:135
#9 0x4e9356 in leveleditor_process_input lvledit/lvledit_input.c:186
#10 0x4e07f4 in LevelEditor lvledit/lvledit.c:282
#11 0x418f14 in main /home/matthias/vcs/git/freedroid/src/main.c:188
#12 0x7f678544a78f in __libc_start_main (/usr/lib/libc.so.6+0x2078f)
previously allocated by thread T0 here:
#0 0x7f6786d899da in __interceptor_malloc
/build/gcc-multilib/src/gcc-5-20150519/libsanitizer/asan/asan_malloc_linux.cc:38
#1 0x7f67854aa069 in __strdup (/usr/lib/libc.so.6+0x80069)
SUMMARY: AddressSanitizer: heap-use-after-free
/build/gcc-multilib/src/gcc-5-20150519/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:179
__interceptor_strcmp
Shadow bytes around the buggy address:
0x0c04800155b0: fa fa 00 fa fa fa fa fa fa fa fd fd fa fa fa fa
0x0c04800155c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c04800155d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c04800155e0: fa fa 04 fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c04800155f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c0480015600: fa fa fa fa fa fa 00 fa fa fa fa fa fa fa[fd]fa
0x0c0480015610: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0480015620: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0480015630: fa fa fa fa fa fa 04 fa fa fa fa fa fa fa fa fa
0x0c0480015640: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0480015650: fa fa fa fa fa fa fa fa fa fa 00 fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==15295==ABORTING
|