go to any level
editor menu -> level options -> Size:
now reduce the size of the "West Edge" by one: crash
=================================================================
==26397==ERROR: AddressSanitizer: heap-use-after-free on address 0x6210015a1fa8
at pc 0x000000522a1e bp 0x7ffcd738f3b0 sp 0x7ffcd738f3a0
READ of size 8 at 0x6210015a1fa8 thread T0
#0 0x522a1d in insert_obstacles_into_blitting_list
/home/matthias/vcs/git/freedroid/src/view.c:431
#1 0x539099 in set_up_ordered_blitting_list
/home/matthias/vcs/git/freedroid/src/view.c:1231
#2 0x53f654 in AssembleCombatPicture
/home/matthias/vcs/git/freedroid/src/view.c:1821
#3 0x41a815 in InitiateMenu /home/matthias/vcs/git/freedroid/src/menu.c:455
#4 0x5bdb54 in EditLevelDimensions lvledit/lvledit_menu.c:101
#5 0x5c543b in LevelOptions lvledit/lvledit_menu.c:757
#6 0x5c7b18 in DoLevelEditorMainMenu lvledit/lvledit_menu.c:1005
#7 0x5b77fe in leveleditor_process_input lvledit/lvledit_input.c:193
#8 0x5a22f2 in LevelEditor lvledit/lvledit.c:282
#9 0x514bb7 in main /home/matthias/vcs/git/freedroid/src/main.c:188
#10 0x7f790252d78f in __libc_start_main (/usr/lib/libc.so.6+0x2078f)
#11 0x418128 in _start
(/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x418128)
0x6210015a1fa8 is located 1704 bytes inside of 4800-byte region
[0x6210015a1900,0x6210015a2bc0)
freed by thread T0 here:
#0 0x7f7904b7cd5a in __interceptor_realloc
/build/gcc-multilib/src/gcc-5-20150519/libsanitizer/asan/asan_malloc_linux.cc:59
#1 0x5bc9df in remove_column_west lvledit/lvledit_map.c:308
#2 0x5be85e in EditLevelDimensions lvledit/lvledit_menu.c:153
#3 0x5c543b in LevelOptions lvledit/lvledit_menu.c:757
#4 0x5c7b18 in DoLevelEditorMainMenu lvledit/lvledit_menu.c:1005
#5 0x5b77fe in leveleditor_process_input lvledit/lvledit_input.c:193
#6 0x5a22f2 in LevelEditor lvledit/lvledit.c:282
#7 0x514bb7 in main /home/matthias/vcs/git/freedroid/src/main.c:188
#8 0x7f790252d78f in __libc_start_main (/usr/lib/libc.so.6+0x2078f)
previously allocated by thread T0 here:
#0 0x7f7904b7cb79 in __interceptor_calloc
/build/gcc-multilib/src/gcc-5-20150519/libsanitizer/asan/asan_malloc_linux.cc:54
#1 0x4e4862 in MyMalloc /home/matthias/vcs/git/freedroid/src/text_public.c:68
#2 0x487b36 in decode_map /home/matthias/vcs/git/freedroid/src/map.c:836
#3 0x489ff2 in decode_level /home/matthias/vcs/git/freedroid/src/map.c:1119
#4 0x48bc0d in LoadShip /home/matthias/vcs/git/freedroid/src/map.c:1298
#5 0x49d000 in prepare_level_editor
/home/matthias/vcs/git/freedroid/src/init.c:791
#6 0x41d2af in Startup_handle /home/matthias/vcs/git/freedroid/src/menu.c:809
#7 0x41ce1f in RunSubMenu /home/matthias/vcs/git/freedroid/src/menu.c:746
#8 0x41d18a in RunMenu /home/matthias/vcs/git/freedroid/src/menu.c:775
#9 0x41d19f in StartupMenu /home/matthias/vcs/git/freedroid/src/menu.c:781
#10 0x514b4f in main /home/matthias/vcs/git/freedroid/src/main.c:178
#11 0x7f790252d78f in __libc_start_main (/usr/lib/libc.so.6+0x2078f)
SUMMARY: AddressSanitizer: heap-use-after-free
/home/matthias/vcs/git/freedroid/src/view.c:431 insert_obstacles_into_blitting_list
Shadow bytes around the buggy address:
0x0c42802ac3a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c42802ac3b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c42802ac3c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c42802ac3d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c42802ac3e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c42802ac3f0: fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd
0x0c42802ac400: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c42802ac410: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c42802ac420: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c42802ac430: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c42802ac440: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==26397==ABORTING
|