If one accidentally plants an enemy inside a collision rectangle, asan crashes
immediately after starting to play:
ound robot that seems really stuck on position: 52.378128/78.377876/8.
More details on this robot: Type=0.
Short Description=123 Acolyte.
Private Pathway[0]: 52.378128/78.377876.
Private Pathway[1]:
-1.000000/-1.000000.=================================================================
==3899==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6250003e80e4
at pc 0x0000004f8e69 bp 0x7ffd15dd36d0 sp 0x7ffd15dd36c0
READ of size 4 at 0x6250003e80e4 thread T0
#0 0x4f8e68 in enemy_handle_stuck_in_walls
/home/matthias/vcs/git/freedroid/src/enemy.c:1296
#1 0x4fa84b in state_machine_inconditional_updates
/home/matthias/vcs/git/freedroid/src/enemy.c:1471
#2 0x500b84 in update_enemy /home/matthias/vcs/git/freedroid/src/enemy.c:2000
#3 0x501a35 in move_enemies /home/matthias/vcs/git/freedroid/src/enemy.c:2130
#4 0x51491a in Game /home/matthias/vcs/git/freedroid/src/main.c:109
#5 0x5a2221 in TestMap lvledit/lvledit.c:252
#6 0x5c7b51 in DoLevelEditorMainMenu lvledit/lvledit_menu.c:1013
#7 0x5b77fe in leveleditor_process_input lvledit/lvledit_input.c:193
#8 0x5a22f2 in LevelEditor lvledit/lvledit.c:282
#9 0x514bb7 in main /home/matthias/vcs/git/freedroid/src/main.c:188
#10 0x7f6979cf078f in __libc_start_main (/usr/lib/libc.so.6+0x2078f)
#11 0x418128 in _start
(/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x418128)
0x6250003e80e4 is located 28 bytes to the left of 8128-byte region
[0x6250003e8100,0x6250003ea0c0)
allocated by thread T0 here:
#0 0x7f697c33fd5a in __interceptor_realloc
/build/gcc-multilib/src/gcc-5-20150519/libsanitizer/asan/asan_malloc_linux.cc:59
#1 0x4531fb in dynarray_resize
/home/matthias/vcs/git/freedroid/src/dynarray.c:66
#2 0x453609 in dynarray_add /home/matthias/vcs/git/freedroid/src/dynarray.c:96
#3 0x48872f in decode_waypoints /home/matthias/vcs/git/freedroid/src/map.c:934
#4 0x48a0df in decode_level /home/matthias/vcs/git/freedroid/src/map.c:1127
#5 0x48bc0d in LoadShip /home/matthias/vcs/git/freedroid/src/map.c:1298
#6 0x49d000 in prepare_level_editor
/home/matthias/vcs/git/freedroid/src/init.c:791
#7 0x41d2af in Startup_handle /home/matthias/vcs/git/freedroid/src/menu.c:809
#8 0x41ce1f in RunSubMenu /home/matthias/vcs/git/freedroid/src/menu.c:746
#9 0x41d18a in RunMenu /home/matthias/vcs/git/freedroid/src/menu.c:775
#10 0x41d19f in StartupMenu /home/matthias/vcs/git/freedroid/src/menu.c:781
#11 0x514b4f in main /home/matthias/vcs/git/freedroid/src/main.c:178
#12 0x7f6979cf078f in __libc_start_main (/usr/lib/libc.so.6+0x2078f)
SUMMARY: AddressSanitizer: heap-buffer-overflow
/home/matthias/vcs/git/freedroid/src/enemy.c:1296 enemy_handle_stuck_in_walls
Shadow bytes around the buggy address:
0x0c4a80074fc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80074fd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80074fe0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80074ff0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80075000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c4a80075010: fa fa fa fa fa fa fa fa fa fa fa fa[fa]fa fa fa
0x0c4a80075020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a80075030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a80075040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a80075050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a80075060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==3899==ABORTING
|