in the editor:
place 2 chests
undo 1 time (undo one of the chests)
put something into the remaining chest
press y (redo) => boom
=================================================================
==19132==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x632000030668
at pc 0x0000006e1126 bp 0x7fff3e7da100 sp 0x7fff3e7da0f8
READ of size 1 at 0x632000030668 thread T0
#0 0x6e1125 in action_create_item
/home/matthias/vcs/git/freedroid/src/lvledit/lvledit_actions.c:319:20
#1 0x6e59e2 in action_do
/home/matthias/vcs/git/freedroid/src/lvledit/lvledit_actions.c:773:3
#2 0x6e59e2 in __level_editor_do_action_from_stack
/home/matthias/vcs/git/freedroid/src/lvledit/lvledit_actions.c:856
#3 0x6e7de7 in level_editor_action_redo
/home/matthias/vcs/git/freedroid/src/lvledit/lvledit_actions.c:871:2
#4 0x5e8303 in input_key
/home/matthias/vcs/git/freedroid/src/keyboard.c:706:4
#5 0x5e5dc0 in input_key_event
/home/matthias/vcs/git/freedroid/src/keyboard.c:806:21
#6 0x5e5dc0 in input_key_press
/home/matthias/vcs/git/freedroid/src/keyboard.c:823
#7 0x5c418d in input_handle
/home/matthias/vcs/git/freedroid/src/input.c:119:4
#8 0x6f5ad5 in leveleditor_process_input
/home/matthias/vcs/git/freedroid/src/lvledit/lvledit_input.c:186:2
#9 0x6da7b4 in LevelEditor
/home/matthias/vcs/git/freedroid/src/lvledit/lvledit.c:279:3
#10 0x614a02 in main /home/matthias/vcs/git/freedroid/src/main.c:183:4
#11 0x7f867d676730 in __libc_start_main (/lib64/libc.so.6+0x20730)
#12 0x430798 in _start
(/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x430798)
0x632000030668 is located 408 bytes to the left of 84017-byte region
[0x632000030800,0x632000045031)
allocated by thread T0 here:
#0 0x4d6c13 in calloc
/home/matthias/LLVM/LLVM_pure/stage_2/llvm/projects/compiler-
rt/lib/asan/asan_malloc_linux.cc:72:3
#1 0x697ce5 in MyMalloc
/home/matthias/vcs/git/freedroid/src/text_public.c:68:14
#2 0x607740 in lua_item_list_ctor
/home/matthias/vcs/git/freedroid/src/luaconfig.c:1154:25
#3 0x7a9c45 in luaD_precall
(/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x7a9c45)
SUMMARY: AddressSanitizer: heap-buffer-overflow
/home/matthias/vcs/git/freedroid/src/lvledit/lvledit_actions.c:319:20 in
action_create_item
Shadow bytes around the buggy address:
0x0c647fffe070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c647fffe080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c647fffe090: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c647fffe0a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c647fffe0b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c647fffe0c0: fa fa fa fa fa fa fa fa fa fa fa fa fa[fa]fa fa
0x0c647fffe0d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c647fffe0e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c647fffe0f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c647fffe100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c647fffe110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==19132==ABORTING
@ 6a5f1a29788a300fc7c8cbbb0dd2f66cdebc008b
|