In the editor, when placing a droid, fill up the "Max distance from home" field
with 9s. The value will be set to 1410065407 (for some reason).
Upon playtesting the game will crash:
=================================================================
==17954==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6290002211e0
at pc 0x000000573bdc bp 0x7ffc7e7adcb0 sp 0x7ffc7e7adca8
READ of size 4 at 0x6290002211e0 thread T0
#0 0x573bdb in state_machine_situational_transitions
/home/matthias/vcs/git/freedroid/src/enemy.c:1526:47
#1 0x573bdb in update_enemy /home/matthias/vcs/git/freedroid/src/enemy.c:2010
#2 0x58302b in move_enemies
/home/matthias/vcs/git/freedroid/src/enemy.c:2137:3
#3 0x62168c in Game /home/matthias/vcs/git/freedroid/src/main.c:109:4
#4 0x6eb526 in TestMap
/home/matthias/vcs/git/freedroid/src/lvledit/lvledit.c:252:2
#5 0x70e2cc in do_level_editor_main_menu
/home/matthias/vcs/git/freedroid/src/lvledit/lvledit_menu.c:1014:4
#6 0x707363 in leveleditor_process_input
/home/matthias/vcs/git/freedroid/src/lvledit/lvledit_input.c:193:23
#7 0x6eb614 in LevelEditor
/home/matthias/vcs/git/freedroid/src/lvledit/lvledit.c:279:3
#8 0x6219b2 in main /home/matthias/vcs/git/freedroid/src/main.c:183:4
#9 0x7f17d03e2400 in __libc_start_main /usr/src/debug/glibc-2.24-33-
ge9e69e4/csu/../csu/libc-start.c:289
#10 0x431519 in _start
(/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x431519)
0x6290002211e0 is located 32 bytes to the left of 16384-byte region
[0x629000221200,0x629000225200)
allocated by thread T0 here:
#0 0x4db0de in realloc
/home/matthias/LLVM/LLVM_dev/stage_2/llvm/projects/compiler-
rt/lib/asan/asan_malloc_linux.cc:79:3
#1 0x55b38a in dynarray_resize
/home/matthias/vcs/git/freedroid/src/dynarray.c:95:17
#2 0x55b017 in dynarray_add
/home/matthias/vcs/git/freedroid/src/dynarray.c:131:3
#3 0x62ef72 in decode_waypoints
/home/matthias/vcs/git/freedroid/src/map.c:939:3
#4 0x62ef72 in decode_level /home/matthias/vcs/git/freedroid/src/map.c:1117
#5 0x62af97 in LoadShip /home/matthias/vcs/git/freedroid/src/map.c:1290:23
#6 0x5cb8e2 in prepare_level_editor
/home/matthias/vcs/git/freedroid/src/init.c:621:2
#7 0x642def in Startup_handle
/home/matthias/vcs/git/freedroid/src/menu.c:887:3
#8 0x648ff9 in RunSubMenu /home/matthias/vcs/git/freedroid/src/menu.c:824:13
#9 0x6480d7 in RunMenu /home/matthias/vcs/git/freedroid/src/menu.c:853:2
#10 0x6480d7 in StartupMenu /home/matthias/vcs/git/freedroid/src/menu.c:859
#11 0x621988 in main /home/matthias/vcs/git/freedroid/src/main.c:173:4
#12 0x7f17d03e2400 in __libc_start_main /usr/src/debug/glibc-2.24-33-
ge9e69e4/csu/../csu/libc-start.c:289
SUMMARY: AddressSanitizer: heap-buffer-overflow
/home/matthias/vcs/git/freedroid/src/enemy.c:1526:47 in
state_machine_situational_transitions
Shadow bytes around the buggy address:
0x0c528003c1e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c528003c1f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c528003c200: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c528003c210: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c528003c220: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c528003c230: fa fa fa fa fa fa fa fa fa fa fa fa[fa]fa fa fa
0x0c528003c240: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c528003c250: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c528003c260: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c528003c270: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c528003c280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==17954==ABORTING
|