[Wesnoth-bugs] [bug #25075] heap use after free when window resolution is changed during launch

2017-04-11 Thread Charles Dang 
Follow-up Comment #2, bug #25075 (project wesnoth):

Marked 25290 as ready for test.

___

Reply to this item at:

  

___
  Message sent via/by Gna!
  http://gna.org/


___
Wesnoth-bugs mailing list
Wesnoth-bugs@gna.org
https://mail.gna.org/listinfo/wesnoth-bugs

[Wesnoth-bugs] [bug #25075] heap use after free when window resolution is changed during launch

2016-09-19 Thread Matthias Krüger 
Additional Item Attachment, bug #25075 (project wesnoth):

File name: startupcrash.log   Size:13 KB


___

Reply to this item at:

  

___
  Message sent via/by Gna!
  http://gna.org/


___
Wesnoth-bugs mailing list
Wesnoth-bugs@gna.org
https://mail.gna.org/listinfo/wesnoth-bugs

[Wesnoth-bugs] [bug #25075] heap use after free when window resolution is changed during launch

2016-09-19 Thread Matthias Krüger 
URL:
  

 Summary: heap use after free when window resolution is
changed during launch
 Project: Battle for Wesnoth
Submitted by: matthiaskrgr
Submitted on: Mon 19 Sep 2016 11:42:51 AM UTC
Category: Bug
Severity: 4 - Important
Priority: 5 - Normal
  Item Group: User Interface
  Status: None
 Privacy: Public
 Assigned to: None
Originator Email: 
 Open/Closed: Open
 Discussion Lock: Any
 Release: git
Operating System: linux/fedora

___

Details:

I compiled the game with asan/ubsan.
When I change the window resolution while the main menu hasn't shown yet, the
game crashes under asan:


Battle for Wesnoth v1.13.5+dev (21f01b0-Clean)
Started on Mon Sep 19 13:40:46 2016

Automatically found a possible data directory at
/home/matthias/vcs/github/wesnoth/build/..

Data directory:   /home/matthias/vcs/github/wesnoth/build/..
User configuration directory: /home/matthias/.config/wesnoth
User data directory:  /home/matthias/.local/share/wesnoth/1.13
Cache directory:  /home/matthias/.cache/wesnoth

Setting mode to 800x600
=
==28153==ERROR: AddressSanitizer: heap-use-after-free on address
0x60c00050c918 at pc 0x059a9bc8 bp 0x7f4f90171a40 sp 0x7f4f90171a30
READ of size 8 at 0x60c00050c918 thread T4
#0 0x59a9bc7 in std::_Rb_tree,
std::pair const, std::vector >
>, std::_Select1st const, std::vector > > >, std::less >,
std::allocator const, std::vector > > > >::size() const
/usr/include/c++/6.1.1/bits/stl_tree.h:916
#1 0x59a9bc7 in std::_Rb_tree,
std::pair const, std::vector >
>, std::_Select1st const, std::vector > > >, std::less >,
std::allocator const, std::vector > > >
>::_M_get_insert_hint_unique_pos(std::_Rb_tree_const_iterator const, std::vector > > >, std::__cxx11::basic_string const&)
/usr/include/c++/6.1.1/bits/stl_tree.h:1908
#2 0x59aa3d6 in
std::_Rb_tree_iterator const, std::vector > > > std::_Rb_tree,
std::pair const, std::vector >
>, std::_Select1st const, std::vector > > >, std::less >,
std::allocator const, std::vector > > >
>::_M_emplace_hint_unique,
std::allocator > const&>, std::tuple<>
>(std::_Rb_tree_const_iterator const, std::vector > > >, std::piecewise_construct_t const&,
std::tuple const&>&&, std::tuple<>&&)
/usr/include/c++/6.1.1/bits/stl_tree.h:2170
#3 0x59abdd5 in std::map, std::vector >, std::less >,
std::allocator const, std::vector > > > >::operator[](std::__cxx11::basic_string const&)
/usr/include/c++/6.1.1/bits/stl_map.h:483
#4 0x5947166 in