#4202: freed memory dereferenced in intRunWidgets() src/hci.cpp:1123
-------------------------------------+-------------------------
Reporter: tnmurphy | Owner:
Type: bug | Status: new
Priority: normal | Milestone: unspecified
Component: Engine: other | Version: git/master
Operating System: All/Non-Specific |
-------------------------------------+-------------------------
\
\
This is on git head which doesn't appear to have change for some months.
I built WZ with -fsanitise=address and gcc 4.8.2 on Fedora Core 20 Linux
64bit. I have an Nvidia GF119M [NVS 4200M] card.
The sanitiser dropped me out of a game to complain about a use-afer free.
The output did not include symbols so I loaded the warzone binary into gdb
and worked them out.
The problem happens at src/hci.cpp:1123
{{{
if (apsPreviousObj[i] && apsPreviousObj[i]->died)
{
>> apsPreviousObj[i] = NULL;
}
}}}
This memory was in a block that was freed in DROID::~DROID()
(droid.cpp:432).
{{
429 clustRemoveObject((BASE_OBJECT *)psDroid);
430
431 free(sMove.asPath);
432 }
}}
presumably that means the free(sMove.asPath).
The specific messages were:
{{{
==5523== ERROR: AddressSanitizer: heap-use-after-free on address
0x6048005886a8 at pc 0x668b85 bp 0x7fff302b6840 sp 0x7fff302b6830
}}}
and
{{{
0x6048005886a8 is located 40 bytes inside of 1376-byte region
[0x604800588680,0x604800588be0)
freed by thread T0 here:
}}}
and
{{{
previously allocated by thread T0 here:
#0 0x7f21486c5239 (/usr/lib64/libasan.so.0.0.0+0x12239)
#1 0x5d8261 (/home/tim/build/warzone2100/src/warzone2100+0x5d8261)
0x5d8261 is in reallyBuildDroid(DROID_TEMPLATE*, Vector3i, unsigned int,
bool, Rotation) (droid.cpp:1802)
1801
1802 psDroid = new DROID(generateSynchronisedObjectId(),
player);
1803 droidSetName(psDroid, getName(pTemplate));
}}}
So in summary The droid's information (i.e. dead or alive) is being
accessed after the memory of that droid is already deallocated.
I don't know the codebase well enough at the moment to have a patch so I
thought I'd start by reporting it.
\
\
\
--
Ticket URL: <http://developer.wz2100.net/ticket/4202>
Warzone 2100 Trac <http://developer.wz2100.net/>
The Warzone 2100 Project
------------------------------------------------------------------------------
Is your legacy SCM system holding you back? Join Perforce May 7 to find out:
• 3 signs your SCM is hindering your productivity
• Requirements for releasing software faster
• Expert tips and advice for migrating your SCM now
http://p.sf.net/sfu/perforce
_______________________________________________
Warzone2100-project mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/warzone2100-project
