#4213: Another ASAN crash, now related to pathfinding!
-------------------------------------+-------------------------
Reporter: NoQ | Owner:
Type: bug | Status: new
Priority: normal | Milestone: unspecified
Component: other | Version: unspecified
Operating System: All/Non-Specific |
-------------------------------------+-------------------------
\
\
In a skirmish game on the current master (testing the new NullBot Turtle
AIs against each other).
{{{
==11133==ERROR: AddressSanitizer: heap-use-after-free on address
0x61a00070dcd0 at pc 0x5ff2e8 bp 0x7f5f00188af0 sp 0x7f5f00188ae8
READ of size 8 at 0x61a00070dcd0 thread T5
#0 0x5ff2e7 in std::_Bit_reference::operator bool() const
/usr/lib/gcc/x86_64-pc-linux-
gnu/4.7.3/include/g++-v4/bits/stl_bvector.h:82
#1 0x612396 in std::_Bit_const_iterator::operator*() const
/usr/lib/gcc/x86_64-pc-linux-
gnu/4.7.3/include/g++-v4/bits/stl_bvector.h:288
#2 0x63fd62 in std::vector<bool, std::allocator<bool>
>::operator[](unsigned long) const /usr/lib/gcc/x86_64-pc-linux-
gnu/4.7.3/include/g++-v4/bits/stl_bvector.h:711
#3 0x5fa822 in PathfindContext::isBlocked(int, int) const
/home/noq/wz/warzone2100/src/astar.cpp:144
#4 0x5ebe0e in fpathAStarExplore(PathfindContext&, PathCoord)
/home/noq/wz/warzone2100/src/astar.cpp:400
#5 0x5e3dab in fpathAStarRoute(MOVE_CONTROL*, PATHJOB*)
/home/noq/wz/warzone2100/src/astar.cpp:456
#6 0x94064a in fpathExecute(PATHJOB*, PATHRESULT*)
/home/noq/wz/warzone2100/src/fpath.cpp:513
#7 0x9272e1 in fpathThreadFunc(void*)
/home/noq/wz/warzone2100/src/fpath.cpp:102
#8 0x7f5f16ea4c44 in ?? ??:0
#9 0x7f5f16eda068 in ?? ??:0
#10 0x55bc03 in __asan::AsanThread::ThreadStart(unsigned long) ??:?
#11 0x7f5f16c7e1a6 in ?? ??:0
#12 0x7f5f11a5d0ac in ?? ??:0
0x61a00070dcd0 is located 592 bytes inside of 1176-byte region
[0x61a00070da80,0x61a00070df18)
freed by thread T0 here:
#0 0x555c24 in operator delete(void*) ??:?
#1 0x60957b in __gnu_cxx::new_allocator<unsigned
long>::deallocate(unsigned long*, unsigned long) /usr/lib/gcc/x86_64-pc-
linux-gnu/4.7.3/include/g++-v4/ext/new_allocator.h:100
#2 0x609239 in std::_Bvector_base<std::allocator<bool>
>::_M_deallocate() /usr/lib/gcc/x86_64-pc-linux-
gnu/4.7.3/include/g++-v4/bits/stl_bvector.h:454
#3 0x61a88c in ~_Bvector_base /usr/lib/gcc/x86_64-pc-linux-
gnu/4.7.3/include/g++-v4/bits/stl_bvector.h:441
#4 0x61a70d in ~vector /usr/lib/gcc/x86_64-pc-linux-
gnu/4.7.3/include/g++-v4/bits/stl_bvector.h:569
#5 0x61a5dd in ~vector /usr/lib/gcc/x86_64-pc-linux-
gnu/4.7.3/include/g++-v4/bits/stl_bvector.h:569
#6 0x63e875 in PathBlockingMap::~PathBlockingMap()
/home/noq/wz/warzone2100/src/astar.cpp:105
#7 0x5fdfed in PathBlockingMap::~PathBlockingMap()
/home/noq/wz/warzone2100/src/astar.cpp:105
#8 0x63c208 in
__gnu_cxx::new_allocator<PathBlockingMap>::destroy(PathBlockingMap*)
/usr/lib/gcc/x86_64-pc-linux-
gnu/4.7.3/include/g++-v4/ext/new_allocator.h:123
#9 0x63bd34 in std::_List_base<PathBlockingMap,
std::allocator<PathBlockingMap> >::_M_clear() /usr/lib/gcc/x86_64-pc-
linux-gnu/4.7.3/include/g++-v4/bits/list.tcc:78
#10 0x5f7366 in std::list<PathBlockingMap,
std::allocator<PathBlockingMap> >::clear() /usr/lib/gcc/x86_64-pc-linux-
gnu/4.7.3/include/g++-v4/bits/stl_list.h:1206
#11 0x5eead1 in fpathSetBlockingMap(PATHJOB*)
/home/noq/wz/warzone2100/src/astar.cpp:596
#12 0x93719c in fpathRoute(MOVE_CONTROL*, int, int, int, int, int,
PROPULSION_TYPE, DROID_TYPE, FPATH_MOVETYPE, int, bool, StructureBounds
const&) /home/noq/wz/warzone2100/src/fpath.cpp:442
#13 0x92fa36 in fpathDroidRoute(DROID*, int, int, FPATH_MOVETYPE)
/home/noq/wz/warzone2100/src/fpath.cpp:506
#14 0xdac9e5 in moveDroidToBase(DROID*, unsigned int, unsigned int,
bool, FPATH_MOVETYPE) /home/noq/wz/warzone2100/src/move.cpp:155
#15 0xdabc19 in moveDroidTo(DROID*, unsigned int, unsigned int,
FPATH_MOVETYPE) /home/noq/wz/warzone2100/src/move.cpp:197
#16 0x5a2d21 in actionDroidBase(DROID*, DROID_ACTION_DATA*)
/home/noq/wz/warzone2100/src/action.cpp:2176
#17 0x5a5c61 in actionDroid(DROID*, DROID_ACTION, BASE_OBJECT*)
/home/noq/wz/warzone2100/src/action.cpp:2290
#18 0x5dd1bd in aiUpdateDroid(DROID*)
/home/noq/wz/warzone2100/src/ai.cpp:1175
#19 0x871473 in droidUpdate(DROID*)
/home/noq/wz/warzone2100/src/droid.cpp:865
#20 0xccfc3f in gameStateUpdate()
/home/noq/wz/warzone2100/src/loop.cpp:620
#21 0xccdcf6 in gameLoop() /home/noq/wz/warzone2100/src/loop.cpp:695
#22 0xcdd11c in runGameLoop()
/home/noq/wz/warzone2100/src/main.cpp:886
#23 0xcdcc8d in mainLoop() /home/noq/wz/warzone2100/src/main.cpp:992
#24 0x1e945e0 in wzMain3()
/home/noq/wz/warzone2100/lib/sdl/main_sdl.cpp:1303
#25 0xce0824 in realmain(int, char**)
/home/noq/wz/warzone2100/src/main.cpp:1319
#26 0x1e88d73 in main /home/noq/wz/warzone2100/lib/sdl/main_sdl.cpp:47
#27 0x7f5f11992d0c in ?? ??:0
previously allocated by thread T0 here:
#0 0x555a64 in operator new(unsigned long) ??:?
#1 0x6135df in __gnu_cxx::new_allocator<unsigned
long>::allocate(unsigned long, void const*) /usr/lib/gcc/x86_64-pc-linux-
gnu/4.7.3/include/g++-v4/ext/new_allocator.h:94
#2 0x6073e4 in std::_Bvector_base<std::allocator<bool>
>::_M_allocate(unsigned long) /usr/lib/gcc/x86_64-pc-linux-
gnu/4.7.3/include/g++-v4/bits/stl_bvector.h:448
#3 0x60311f in std::vector<bool, std::allocator<bool>
>::_M_fill_insert(std::_Bit_iterator, unsigned long, bool)
/usr/lib/gcc/x86_64-pc-linux-gnu/4.7.3/include/g++-v4/bits/vector.tcc:721
#4 0x601a85 in std::vector<bool, std::allocator<bool>
>::insert(std::_Bit_iterator, unsigned long, bool const&)
/usr/lib/gcc/x86_64-pc-linux-
gnu/4.7.3/include/g++-v4/bits/stl_bvector.h:820
#5 0x5fea88 in std::vector<bool, std::allocator<bool>
>::resize(unsigned long, bool) /usr/lib/gcc/x86_64-pc-linux-
gnu/4.7.3/include/g++-v4/bits/stl_bvector.h:854
#6 0x5ef4a6 in fpathSetBlockingMap(PATHJOB*)
/home/noq/wz/warzone2100/src/astar.cpp:617
#7 0x93719c in fpathRoute(MOVE_CONTROL*, int, int, int, int, int,
PROPULSION_TYPE, DROID_TYPE, FPATH_MOVETYPE, int, bool, StructureBounds
const&) /home/noq/wz/warzone2100/src/fpath.cpp:442
#8 0x92fa36 in fpathDroidRoute(DROID*, int, int, FPATH_MOVETYPE)
/home/noq/wz/warzone2100/src/fpath.cpp:506
#9 0xdac9e5 in moveDroidToBase(DROID*, unsigned int, unsigned int,
bool, FPATH_MOVETYPE) /home/noq/wz/warzone2100/src/move.cpp:155
#10 0xdabc19 in moveDroidTo(DROID*, unsigned int, unsigned int,
FPATH_MOVETYPE) /home/noq/wz/warzone2100/src/move.cpp:197
#11 0xdcbda1 in moveBlocked(DROID*)
/home/noq/wz/warzone2100/src/move.cpp:699
#12 0xded447 in moveGetObstacleVector(DROID*, Vector2i)
/home/noq/wz/warzone2100/src/move.cpp:1208
#13 0xdbd0b0 in moveGetDirection(DROID*)
/home/noq/wz/warzone2100/src/move.cpp:1280
#14 0xdb867c in moveUpdateDroid(DROID*)
/home/noq/wz/warzone2100/src/move.cpp:2273
#15 0x8715a3 in droidUpdate(DROID*)
/home/noq/wz/warzone2100/src/droid.cpp:880
#16 0xccfc3f in gameStateUpdate()
/home/noq/wz/warzone2100/src/loop.cpp:620
#17 0xccdcf6 in gameLoop() /home/noq/wz/warzone2100/src/loop.cpp:695
#18 0xcdd11c in runGameLoop()
/home/noq/wz/warzone2100/src/main.cpp:886
#19 0xcdcc8d in mainLoop() /home/noq/wz/warzone2100/src/main.cpp:992
#20 0x1e945e0 in wzMain3()
/home/noq/wz/warzone2100/lib/sdl/main_sdl.cpp:1303
#21 0xce0824 in realmain(int, char**)
/home/noq/wz/warzone2100/src/main.cpp:1319
#22 0x1e88d73 in main /home/noq/wz/warzone2100/lib/sdl/main_sdl.cpp:47
#23 0x7f5f11992d0c in ?? ??:0
Thread T5 created by T0 here:
#0 0x5515f0 in pthread_create ??:?
#1 0x7f5f16eda0a7 in ?? ??:0
Shadow bytes around the buggy address:
0x0c34800d9b40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c34800d9b50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c34800d9b60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c34800d9b70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c34800d9b80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c34800d9b90: fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd
0x0c34800d9ba0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c34800d9bb0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c34800d9bc0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c34800d9bd0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c34800d9be0: fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
ASan internal: fe
==11133==ABORTING
}}}
\
\
\
--
Ticket URL: <http://developer.wz2100.net/ticket/4213>
Warzone 2100 Trac <http://developer.wz2100.net/>
The Warzone 2100 Project
------------------------------------------------------------------------------
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________
Warzone2100-project mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/warzone2100-project
