Untitled

avatar
unknown
plain_text
a year ago
5.8 kB
7
Indexable
=================================================================
==30504==ERROR: AddressSanitizer: heap-use-after-free on address 0x649528cc at pc 0x00bc49eb bp 0xffff89a8 sp 0xffff89a0
READ of size 4 at 0x649528cc thread T0
    #0 0xbc49ea in CItem::GetVnum() const /usr/home/Azal2-prj/srcs/build/../server/game/item.h:92:36
    #1 0x10457c9 in CHARACTER::SellItem(SItemPos) /usr/home/Azal2-prj/srcs/build/../server/game/char_item.cpp:10274:66
    #2 0x163dabb in CInputMain::ItemSell(CHARACTER*, char const*) /usr/home/Azal2-prj/srcs/build/../server/game/input_main.cpp:1195:7
    #3 0x165eea2 in CInputMain::Analyze(DESC*, unsigned char, char const*) /usr/home/Azal2-prj/srcs/build/../server/game/input_main.cpp:5319:5
    #4 0x15e819e in CInputProcessor::Process(DESC*, void const*, int, int&) /usr/home/Azal2-prj/srcs/build/../server/game/input.cpp:105:27
    #5 0x137b667 in DESC::ProcessInput() /usr/home/Azal2-prj/srcs/build/../server/game/desc.cpp:333:31
    #6 0x1789d26 in io_loop(fdwatch*) /usr/home/Azal2-prj/srcs/build/../server/game/main.cpp:1139:17
    #7 0x1789674 in idle() /usr/home/Azal2-prj/srcs/build/../server/game/main.cpp:1022:7
    #8 0x17857a1 in main /usr/home/Azal2-prj/srcs/build/../server/game/main.cpp:641:9
    #9 0x21f5ee85 in __libc_start1 (/usr/lib32/libc.so.7+0x6fe85)
    #10 0xaabdc7 in _start /usr/src/lib/csu/i386/crt1_s.S:84

0x649528cc is located 268 bytes inside of 332-byte region [0x649527c0,0x6495290c)
freed by thread T0 here:
    #0 0xb52e57 in operator delete(void*) /usr/src/contrib/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:152:3
    #1 0x1693481 in CItem::~CItem() /usr/home/Azal2-prj/srcs/build/../server/game/item.cpp:75:1
    #2 0x16d41ea in ITEM_MANAGER::DestroyItem(CItem*) /usr/home/Azal2-prj/srcs/build/../server/game/item_manager.cpp:686:2
    #3 0x16973e4 in CItem::SetCount(unsigned int) /usr/home/Azal2-prj/srcs/build/../server/game/item.cpp:502:4
    #4 0x104570d in CHARACTER::SellItem(SItemPos) /usr/home/Azal2-prj/srcs/build/../server/game/char_item.cpp:10268:8
    #5 0x163dabb in CInputMain::ItemSell(CHARACTER*, char const*) /usr/home/Azal2-prj/srcs/build/../server/game/input_main.cpp:1195:7
    #6 0x165eea2 in CInputMain::Analyze(DESC*, unsigned char, char const*) /usr/home/Azal2-prj/srcs/build/../server/game/input_main.cpp:5319:5
    #7 0x15e819e in CInputProcessor::Process(DESC*, void const*, int, int&) /usr/home/Azal2-prj/srcs/build/../server/game/input.cpp:105:27
    #8 0x137b667 in DESC::ProcessInput() /usr/home/Azal2-prj/srcs/build/../server/game/desc.cpp:333:31
    #9 0x1789d26 in io_loop(fdwatch*) /usr/home/Azal2-prj/srcs/build/../server/game/main.cpp:1139:17
    #10 0x1789674 in idle() /usr/home/Azal2-prj/srcs/build/../server/game/main.cpp:1022:7
    #11 0x17857a1 in main /usr/home/Azal2-prj/srcs/build/../server/game/main.cpp:641:9
    #12 0x21f5ee85 in __libc_start1 (/usr/lib32/libc.so.7+0x6fe85)
    #13 0xaabdc7 in _start /usr/src/lib/csu/i386/crt1_s.S:84
    #14 0xffffdccf  (<unknown module>)

previously allocated by thread T0 here:
    #0 0xb52639 in operator new(unsigned int) /usr/src/contrib/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:95:3
    #1 0x16cf03e in ITEM_MANAGER::CreateItem(unsigned int, unsigned int, unsigned int, bool, int, bool) /usr/home/Azal2-prj/srcs/build/../server/game/item_manager.cpp:216:9
    #2 0x16025b7 in CInputDB::ItemLoad(DESC*, char const*) /usr/home/Azal2-prj/srcs/build/../server/game/input_db.cpp:2019:42
    #3 0x1611575 in CInputDB::Analyze(DESC*, unsigned char, char const*) /usr/home/Azal2-prj/srcs/build/../server/game/input_db.cpp:3199:3
    #4 0x16145cd in CInputDB::Process(DESC*, void const*, int, int&) /usr/home/Azal2-prj/srcs/build/../server/game/input_db.cpp:3557:7
    #5 0x137b14c in DESC::ProcessInput() /usr/home/Azal2-prj/srcs/build/../server/game/desc.cpp:299:30
    #6 0x1789c54 in io_loop(fdwatch*) /usr/home/Azal2-prj/srcs/build/../server/game/main.cpp:1129:20
    #7 0x1789674 in idle() /usr/home/Azal2-prj/srcs/build/../server/game/main.cpp:1022:7
    #8 0x17857a1 in main /usr/home/Azal2-prj/srcs/build/../server/game/main.cpp:641:9
    #9 0x21f5ee85 in __libc_start1 (/usr/lib32/libc.so.7+0x6fe85)
    #10 0xaabdc7 in _start /usr/src/lib/csu/i386/crt1_s.S:84
    #11 0xffffdccf  (<unknown module>)

SUMMARY: AddressSanitizer: heap-use-after-free /usr/home/Azal2-prj/srcs/build/../server/game/item.h:92:36 in CItem::GetVnum() const
Shadow bytes around the buggy address:
  0x64952600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x64952680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x64952700: 00 00 00 00 00 00 00 00 00 04 fa fa fa fa fa fa
  0x64952780: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x64952800: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x64952880: fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd
  0x64952900: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x64952980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x64952a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x64952a80: 00 00 00 00 00 00 00 00 00 04 fa fa fa fa fa fa
  0x64952b00: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==30504==ABORTING
==30504==Sleeping for 10 second(s) before dying
Editor is loading...
Leave a Comment