1 | ==13418==ERROR: AddressSanitizer: heap-use-after-free on address 0x00011d412a38 at pc 0x000100775ccc bp 0x00016fd61760 sp 0x00016fd61758
|
---|
2 | READ of size 4 at 0x00011d412a38 thread T0
|
---|
3 | #0 0x100775cc8 in Saga::HitZone::getFlags() const objectmap.h:56
|
---|
4 | #1 0x1006ec924 in Saga::Actor::stepZoneAction(Saga::ActorData*, Saga::HitZone const*, bool, bool) actor.cpp:551
|
---|
5 | #2 0x100712a0c in Saga::Actor::handleActions(int, bool) actor_walk.cpp:695
|
---|
6 | #3 0x10071da30 in Saga::Actor::direct(int) actor_walk.cpp:727
|
---|
7 | #4 0x1007d2f48 in Saga::SagaEngine::run() saga.cpp:357
|
---|
8 | #5 0x1000dc7e0 in runGame(Plugin const*, Plugin const*, OSystem&, Common::String const&) main.cpp:318
|
---|
9 | #6 0x1000d8130 in scummvm_main main.cpp:619
|
---|
10 | #7 0x1000cf19c in main macosx-main.cpp:44
|
---|
11 | #8 0x1024b1088 in start+0x204 (dyld:arm64e+0x5088)
|
---|
12 |
|
---|
13 | 0x00011d412a38 is located 40 bytes inside of 80-byte region [0x00011d412a10,0x00011d412a60)
|
---|
14 | freed by thread T0 here:
|
---|
15 | #0 0x102bd2de4 in wrap_free+0x98 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x3ede4)
|
---|
16 | #1 0x1007f6284 in Common::Array<Saga::HitZone>::freeStorage(Saga::HitZone*, unsigned int) array.h:414
|
---|
17 | #2 0x1007af720 in Common::Array<Saga::HitZone>::clear() array.h:278
|
---|
18 | #3 0x1007af660 in Saga::ObjectMap::clear() objectmap.cpp:187
|
---|
19 | #4 0x1007e888c in Saga::Scene::endScene() scene.cpp:1145
|
---|
20 | #5 0x1007eb1fc in Saga::Scene::changeScene(short, int, Saga::SceneTransitionType, int) scene.cpp:482
|
---|
21 | #6 0x100811e70 in Saga::Script::sfScriptGotoScene(Saga::ScriptThread*, int, bool&) sfuncs.cpp:469
|
---|
22 | #7 0x1007fc4cc in Saga::Script::opCcallV(Saga::ScriptThread*, Common::SeekableReadStream*, bool&, bool&) script.cpp:467
|
---|
23 | #8 0x100834b00 in Saga::Script::runThread(Saga::ScriptThread&) sthread.cpp:210
|
---|
24 | #9 0x100833e40 in Saga::Script::executeThreads(unsigned int) sthread.cpp:158
|
---|
25 | #10 0x1007d2fcc in Saga::SagaEngine::run() saga.cpp:361
|
---|
26 | #11 0x1000dc7e0 in runGame(Plugin const*, Plugin const*, OSystem&, Common::String const&) main.cpp:318
|
---|
27 | #12 0x1000d8130 in scummvm_main main.cpp:619
|
---|
28 | #13 0x1000cf19c in main macosx-main.cpp:44
|
---|
29 | #14 0x1024b1088 in start+0x204 (dyld:arm64e+0x5088)
|
---|
30 |
|
---|
31 | previously allocated by thread T0 here:
|
---|
32 | #0 0x102bd2ca8 in wrap_malloc+0x94 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x3eca8)
|
---|
33 | #1 0x1007b00f0 in Common::Array<Saga::HitZone>::allocCapacity(unsigned int) array.h:402
|
---|
34 | #2 0x1007afee0 in Common::Array<Saga::HitZone>::reserve(unsigned int) array.h:358
|
---|
35 | #3 0x1007af2ec in Common::Array<Saga::HitZone>::resize(unsigned int) array.h:369
|
---|
36 | #4 0x1007af058 in Saga::ObjectMap::load(Saga::ByteArray const&) objectmap.cpp:178
|
---|
37 | #5 0x1007ef1ac in Saga::Scene::processSceneResources(Common::Array<Saga::SceneResourceData>&) scene.cpp:994
|
---|
38 | #6 0x1007e4b58 in Saga::Scene::loadScene(Saga::LoadSceneParams&) scene.cpp:663
|
---|
39 | #7 0x1007eb20c in Saga::Scene::changeScene(short, int, Saga::SceneTransitionType, int) scene.cpp:485
|
---|
40 | #8 0x100811e70 in Saga::Script::sfScriptGotoScene(Saga::ScriptThread*, int, bool&) sfuncs.cpp:469
|
---|
41 | #9 0x1007fc4cc in Saga::Script::opCcallV(Saga::ScriptThread*, Common::SeekableReadStream*, bool&, bool&) script.cpp:467
|
---|
42 | #10 0x100834b00 in Saga::Script::runThread(Saga::ScriptThread&) sthread.cpp:210
|
---|
43 | #11 0x100833e40 in Saga::Script::executeThreads(unsigned int) sthread.cpp:158
|
---|
44 | #12 0x1007d2fcc in Saga::SagaEngine::run() saga.cpp:361
|
---|
45 | #13 0x1000dc7e0 in runGame(Plugin const*, Plugin const*, OSystem&, Common::String const&) main.cpp:318
|
---|
46 | #14 0x1000d8130 in scummvm_main main.cpp:619
|
---|
47 | #15 0x1000cf19c in main macosx-main.cpp:44
|
---|
48 | #16 0x1024b1088 in start+0x204 (dyld:arm64e+0x5088)
|
---|
49 |
|
---|
50 | SUMMARY: AddressSanitizer: heap-use-after-free objectmap.h:56 in Saga::HitZone::getFlags() const
|
---|
51 | Shadow bytes around the buggy address:
|
---|
52 | 0x007023aa24f0: fd fd fd fd fd fd fd fa fa fa fa fa fd fd fd fd
|
---|
53 | 0x007023aa2500: fd fd fd fd fd fa fa fa fa fa fd fd fd fd fd fd
|
---|
54 | 0x007023aa2510: fd fd fd fa fa fa fa fa fd fd fd fd fd fd fd fd
|
---|
55 | 0x007023aa2520: fd fa fa fa fa fa fd fd fd fd fd fd fd fd fd fa
|
---|
56 | 0x007023aa2530: fa fa fa fa fd fd fd fd fd fd fd fd fd fa fa fa
|
---|
57 | =>0x007023aa2540: fa fa fd fd fd fd fd[fd]fd fd fd fd fa fa fa fa
|
---|
58 | 0x007023aa2550: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fd fd
|
---|
59 | 0x007023aa2560: fd fd fd fd fd fd fd fa fa fa fa fa fd fd fd fd
|
---|
60 | 0x007023aa2570: fd fd fd fd fd fa fa fa fa fa fd fd fd fd fd fd
|
---|
61 | 0x007023aa2580: fd fd fd fa fa fa fa fa fd fd fd fd fd fd fd fd
|
---|
62 | 0x007023aa2590: fd fa fa fa fa fa fd fd fd fd fd fd fd fd fd fa
|
---|
63 | Shadow byte legend (one shadow byte represents 8 application bytes):
|
---|
64 | Addressable: 00
|
---|
65 | Partially addressable: 01 02 03 04 05 06 07
|
---|
66 | Heap left redzone: fa
|
---|
67 | Freed heap region: fd
|
---|
68 | Stack left redzone: f1
|
---|
69 | Stack mid redzone: f2
|
---|
70 | Stack right redzone: f3
|
---|
71 | Stack after return: f5
|
---|
72 | Stack use after scope: f8
|
---|
73 | Global redzone: f9
|
---|
74 | Global init order: f6
|
---|
75 | Poisoned by user: f7
|
---|
76 | Container overflow: fc
|
---|
77 | Array cookie: ac
|
---|
78 | Intra object redzone: bb
|
---|
79 | ASan internal: fe
|
---|
80 | Left alloca redzone: ca
|
---|
81 | Right alloca redzone: cb
|
---|
82 | ==13418==ABORTING
|
---|
83 | Abort trap: 6
|
---|