| 1 | ==12520==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00011029f722 at pc 0x00010f799d18 bp 0x700004034650 sp 0x700004034648
|
|---|
| 2 | READ of size 1 at 0x00011029f722 thread T6
|
|---|
| 3 | #0 0x10f799d17 in Scumm::Player_V2Base::next_freqs(Scumm::Player_V2Base::ChannelInfo*) player_v2base.cpp:607
|
|---|
| 4 | #1 0x10f799f39 in Scumm::Player_V2Base::nextTick() player_v2base.cpp:649
|
|---|
| 5 | #2 0x10f7747ea in Scumm::Player_V2::readBuffer(short*, int) player_v2.cpp:174
|
|---|
| 6 | #3 0x1100c8585 in Audio::CopyRateConverter<true, false>::flow(Audio::AudioStream&, short*, unsigned int, unsigned short, unsigned short) rate.cpp:314
|
|---|
| 7 | #4 0x1100be10d in Audio::Channel::mix(short*, unsigned int) mixer.cpp:648
|
|---|
| 8 | #5 0x1100bdd7c in Audio::MixerImpl::mixCallback(unsigned char*, unsigned int) mixer.cpp:301
|
|---|
| 9 | #6 0x111157c43 in outputCallback+0x1ac (libSDL2-2.0.0.dylib:x86_64+0xe2c43)
|
|---|
| 10 | #7 0x7ff80e7b1fe7 in ClientAudioQueue::CallOutputCallback(AudioQueueBuffer*)+0x11d (AudioToolbox:x86_64+0x45fe7)
|
|---|
| 11 | #8 0x7ff80e79aa03 in ClientAudioQueue::FetchAndDeliverPendingCallbacks(unsigned int)+0x33b (AudioToolbox:x86_64+0x2ea03)
|
|---|
| 12 | #9 0x7ff80e79a64d in _XCallbackNotificationsAvailable+0xa3 (AudioToolbox:x86_64+0x2e64d)
|
|---|
| 13 | #10 0x7ff80d6fea8d in mshMIGPerform+0xeb (libAudioToolboxUtility.dylib:x86_64+0xea8d)
|
|---|
| 14 | #11 0x7ff800e3a923 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE1_PERFORM_FUNCTION__+0x28 (CoreFoundation:x86_64h+0x80923)
|
|---|
| 15 | #12 0x7ff800e3a803 in __CFRunLoopDoSource1+0x26a (CoreFoundation:x86_64h+0x80803)
|
|---|
| 16 | #13 0x7ff800e38e6a in __CFRunLoopRun+0x96e (CoreFoundation:x86_64h+0x7ee6a)
|
|---|
| 17 | #14 0x7ff800e37e3b in CFRunLoopRunSpecific+0x231 (CoreFoundation:x86_64h+0x7de3b)
|
|---|
| 18 | #15 0x11115773c in audioqueue_thread+0x43e (libSDL2-2.0.0.dylib:x86_64+0xe273c)
|
|---|
| 19 | #16 0x1110db986 in SDL_RunThread+0x2b (libSDL2-2.0.0.dylib:x86_64+0x66986)
|
|---|
| 20 | #17 0x11114a7f2 in RunThread+0x8 (libSDL2-2.0.0.dylib:x86_64+0xd57f2)
|
|---|
| 21 | #18 0x7ff800d734e0 in _pthread_start+0x7c (libsystem_pthread.dylib:x86_64+0x64e0)
|
|---|
| 22 | #19 0x7ff800d6ef6a in thread_start+0xe (libsystem_pthread.dylib:x86_64+0x1f6a)
|
|---|
| 23 |
|
|---|
| 24 | 0x00011029f722 is located 0 bytes to the right of global variable 'Scumm::freqmod_table' defined in 'engines/scumm/players/player_v2base.cpp:140:19' (0x11029f220) of size 1282
|
|---|
| 25 | SUMMARY: AddressSanitizer: global-buffer-overflow player_v2base.cpp:607 in Scumm::Player_V2Base::next_freqs(Scumm::Player_V2Base::ChannelInfo*)
|
|---|
| 26 | Shadow bytes around the buggy address:
|
|---|
| 27 | 0x100022053e90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
|---|
| 28 | 0x100022053ea0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
|---|
| 29 | 0x100022053eb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
|---|
| 30 | 0x100022053ec0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
|---|
| 31 | 0x100022053ed0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
|---|
| 32 | =>0x100022053ee0: 00 00 00 00[02]f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
|
|---|
| 33 | 0x100022053ef0: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
|
|---|
| 34 | 0x100022053f00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
|
|---|
| 35 | 0x100022053f10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
|---|
| 36 | 0x100022053f20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
|---|
| 37 | 0x100022053f30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
|---|
| 38 | Shadow byte legend (one shadow byte represents 8 application bytes):
|
|---|
| 39 | Addressable: 00
|
|---|
| 40 | Partially addressable: 01 02 03 04 05 06 07
|
|---|
| 41 | Heap left redzone: fa
|
|---|
| 42 | Freed heap region: fd
|
|---|
| 43 | Stack left redzone: f1
|
|---|
| 44 | Stack mid redzone: f2
|
|---|
| 45 | Stack right redzone: f3
|
|---|
| 46 | Stack after return: f5
|
|---|
| 47 | Stack use after scope: f8
|
|---|
| 48 | Global redzone: f9
|
|---|
| 49 | Global init order: f6
|
|---|
| 50 | Poisoned by user: f7
|
|---|
| 51 | Container overflow: fc
|
|---|
| 52 | Array cookie: ac
|
|---|
| 53 | Intra object redzone: bb
|
|---|
| 54 | ASan internal: fe
|
|---|
| 55 | Left alloca redzone: ca
|
|---|
| 56 | Right alloca redzone: cb
|
|---|
| 57 | Thread T6 created by T0 here:
|
|---|
| 58 | #0 0x1118f199c in wrap_pthread_create+0x5c (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x4499c)
|
|---|
| 59 | #1 0x11114a7b7 in SDL_SYS_CreateThread+0x90 (libSDL2-2.0.0.dylib:x86_64+0xd57b7)
|
|---|
| 60 | #2 0x1110dba56 in SDL_CreateThreadWithStackSize_REAL+0x6f (libSDL2-2.0.0.dylib:x86_64+0x66a56)
|
|---|
| 61 | #3 0x111156ee7 in COREAUDIO_OpenDevice+0x1d9 (libSDL2-2.0.0.dylib:x86_64+0xe1ee7)
|
|---|
| 62 | #4 0x111081888 in open_audio_device+0x62f (libSDL2-2.0.0.dylib:x86_64+0xc888)
|
|---|
| 63 | #5 0x111081204 in SDL_OpenAudio_REAL+0x6c (libSDL2-2.0.0.dylib:x86_64+0xc204)
|
|---|
| 64 | #6 0x10fd41454 in SdlMixerManager::init() sdl-mixer.cpp:72
|
|---|
| 65 | #7 0x10f4749b6 in OSystem_SDL::initBackend() sdl.cpp:284
|
|---|
| 66 | #8 0x10f49a5b3 in scummvm_main main.cpp:501
|
|---|
| 67 | #9 0x10f4905cf in main macosx-main.cpp:44
|
|---|
| 68 | #10 0x11d64252d in start+0x1cd (dyld:x86_64+0x552d)
|
|---|
| 69 |
|
|---|
| 70 | ==12520==ABORTING
|
|---|
| 71 | Abort trap: 6 |
|---|
