[ オリジナルレポート | konami/mystwarr.cpp を表示 ]

BugID: #05242

カテゴリ 重要度 ステータス 解決状況 登録日時 最終更新
その他重要 (本体)解決済み修正済み2013-07-29 20:422014-05-10 06:04
 
テスターFirewave担当者AWJソースkonami/mystwarr.cpp
バージョン0.149u1発生バージョン修正バージョン0.154
修正コミットプルリク
フラグ
セット mystwarr, mtlchamp and clones
セット詳細
mystwarr - ミスティックウォリアーズ -怒りの忍者- (ver EAA)
 
概 要AddressSanitizer: heap-buffer-overflowエラーが起こる。
詳 細
=================================================================
==52564==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6250000ca100 at pc 0x17ff5dcb bp 0x7fffba83ba70 sp 0x7fffba83ba68
READ of size 4 at 0x6250000ca100 thread T0
    #0 0x17ff5dca in _ZN9tilemap_t26scanline_draw_opaque_rgb32EPjPKtiPKjPhj /home/notroot/trunk/src/emu/tilemap.c:263
    #1 0x17fea512 in _ZN9tilemap_t13draw_instanceI12bitmap_rgb32EEvRT_RKNS_15blit_parametersEii /home/notroot/trunk/src/emu/tilemap.c:1230
    #2 0x17fdfec4 in _ZN9tilemap_t11draw_commonI12bitmap_rgb32EEvR13screen_deviceRT_RK9rectanglejhh /home/notroot/trunk/src/emu/tilemap.c:978
    #3 0x17fc178d in _ZN9tilemap_t4drawER13screen_deviceR12bitmap_rgb32RK9rectanglejhh /home/notroot/trunk/src/emu/tilemap.c:1062
    #4 0x791d781 in _ZN14k056832_device14m_tilemap_drawER13screen_deviceR12bitmap_rgb32RK9rectangleijj /home/notroot/trunk/src/mame/video/k054156_k054157_k056832.c:2593
    #5 0x6e7cc79 in _ZN14konamigx_state22gx_draw_basic_tilemapsER13screen_deviceR12bitmap_rgb32RK9rectangleii /home/notroot/trunk/src/mame/video/konamigx.c:761
    #6 0x6e7b004 in _ZN14konamigx_state19konamigx_mixer_drawER13screen_deviceR12bitmap_rgb32RK9rectangleP9tilemap_tiS8_iiP12bitmap_ind16iP6GX_OBJPii /home/notroot/trunk/src/mame/video/konamigx.c:952
    #7 0x6e78028 in _ZN14konamigx_state14konamigx_mixerER13screen_deviceR12bitmap_rgb32RK9rectangleP9tilemap_tiS8_iiP12bitmap_ind16i /home/notroot/trunk/src/mame/video/konamigx.c:719
    #8 0x71288e7 in _ZN14mystwarr_state22screen_update_mystwarrER13screen_deviceR12bitmap_rgb32RK9rectangle /home/notroot/trunk/src/mame/video/mystwarr.c:337
    #9 0x17f1c83a in _ZNK13delegate_baseIjR13screen_deviceR12bitmap_rgb32RK9rectangle8_noparamS7_EclES1_S3_S6_ /home/notroot/trunk/src/emu/delegate.h:542
    #10 0x17f11525 in _ZN13screen_device14update_partialEi /home/notroot/trunk/src/emu/screen.c:603
    #11 0x18173a3e in _ZN13video_manager21finish_screen_updatesEv /home/notroot/trunk/src/emu/video.c:658
    #12 0x18172896 in _ZN13video_manager12frame_updateEb /home/notroot/trunk/src/emu/video.c:229
    #13 0x17f0fe9a in _ZN13screen_device10vblank_endEv /home/notroot/trunk/src/emu/screen.c:835
    #14 0x17f0dfa8 in _ZN13screen_device12device_timerER9emu_timerjiPv /home/notroot/trunk/src/emu/screen.c:403
    #15 0x17efd58a in _ZN8device_t13timer_expiredER9emu_timerjiPv /home/notroot/trunk/src/emu/device.h:228
    #16 0x17eee17b in _ZN16device_scheduler14execute_timersEv /home/notroot/trunk/src/emu/schedule.c:931
    #17 0x17ee1769 in _ZN16device_scheduler9timesliceEv /home/notroot/trunk/src/emu/schedule.c:454
    #18 0x17a8888b in _ZN15running_machine3runEb /home/notroot/trunk/src/emu/machine.c:412
    #19 0x17a74411 in _Z12mame_executeR11emu_optionsR13osd_interface /home/notroot/trunk/src/emu/mame.c:190
    #20 0x173eb8a6 in _ZN12cli_frontend7executeEiPPc /home/notroot/trunk/src/emu/clifront.c:255
    #21 0x10708f01 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:378
    #22 0x7f69794cbea4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260
    #23 0x1e7a7bc in _start ??:?
0x6250000ca100 is located 0 bytes to the right of 8192-byte region [0x6250000c8100,0x6250000ca100)
allocated by thread T0 here:
    #0 0x1e6c724 in __interceptor_malloc ??:?
    #1 0x18d943c9 in _Z13palette_allocjj /home/notroot/trunk/src/lib/util/palette.c:151
    #2 0x17748d60 in _ZL16allocate_paletteR15running_machineP15palette_private /home/notroot/trunk/src/emu/emupal.c:596
    #3 0x17747053 in _Z12palette_initR15running_machine /home/notroot/trunk/src/emu/emupal.c:142
    #4 0x17a7e3b6 in _ZN15running_machine5startEv /home/notroot/trunk/src/emu/machine.c:259
    #5 0x17a88439 in _ZN15running_machine3runEb /home/notroot/trunk/src/emu/machine.c:391
    #6 0x17a74411 in _Z12mame_executeR11emu_optionsR13osd_interface /home/notroot/trunk/src/emu/mame.c:190
    #7 0x173eb8a6 in _ZN12cli_frontend7executeEiPPc /home/notroot/trunk/src/emu/clifront.c:255
    #8 0x10708f01 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:378
    #9 0x7f69794cbea4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260
Shadow bytes around the buggy address:
  0x0c4a800113d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c4a800113e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c4a800113f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c4a80011400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c4a80011410: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c4a80011420:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c4a80011430: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c4a80011440: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c4a80011450: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c4a80011460: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c4a80011470: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:     fa
  Heap right redzone:    fb
  Freed heap region:     fd
  Stack left redzone:    f1
  Stack mid redzone:     f2
  Stack right redzone:   f3
  Stack partial redzone: f4
  Stack after return:    f5
  Stack use after scope: f8
  Global redzone:        f9
  Global init order:     f6
  Poisoned by user:      f7
  ASan internal:         fe
==52564==ABORTING
再現手順 
追加情報 
 
添付ファイル