| カテゴリ | 重要度 | ステータス | 解決状況 | 登録日時 | 最終更新 |
|---|---|---|---|---|---|
 その他 | 重要 (本体) | 仮承認 | 未処理 | 2014-08-12 04:03 | 2024-12-23 22:38 |
| テスター | Firewave | 担当者 | ソース | ||
| バージョン | 0.154 | 発生バージョン | 修正バージョン | ||
| 修正コミット | プルリク | ||||
| フラグ | |||||
| セット | several drivers using mc6845 | ||||
| セット詳細 | |||||
| 概 要 | セーブステート読み込み時にAddressSanitizer: heap-buffer-overflowエラー発生。 | ||||
| 詳 細 |
==11990==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7f30c264d210 at pc 0x1aa94c5 bp 0x7fffe5263fc0 sp 0x7fffe5263fb8
WRITE of size 4 at 0x7f30c264d210 thread T0
#0 0x1aa94c4 in abc806_state::abc806_update_row(bitmap_rgb32&, rectangle const&, unsigned short, unsigned char, unsigned short, unsigned char, signed char, int, int, int) /home/notroot/trunk/src/mess/video/abc806.c:317
#1 0x4f10ab6 in delegate_base<void, bitmap_rgb32&, rectangle const&, unsigned short, unsigned char, unsigned short, unsigned char, signed char, int, int, int, _noparam, _noparam>::operator()(bitmap_rgb32&, rectangle const&, unsigned short, unsigned char, unsigned short, unsigned char, signed char, int, int, int) const /home/notroot/trunk/src/lib/util/delegate.h:659
#2 0x4f10ab6 in mc6845_device::draw_scanline(int, bitmap_rgb32&, rectangle const&) /home/notroot/trunk/src/emu/video/mc6845.c:947
#3 0x4f10e7d in mc6845_device::screen_update(screen_device&, bitmap_rgb32&, rectangle const&) /home/notroot/trunk/src/emu/video/mc6845.c:979
#4 0x1aaaf73 in abc806_state::screen_update(screen_device&, bitmap_rgb32&, rectangle const&) /home/notroot/trunk/src/mess/video/abc806.c:474
#5 0x5a55d50 in delegate_base<unsigned int, screen_device&, bitmap_rgb32&, rectangle const&, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam>::operator()(screen_device&, bitmap_rgb32&, rectangle const&) const /home/notroot/trunk/src/lib/util/delegate.h:652
#6 0x5a55d50 in screen_device::update_partial(int) /home/notroot/trunk/src/emu/screen.c:625
#7 0x5aeba40 in video_manager::finish_screen_updates() /home/notroot/trunk/src/emu/video.c:649
#8 0x5aeafe4 in video_manager::frame_update(bool) /home/notroot/trunk/src/emu/video.c:202
#9 0x5a55051 in screen_device::vblank_begin() /home/notroot/trunk/src/emu/screen.c:822
#10 0x5a54d29 in screen_device::device_timer(emu_timer&, unsigned int, int, void*) /home/notroot/trunk/src/emu/screen.c:404
#11 0x5a4c003 in device_t::timer_expired(emu_timer&, unsigned int, int, void*) /home/notroot/trunk/src/emu/device.h:189
#12 0x5a4c003 in device_scheduler::execute_timers() /home/notroot/trunk/src/emu/schedule.c:902
#13 0x5a46969 in device_scheduler::timeslice() /home/notroot/trunk/src/emu/schedule.c:517
#14 0x5967cc1 in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:377
#15 0x595fb47 in machine_manager::execute() /home/notroot/trunk/src/emu/mame.c:216
#16 0x5772558 in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:243
#17 0x2e53834 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:332
#18 0x7f30d2b41de4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260
#19 0xd8e65c in _start (/home/notroot/trunk/mess64d+0xd8e65c)
0x7f30c264d210 is located 401 bytes to the right of 964735-byte region [0x7f30c2561800,0x7f30c264d07f)
allocated by thread T0 here:
#0 0xd78579 in __interceptor_malloc /home/ben/development/llvm/3.4/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:74
#1 0x61f37c8 in osd_malloc_array(unsigned long) /home/notroot/trunk/src/osd/sdl/sdlos_unix.c:108
#2 0x5d201cd in malloc_file_line(unsigned long, char const*, int, bool, bool, bool) /home/notroot/trunk/src/lib/util/corealloc.c:112
#3 0x5ce48d5 in operator new[](unsigned long) /home/notroot/trunk/src/lib/util/corealloc.h:64
#4 0x5ce48d5 in bitmap_t::allocate(int, int, int, int) /home/notroot/trunk/src/lib/util/bitmap.c:149
#5 0x5ce5d14 in bitmap_t::resize(int, int, int, int) /home/notroot/trunk/src/lib/util/bitmap.c:183
#6 0x5a54943 in screen_device::realloc_screen_bitmaps() /home/notroot/trunk/src/emu/screen.c:538
#7 0x5a528ce in screen_device::configure(int, int, rectangle const&, long long) /home/notroot/trunk/src/emu/screen.c:456
#8 0x4f0ac03 in mc6845_device::recompute_parameters(bool) /home/notroot/trunk/src/emu/video/mc6845.c:536
#9 0x4f09f4d in mc6845_device::device_post_load() /home/notroot/trunk/src/emu/video/mc6845.c:127
#10 0x5796cbb in device_t::post_load() /home/notroot/trunk/src/emu/device.c:498
#11 0x5967513 in running_machine::postload_all_devices() /home/notroot/trunk/src/emu/machine.c:1126
#12 0x5a3d969 in delegate_base<void, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam>::operator()() const /home/notroot/trunk/src/lib/util/delegate.h:649
#13 0x5a3d969 in save_manager::read_file(emu_file&) /home/notroot/trunk/src/emu/save.c:257
#14 0x5969167 in running_machine::handle_saveload() /home/notroot/trunk/src/emu/machine.c:864
#15 0x5967d15 in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:385
#16 0x595fb47 in machine_manager::execute() /home/notroot/trunk/src/emu/mame.c:216
#17 0x5772558 in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:243
#18 0x2e53834 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:332
#19 0x7f30d2b41de4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/notroot/trunk/src/mess/video/abc806.c:317 abc806_state::abc806_update_row(bitmap_rgb32&, rectangle const&, unsigned short, unsigned char, unsigned short, unsigned char, signed char, int, int, int)
Shadow bytes around the buggy address:
0x0fe6984c19f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fe6984c1a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07
0x0fe6984c1a10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0fe6984c1a20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0fe6984c1a30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0fe6984c1a40: fa fa[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0fe6984c1a50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0fe6984c1a60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0fe6984c1a70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0fe6984c1a80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0fe6984c1a90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
ASan internal: fe
Affected sets: pet.c: cbm8296gd cbm4032f cbm8296dgv_de cbm8032_de mmf9000 cbm8096 mmf9000_se pet8032 cbm8296ed pet4032f cbm8096 cbm8296d_de cbm8296 cbm8032 cbm8032_se superpet cbm8296d c128.c: c128_de c128cr c128p c128d c128dcr c128 c128dcrp c128dcr_de c128dp c128d81 c128_se c128dcr_se cbm2.c: cbm620 cbm710 cbm610 b256 cbm720_se b128hp cbm720_de b256 cbm720 b256hp b128 bx256hp cbm620_hu b500 cbm730 b128hp abc80x.c: abc806 abc802 bw12.c: bw12 bw14 v1050.c: v1050 | ||||
| 再現手順 | |||||
| 追加情報 | |||||
| 添付ファイル | |||||