カテゴリ 重要度 ステータス 解決状況 登録日時 最終更新
その他重要 (本体)解決済み修正済み2020-01-08 19:082022-11-05 17:50
 
テスターFirewave担当者 ソースsinclair/timex.cpp
バージョン0.217発生バージョン修正バージョン
修正コミットプルリク
フラグ
セット tc2048
セット詳細
tc2048 - TC-2048
 
概 要AddressSanitizer: heap-buffer-overflow が起こる。
詳 細
=================================================================
==9976==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x22823c00 at pc 0x079a329f bp 0x006fbb38 sp 0x006fbb38
READ of size 1 at 0x22823c00 thread T0
    #0 0x79a329e in spectrum_state::spectrum_UpdateScreenBitmap+0x18e (s:\dev\mame0217\mame.exe+0x72d329e)
    #1 0x796d738 in spectrum_state::device_timer+0x98 (s:\dev\mame0217\mame.exe+0x729d738)
    #2 0x669a1aa in emu_timer::device_timer_expired+0x7a (s:\dev\mame0217\mame.exe+0x5fca1aa)
    #3 0x669a894 in device_scheduler::execute_timers+0x1a4 (s:\dev\mame0217\mame.exe+0x5fca894)
    #4 0x669d9d1 in device_scheduler::timeslice+0xb01 (s:\dev\mame0217\mame.exe+0x5fcd9d1)
    #5 0x66abc95 in running_machine::run+0x305 (s:\dev\mame0217\mame.exe+0x5fdbc95)
    #6 0x75392fc in mame_machine_manager::execute+0x52c (s:\dev\mame0217\mame.exe+0x6e692fc)
    #7 0x755b36a in cli_frontend::start_execution+0x56a (s:\dev\mame0217\mame.exe+0x6e8b36a)
    #8 0x7553104 in cli_frontend::execute+0x174 (s:\dev\mame0217\mame.exe+0x6e83104)
    #9 0x753a259 in emulator_info::start_frontend+0x59 (s:\dev\mame0217\mame.exe+0x6e6a259)
    #10 0xa7f25be in main+0x43e (s:\dev\mame0217\mame.exe+0xa1225be)
    #11 0xa598c9a in __scrt_common_main_seh d:\agent\_work\6\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288
    #12 0x75d36358 in BaseThreadInitThunk+0x18 (C:\WINDOWS\System32\KERNEL32.DLL+0x6b816358)
    #13 0x779f7b73 in RtlGetAppContainerNamedObjectPath+0xe3 (C:\WINDOWS\SYSTEM32
tdll.dll+0x4b2e7b73)
    #14 0x779f7b43 in RtlGetAppContainerNamedObjectPath+0xb3 (C:\WINDOWS\SYSTEM32
tdll.dll+0x4b2e7b43)

Address 0x22823c00 is a wild pointer.
SUMMARY: AddressSanitizer: heap-buffer-overflow (s:\dev\mame0217\mame.exe+0x72d329e) in spectrum_state::spectrum_UpdateScreenBitmap+0x18e
Shadow bytes around the buggy address:
  0x34504730: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x34504740: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x34504750: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x34504760: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x34504770: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x34504780:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x34504790: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x345047a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x345047b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x345047c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x345047d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==9976==ABORTING 
再現手順 
追加情報 
 
添付ファイル