[ オリジナルレポート | samcoupe/samcoupe.cpp を表示 ]

BugID: #08502

カテゴリ 重要度 ステータス 解決状況 登録日時 最終更新
その他重要 (本体)仮承認未処理2022-11-04 23:182022-11-23 08:26
 
テスターFirewave担当者 ソースsamcoupe/samcoupe.cpp
バージョン0.249発生バージョン修正バージョン
修正コミットプルリク
フラグ
セット samcoupe
セット詳細
samcoupe - SAM Coupé
 
概 要-str 2 でAddressSanitizer: heap-buffer-overflow
詳 細
==16352==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6160000ebb78 at pc 0x7f4a6a0c4b48 bp 0x7fffc4e550c0 sp 0x7fffc4e550b8
READ of size 4 at 0x6160000ebb78 thread T0
    #0 0x7f4a6a0c4b47 in operator unsigned int /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/palette.h:61:47
    #1 0x7f4a6a0c4b47 in software_renderer<unsigned int, 0, 0, 0, 16, 8, 0, false, true>::get_texel_palette16(render_texinfo const&, int, int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/rendersw.hxx:148:16
    #2 0x7f4a6a0a84e6 in software_renderer<unsigned int, 0, 0, 0, 16, 8, 0, false, true>::draw_quad_palette16_none(render_primitive const&, unsigned int*, unsigned int, software_renderer<unsigned int, 0, 0, 0, 16, 8, 0, false, true>::quad_setup_data const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/rendersw.hxx:684:22
    #3 0x7f4a6a0a5f43 in software_renderer<unsigned int, 0, 0, 0, 16, 8, 0, false, true>::setup_and_draw_textured_quad(render_primitive const&, unsigned int*, int, int, unsigned int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/rendersw.hxx:1782:5
    #4 0x7f4a6a09f802 in software_renderer<unsigned int, 0, 0, 0, 16, 8, 0, false, true>::draw_primitives(render_primitive_list const&, void*, unsigned int, unsigned int, unsigned int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/rendersw.hxx:1867:7
    #5 0x7f4a6a0987c8 in video_manager::create_snapshot_bitmap(screen_device*) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:1046:3
    #6 0x7f4a6a097568 in video_manager::save_snapshot(screen_device*, util::core_file&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:329:2
    #7 0x7f4a6a095e55 in video_manager::recompute_speed(attotime const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:1005:5
    #8 0x7f4a6a0930e8 in video_manager::frame_update(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:261:4
    #9 0x7f4a69f8c7c8 in screen_device::vblank_begin(int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/screen.cpp:1646:21
    #10 0x7f4a69f75304 in operator() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:765:11
    #11 0x7f4a69f75304 in device_scheduler::execute_timers() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:951:5
    #12 0x7f4a69f70858 in device_scheduler::timeslice() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:505:2
    #13 0x7f4a69e084a7 in running_machine::run(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:329:17
    #14 0x7f4a6cf6ef7f in mame_machine_manager::execute() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:290:19
    #15 0x7f4a6d1638d6 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:275:22
    #16 0x7f4a6d16741f in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:291:3
    #17 0x7f4a6cf73d5f in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:454:18
    #18 0x7f4a6a14a58b in main /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:191:9
    #19 0x7f4a28649209 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #20 0x7f4a286492bb in __libc_start_main csu/../csu/libc-start.c:389:3
    #21 0x7f4a478d4260 in _start (/mnt/s/GitHub/mame/mame+0x1d397260) (BuildId: 603d3d1c300651feb2a8e3ac6e9cb58d3f85e77b)

0x6160000ebb78 is located 240 bytes to the right of 520-byte region [0x6160000eb880,0x6160000eba88)
allocated by thread T0 here:
    #0 0x7f4a47991e7d in operator new(unsigned long) (/mnt/s/GitHub/mame/mame+0x1d454e7d) (BuildId: 603d3d1c300651feb2a8e3ac6e9cb58d3f85e77b)
    #1 0x7f4a6166ef7d in allocate /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/new_allocator.h:137:27
    #2 0x7f4a6166ef7d in std::allocator_traits<std::allocator<rgb_t> >::allocate(std::allocator<rgb_t>&, unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/alloc_traits.h:464:20
    #3 0x7f4a616a9e93 in _M_allocate /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/stl_vector.h:378:20
    #4 0x7f4a616a9e93 in std::vector<rgb_t, std::allocator<rgb_t> >::_M_default_append(unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/vector.tcc:650:34
    #5 0x7f4a616a1712 in std::vector<rgb_t, std::allocator<rgb_t> >::resize(unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/stl_vector.h:1011:4
    #6 0x7f4a69e55e2a in render_container::bcg_lookup_table(int, unsigned int&, palette_t*) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/render.cpp:691:17
    #7 0x7f4a69e55bad in render_texture::get_adjusted_palette(render_container&, unsigned int&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/render.cpp
    #8 0x7f4a69e60324 in render_target::add_container_primitives(render_primitive_list&, render_target::object_transform const&, render_target::object_transform const&, render_container&, int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/render.cpp:2384:49
    #9 0x7f4a69e5d8b1 in render_target::get_primitives() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/render.cpp:1427:5
    #10 0x7f4a6a223df1 in renderer_sdl1::get_primitives() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/modules/render/drawsdl.cpp:680:25
    #11 0x7f4a6a16889c in sdl_window_info::update() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/window.cpp:601:50
    #12 0x7f4a6a1570b3 in sdl_osd_interface::update(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/video.cpp:108:12
    #13 0x7f4a6a092d4d in video_manager::frame_update(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:238:18
    #14 0x7f4a69f8c7c8 in screen_device::vblank_begin(int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/screen.cpp:1646:21
    #15 0x7f4a69f75304 in operator() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:765:11
    #16 0x7f4a69f75304 in device_scheduler::execute_timers() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:951:5
    #17 0x7f4a69f70858 in device_scheduler::timeslice() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:505:2
    #18 0x7f4a69e084a7 in running_machine::run(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:329:17
    #19 0x7f4a6cf6ef7f in mame_machine_manager::execute() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:290:19
    #20 0x7f4a6d1638d6 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:275:22
    #21 0x7f4a6d16741f in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:291:3
    #22 0x7f4a6cf73d5f in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:454:18
    #23 0x7f4a6a14a58b in main /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:191:9
    #24 0x7f4a28649209 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16

SUMMARY: AddressSanitizer: heap-buffer-overflow /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/palette.h:61:47 in operator unsigned int
Shadow bytes around the buggy address:
  0x0c2c80015710: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c2c80015720: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c2c80015730: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c2c80015740: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c2c80015750: 00 fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c2c80015760: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa[fa]
  0x0c2c80015770: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2c80015780: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2c80015790: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2c800157a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2c800157b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
再現手順 
追加情報 
 
添付ファイル