Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AddressSanitizer: heap-use-after-free src/wield.c:402 in dowieldquiver #70

Open
Soviet5lo opened this issue Jun 6, 2022 · 1 comment
Open

AddressSanitizer: heap-use-after-free src/wield.c:402 in dowieldquiver #70

Soviet5lo opened this issue Jun 6, 2022 · 1 comment

Comments

@Soviet5lo
Copy link
Owner 

==285340==ERROR: AddressSanitizer: heap-use-after-free on address 0x60b000018a4e at pc 0x555555dcb384 bp 0x7fffffffdc80 sp 0x7fffffffdc70
READ of size 2 at 0x60b000018a4e thread T0
    #0 0x555555dcb383 in dowieldquiver src/wield.c:402
    #1 0x5555557b5a89 in rhack src/cmd.c:3814
    #2 0x555555721aad in moveloop src/allmain.c:654
    #3 0x555555e35a70 in main sys/unix/unixmain.c:309
    #4 0x7ffff767528f  (/usr/lib/libc.so.6+0x2928f)#
    #5 0x7ffff7675349 in __libc_start_main (/usr/lib/libc.so.6+0x29349)
    #6 0x55555571d944 in _start (/home/soviet5lo/slashthem/slashthem-0.9.7/slashthem+0x1c9944)

0x60b000018a4e is located 30 bytes inside of 104-byte region [0x60b000018a30,0x60b000018a98)
freed by thread T0 here:
    #0 0x7ffff798b672 in __interceptor_free /usr/src/debug/gcc/libsanitizer/asan/asan_malloc_linux.cpp:52
    #1 0x555555a61d25 in dealloc_obj src/mkobj.c:1780
    #2 0x555555c40fe7 in obfree src/shk.c:109911
    #3 0x555555d01ee4 in burn_object src/timeout.c:1489
    #4 0x555555d04e5b in run_timers src/timeout.c:2117
    #5 0x555555cf73f2 in nh_timeout src/timeout.c:478
    #6 0x55555571e4c9 in moveloop src/allmain.c:237
    #7 0x555555e35a70 in main sys/unix/unixmain.c:309
    #8 0x7ffff767528f  (/usr/lib/libc.so.6+0x2928f)

previously allocated by thread T0 here:
    #0 0x7ffff798ca89 in __interceptor_malloc /usr/src/debug/gcc/libsanitizer/asan/asan_malloc_linux.cpp:69
    #1 0x555555723abf in alloc src/alloc.c:97
    #2 0x555555a57eae in mksobj src/mkobj.c:419
    #3 0x555555a55b54 in mkobj src/mkobj.c:146
    #4 0x555555b2f65c in readobjnam src/objnam.c:3134
    #5 0x555555e253c2 in makewish src/zap.c:5248
    #6 0x55555579a304 in wiz_wish src/cmd.c:826
    #7 0x5555557b5a89 in rhack src/cmd.c:3814
    #8 0x555555721aad in moveloop src/allmain.c:654
    #9 0x555555e35a70 in main sys/unix/unixmain.c:309
    #10 0x7ffff767528f  (/usr/lib/libc.so.6+0x2928f)

SUMMARY: AddressSanitizer: heap-use-after-free src/wield.c:402 in dowieldquiver
Shadow bytes around the buggy address:
  0x0c167fffb0f0: fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa
  0x0c167fffb100: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c167fffb110: fd fa fa fa fa fa fa fa fa fa fd fd fd fd fd fd
  0x0c167fffb120: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa
  0x0c167fffb130: fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa
=>0x0c167fffb140: fa fa fa fa fa fa fd fd fd[fd]fd fd fd fd fd fd
  0x0c167fffb150: fd fd fd fa fa fa fa fa fa fa fa fa fd fd fd fd
  0x0c167fffb160: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa
  0x0c167fffb170: fa fa fd fd fd fd fd fd fd fd fd fd fd fd fd fa
  0x0c167fffb180: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c167fffb190: 00 00 00 00 00 fa fa fa fa fa fa fa fa fa fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==285340==ABORTING
@gebulmer
Copy link
Contributor

gebulmer commented Jun 6, 2022

huh, this seems to be quivering an object the same turn that it burns away? whack

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Soviet5lo @gebulmer