viewing paste Crash reproduce | Athena

Posted on the | Last edited on
Copied to clipboard
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 
 
==27298==ERROR: AddressSanitizer: heap-use-after-free on address 0x60e00001230a at pc 0x7fcd970ce395 bp 0x7ffc9bb83920 sp 0x7ffc9bb830d0
READ of size 1 at 0x60e00001230a thread T0
    #0 0x7fcd970ce394  (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x46394)
    #1 0x6d49b6 in instance_create /home/ebg/src/map/instance.c:97
    #2 0x96665a in buildin_instance_create /home/ebg/src/map/script.c:17540
    #3 0x98d9dd in run_func /home/ebg/src/map/script.c:4010
    #4 0x9db4bc in run_script_main /home/ebg/src/map/script.c:4255
    #5 0x7eabe1 in npc_scriptcont /home/ebg/src/map/npc.c:1313
    #6 0x5e3de1 in clif_parse /home/ebg/src/map/clif.c:18644
    #7 0xc17499 in do_sockets /home/ebg/src/common/socket.c:877
    #8 0x4074f1 in main /home/ebg/src/common/core.c:446
    #9 0x7fcd94cd9b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
    #10 0x407d54  (/home/ebg/map-server+0x407d54)
 
0x60e00001230a is located 74 bytes inside of 148-byte region [0x60e0000122c0,0x60e000012354)
freed by thread T0 here:
    #0 0x7fcd9711c0da in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x940da)
    #1 0x9c3dc6 in pop_stack /home/ebg/src/map/script.c:3360
 
previously allocated by thread T0 here:
    #0 0x7fcd9711c37a in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x9437a)
    #1 0xc09a06 in aMalloc_ /home/ebg/src/common/memmgr.c:104
 
SUMMARY: AddressSanitizer: heap-use-after-free ??:0 ??
Shadow bytes around the buggy address:
  0x0c1c7fffa410: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
  0x0c1c7fffa420: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c1c7fffa430: fd fd fd fd fa fa fa fa fa fa fa fa fd fd fd fd
  0x0c1c7fffa440: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa
  0x0c1c7fffa450: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
=>0x0c1c7fffa460: fd[fd]fd fd fd fd fd fd fd fd fd fa fa fa fa fa
  0x0c1c7fffa470: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c1c7fffa480: 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa fa
  0x0c1c7fffa490: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c1c7fffa4a0: fd fd fd fd fa fa fa fa fa fa fa fa fd fd fd fd
  0x0c1c7fffa4b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
==27298==ABORTING
 
Viewed 1432 times, submitted by Dastgir.