Latest Posts

Topic: HQ Hunter related crash

MarkMcWire
Avatar
Topic Opener
Joined: 2017-02-08, 21:06
Posts: 319
Ranking
Tribe Member
Location: Eisenach, Germany
Posted at: 2023-06-20, 16:27
==32258==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6110003d9b80 at pc 0x5629fbd51096 bp 0x7f933d946840 sp 0x7f933d946830
READ of size 8 at 0x6110003d9b80 thread T12
    #0 0x5629fbd51095 in Widelands::ShipFleet::remove_ship(Widelands::EditorGameBase&, Widelands::Ship*) /home/markusgopfert/Git/widelands_debug/src/economy/ship_fleet.cc:469
    #1 0x5629fb843381 in Widelands::Ship::cleanup(Widelands::EditorGameBase&) /home/markusgopfert/Git/widelands_debug/src/logic/map_objects/tribes/ship.cc:200
    #2 0x5629fb7597d0 in Widelands::MapObject::remove(Widelands::EditorGameBase&) /home/markusgopfert/Git/widelands_debug/src/logic/map_objects/map_object.cc:538
    #3 0x5629fb7598e4 in Widelands::MapObject::destroy(Widelands::EditorGameBase&) /home/markusgopfert/Git/widelands_debug/src/logic/map_objects/map_object.cc:554
    #4 0x5629fbed1bc3 in LuaMaps::LuaMapObject::destroy(lua_State*) /home/markusgopfert/Git/widelands_debug/src/scripting/lua_map.cc:4754
    #5 0x5629fbf6a575 in int method_dispatch<LuaMaps::LuaShip, LuaMaps::LuaMapObject>(lua_State*) /home/markusgopfert/Git/widelands_debug/src/scripting/luna_impl.h:176
    #6 0x5629fc3157c4 in luaD_precall /home/markusgopfert/Git/widelands_debug/src/third_party/eris/ldo.c:434
    #7 0x5629fc333661 in luaV_execute /home/markusgopfert/Git/widelands_debug/src/third_party/eris/lvm.c:1134
    #8 0x5629fc315d30 in unroll /home/markusgopfert/Git/widelands_debug/src/third_party/eris/ldo.c:556
    #9 0x5629fc31602a in resume /home/markusgopfert/Git/widelands_debug/src/third_party/eris/ldo.c:643
    #10 0x5629fc314af8 in luaD_rawrunprotected /home/markusgopfert/Git/widelands_debug/src/third_party/eris/ldo.c:142
    #11 0x5629fc316148 in lua_resume /home/markusgopfert/Git/widelands_debug/src/third_party/eris/ldo.c:664
    #12 0x5629fc177a10 in LuaCoroutine::resume() /home/markusgopfert/Git/widelands_debug/src/scripting/lua_coroutine.cc:83
    #13 0x5629fbe482d9 in Widelands::CmdLuaCoroutine::execute(Widelands::Game&) /home/markusgopfert/Git/widelands_debug/src/logic/cmd_luacoroutine.cc:39
    #14 0x5629fbe4fcdd in Widelands::CmdQueue::run_queue(Duration const&, Time&) /home/markusgopfert/Git/widelands_debug/src/logic/cmd_queue.cc:121
    #15 0x5629face52cc in Widelands::Game::think() /home/markusgopfert/Git/widelands_debug/src/logic/game.cc:871
    #16 0x5629fb31e92c in InteractiveBase::game_logic_think() /home/markusgopfert/Git/widelands_debug/src/wui/interactive_base.cc:874
    #17 0x5629fb03a06d in UI::Panel::logic_thread() /home/markusgopfert/Git/widelands_debug/src/ui_basic/panel.cc:198
    #18 0x5629fa8c76ae in void std::__invoke_impl<void, void (*)()>(std::__invoke_other, void (*&&)()) (/home/markusgopfert/Git/widelands_debug/widelands+0x6f56ae)
    #19 0x5629fa8c6363 in std::__invoke_result<void (*)()>::type std::__invoke<void (*)()>(void (*&&)()) (/home/markusgopfert/Git/widelands_debug/widelands+0x6f4363)
    #20 0x5629fa8c528f in void std::thread::_Invoker<std::tuple<void (*)()> >::_M_invoke<0ul>(std::_Index_tuple<0ul>) (/home/markusgopfert/Git/widelands_debug/widelands+0x6f328f)
    #21 0x5629fa8c4463 in std::thread::_Invoker<std::tuple<void (*)()> >::operator()() (/home/markusgopfert/Git/widelands_debug/widelands+0x6f2463)
    #22 0x5629fa8c3da5 in std::thread::_State_impl<std::thread::_Invoker<std::tuple<void (*)()> > >::_M_run() (/home/markusgopfert/Git/widelands_debug/widelands+0x6f1da5)
    #23 0x7f934fadc2b2  (/lib/x86_64-linux-gnu/libstdc++.so.6+0xdc2b2)
    #24 0x7f934f694b42 in start_thread nptl/pthread_create.c:442
    #25 0x7f934f7269ff  (/lib/x86_64-linux-gnu/libc.so.6+0x1269ff)

0x6110003d9b80 is located 72 bytes to the right of 248-byte region [0x6110003d9a40,0x6110003d9b38)
allocated by thread T0 here:
    #0 0x7f93522b61c7 in operator new(unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:99
    #1 0x5629fb97ce5c in Widelands::CritterDescr::create_object() const /home/markusgopfert/Git/widelands_debug/src/logic/map_objects/world/critter.cc:482
    #2 0x5629fb97d249 in Widelands::Critter::load(Widelands::EditorGameBase&, Widelands::MapObjectLoader&, FileRead&) /home/markusgopfert/Git/widelands_debug/src/logic/map_objects/world/critter.cc:528
    #3 0x5629fba4b0bf in Widelands::MapObjectPacket::read(FileSystem&, Widelands::EditorGameBase&, Widelands::MapObjectLoader&) /home/markusgopfert/Git/widelands_debug/src/map_io/map_object_packet.cc:70
    #4 0x5629fae72606 in Widelands::WidelandsMapLoader::load_map_complete(Widelands::EditorGameBase&, Widelands::MapLoader::LoadType) /home/markusgopfert/Git/widelands_debug/src/map_io/widelands_map_loader.cc:254
    #5 0x5629fbe0f464 in Widelands::GameMapPacket::read_complete(Widelands::Game&) /home/markusgopfert/Git/widelands_debug/src/game_io/game_map_packet.cc:53
    #6 0x5629fbe0a0fc in Widelands::GameLoader::load_game(bool) /home/markusgopfert/Git/widelands_debug/src/game_io/game_loader.cc:130
    #7 0x5629fad8e872 in Widelands::ReplayWriter::ReplayWriter(Widelands::Game&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/markusgopfert/Git/widelands_debug/src/logic/replay.cc:302
    #8 0x5629face31d1 in Widelands::Game::run(Widelands::Game::StartGameType, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/markusgopfert/Git/widelands_debug/src/logic/game.cc:736
    #9 0x5629fae965f0 in GameHost::run_callback() /home/markusgopfert/Git/widelands_debug/src/network/gamehost.cc:569
    #10 0x5629fae943ff in operator() /home/markusgopfert/Git/widelands_debug/src/network/gamehost.cc:468
    #11 0x5629faeb522b in __invoke_impl<void, GameHost::run()::<lambda()>&> /usr/include/c++/11/bits/invoke.h:61
    #12 0x5629faeb4a83 in __invoke_r<void, GameHost::run()::<lambda()>&> /usr/include/c++/11/bits/invoke.h:111
    #13 0x5629faeb452c in _M_invoke /usr/include/c++/11/bits/std_function.h:290
    #14 0x5629faab0167 in std::function<void ()>::operator()() const /usr/include/c++/11/bits/std_function.h:590
    #15 0x5629fb0d6d24 in FsMenu::LaunchMPG::clicked_ok() /home/markusgopfert/Git/widelands_debug/src/ui_fsmenu/launch_mpg.cc:243
    #16 0x5629fb140d57 in operator() /home/markusgopfert/Git/widelands_debug/src/ui_fsmenu/menu.cc:146
    #17 0x5629fb146117 in __invoke_impl<void, FsMenu::TwoColumnsFullNavigationMenu::TwoColumnsFullNavigationMenu(FsMenu::MenuCapsule&, const string&, double)::<lambda()>&> /usr/include/c++/11/bits/invoke.h:61
    #18 0x5629fb145ac7 in __invoke_r<void, FsMenu::TwoColumnsFullNavigationMenu::TwoColumnsFullNavigationMenu(FsMenu::MenuCapsule&, const string&, double)::<lambda()>&> /usr/include/c++/11/bits/invoke.h:111
    #19 0x5629fb145494 in _M_invoke /usr/include/c++/11/bits/std_function.h:290
    #20 0x5629faab0167 in std::function<void ()>::operator()() const /usr/include/c++/11/bits/std_function.h:590
    #21 0x5629faaabb17 in Notifications::Signal<>::operator()() const /home/markusgopfert/Git/widelands_debug/src/notifications/signal.h:62
    #22 0x5629fb0035b6 in UI::Button::handle_mouserelease(unsigned char, int, int) /home/markusgopfert/Git/widelands_debug/src/ui_basic/button.cc:381
    #23 0x5629fb04530b in UI::Panel::do_mouserelease(unsigned char, int, int) /home/markusgopfert/Git/widelands_debug/src/ui_basic/panel.cc:1331
    #24 0x5629fb046c85 in UI::Panel::ui_mouserelease(unsigned char, int, int) /home/markusgopfert/Git/widelands_debug/src/ui_basic/panel.cc:1544
    #25 0x5629fa8129e4 in WLApplication::handle_mousebutton(SDL_Event&, InputCallback const*) /home/markusgopfert/Git/widelands_debug/src/wlapplication.cc:1053
    #26 0x5629fa811668 in WLApplication::handle_input(InputCallback const*) /home/markusgopfert/Git/widelands_debug/src/wlapplication.cc:960
    #27 0x5629fb03bc10 in UI::Panel::do_run() /home/markusgopfert/Git/widelands_debug/src/ui_basic/panel.cc:383
    #28 0x5629fb134fe3 in int UI::Panel::run<int>() /home/markusgopfert/Git/widelands_debug/src/ui_basic/panel.h:147
    #29 0x5629fb116744 in FsMenu::MainMenu::main_loop() /home/markusgopfert/Git/widelands_debug/src/ui_fsmenu/main.cc:226

Thread T12 created by T0 here:
    #0 0x7f9352258685 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:216
    #1 0x7f934fadc388 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) (/lib/x86_64-linux-gnu/libstdc++.so.6+0xdc388)
    #2 0x5629fa80370f in GameLogicThread /home/markusgopfert/Git/widelands_debug/src/wlapplication.cc:232
    #3 0x5629fa80e288 in WLApplication::run() /home/markusgopfert/Git/widelands_debug/src/wlapplication.cc:776
    #4 0x5629fa801deb in main /home/markusgopfert/Git/widelands_debug/src/main.cc:44
    #5 0x7f934f629d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

SUMMARY: AddressSanitizer: heap-buffer-overflow /home/markusgopfert/Git/widelands_debug/src/economy/ship_fleet.cc:469 in Widelands::ShipFleet::remove_ship(Widelands::EditorGameBase&, Widelands::Ship*)
Shadow bytes around the buggy address:
  0x0c2280073320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c2280073330: 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa fa
  0x0c2280073340: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c2280073350: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c2280073360: 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa fa
=>0x0c2280073370:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2280073380: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2280073390: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c22800733a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c22800733b0: 00 00 00 00 fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c22800733c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==32258==ABORTING

Attachment:
wl_autosave_nethost_00.wgf (3.9 MB)

My widelands project: https://github.com/widelands/wl_addons_server/tree/master/addons/europeans_tribe.wad

Top Quote
MarkMcWire
Avatar
Topic Opener
Joined: 2017-02-08, 21:06
Posts: 319
Ranking
Tribe Member
Location: Eisenach, Germany
Posted at: 2023-06-20, 16:31

The crash occurs after a AI player destroys a HQ from another AI player.


My widelands project: https://github.com/widelands/wl_addons_server/tree/master/addons/europeans_tribe.wad

Top Quote