Last active
January 7, 2016 01:42
-
-
Save Civil/1db9fb2fa25d5af8dc04 to your computer and use it in GitHub Desktop.
List of ASAN complains for OpenJK
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ==15503==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7fb39e95c080 at pc 0x00000063633e bp 0x7ffe768b9c00 sp 0x7ffe768b9bf8 | |
| READ of size 4 at 0x7fb39e95c080 thread T0 | |
| #0 0x63633d in Z_IsFromZone(void const*, unsigned int) /home/civil/src/OpenJK/code/qcommon/z_memman_pc.cpp:509:15 | |
| #1 0x7fb39e327aea in G_FreeEntity(gentity_s*) /home/civil/src/OpenJK/code/game/g_utils.cpp:942:23 | |
| #2 0x7fb39e23a2d4 in SP_waypoint(gentity_s*) /home/civil/src/OpenJK/code/game/g_nav.cpp:210:3 | |
| #3 0x7fb39e2d22a1 in G_CallSpawn(gentity_s*) /home/civil/src/OpenJK/code/game/g_spawn.cpp:893:4 | |
| #4 0x7fb39e2d3f84 in G_SpawnGEntityFromSpawnVars() /home/civil/src/OpenJK/code/game/g_spawn.cpp:1108:8 | |
| #5 0x7fb39e2d689c in G_SpawnEntitiesFromString(char const*) /home/civil/src/OpenJK/code/game/g_spawn.cpp:1653:3 | |
| #6 0x7fb39e1d6d77 in InitGame(char const*, char const*, int, char const*, int, int, int, SavedGameJustLoaded_e, int) /home/civil/src/OpenJK/code/game/g_main.cpp:784:2 | |
| #7 0x6464c0 in SV_InitGameProgs() /home/civil/src/OpenJK/code/server/sv_game.cpp:1073:2 | |
| #8 0x649df3 in SV_SpawnServer(char const*, ForceReload_e, int) /home/civil/src/OpenJK/code/server/sv_init.cpp:311:2 | |
| #9 0x650423 in SG_ReadSavegame(char const*) /home/civil/src/OpenJK/code/server/sv_savegame.cpp:1133:2 | |
| #10 0x65095e in SV_LoadGame_f() /home/civil/src/OpenJK/code/server/sv_savegame.cpp:414:7 | |
| #11 0x5cb676 in Cmd_ExecuteString(char const*) /home/civil/src/OpenJK/code/qcommon/cmd.cpp:726:5 | |
| #12 0x5cc107 in Cbuf_Execute() /home/civil/src/OpenJK/code/qcommon/cmd.cpp:251:3 | |
| #13 0x5d4ec1 in Com_Frame() /home/civil/src/OpenJK/code/qcommon/common.cpp:1375:3 | |
| #14 0x71113d in main /home/civil/src/OpenJK/shared/sys/sys_main.cpp:789:3 | |
| #15 0x7fb3c52355af in __libc_start_main (/lib64/libc.so.6+0x205af) | |
| #16 0x41cf98 in _start (/home/civil/src/OpenJK/dist/usr/local/JediAcademy/openjk_sp.x86_64+0x41cf98) | |
| 0x7fb39e95c080 is located 32 bytes to the left of global variable '<string literal>' defined in '/home/civil/src/OpenJK/code/game/g_nav.cpp:183:20' (0x7fb39e95c0a0) of size 9 | |
| '<string literal>' is ascii string 'waypoint' | |
| 0x7fb39e95c080 is located 25 bytes to the right of global variable '<string literal>' defined in '/home/civil/src/OpenJK/code/game/g_nav.cpp:99:3' (0x7fb39e95c020) of size 71 | |
| '<string literal>' is ascii string 'void NPC_SetMoveGoal(gentity_t *, float *, int, int, int, gentity_t *)' | |
| SUMMARY: AddressSanitizer: global-buffer-overflow /home/civil/src/OpenJK/code/qcommon/z_memman_pc.cpp:509:15 in Z_IsFromZone(void const*, unsigned int) | |
| Shadow bytes around the buggy address: | |
| 0x0ff6f3d237c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
| 0x0ff6f3d237d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
| 0x0ff6f3d237e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
| 0x0ff6f3d237f0: 00 00 00 02 f9 f9 f9 f9 00 00 00 00 00 03 f9 f9 | |
| 0x0ff6f3d23800: f9 f9 f9 f9 00 00 00 00 00 00 00 00 07 f9 f9 f9 | |
| =>0x0ff6f3d23810:[f9]f9 f9 f9 00 01 f9 f9 f9 f9 f9 f9 00 00 00 00 | |
| 0x0ff6f3d23820: 06 f9 f9 f9 f9 f9 f9 f9 00 00 00 02 f9 f9 f9 f9 | |
| 0x0ff6f3d23830: 00 00 00 06 f9 f9 f9 f9 00 00 00 00 00 04 f9 f9 | |
| 0x0ff6f3d23840: f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 | |
| 0x0ff6f3d23850: 04 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 06 f9 f9 | |
| 0x0ff6f3d23860: f9 f9 f9 f9 00 00 00 00 06 f9 f9 f9 f9 f9 f9 f9 | |
| Shadow byte legend (one shadow byte represents 8 application bytes): | |
| Addressable: 00 | |
| Partially addressable: 01 02 03 04 05 06 07 | |
| Heap left redzone: fa | |
| Heap right redzone: fb | |
| Freed heap region: fd | |
| Stack left redzone: f1 | |
| Stack mid redzone: f2 | |
| Stack right redzone: f3 | |
| Stack partial redzone: f4 | |
| Stack after return: f5 | |
| Stack use after scope: f8 | |
| Global redzone: f9 | |
| Global init order: f6 | |
| Poisoned by user: f7 | |
| Container overflow: fc | |
| Array cookie: ac | |
| Intra object redzone: bb | |
| ASan internal: fe | |
| Left alloca redzone: ca | |
| Right alloca redzone: cb | |
| ==15503==ABORTING | |
| ==15538==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7f0b5ce3f080 at pc 0x00000063633e bp 0x7ffdbb8fc040 sp 0x7ffdbb8fc038 | |
| READ of size 4 at 0x7f0b5ce3f080 thread T0 | |
| #0 0x63633d in Z_IsFromZone(void const*, unsigned int) /home/civil/src/OpenJK/code/qcommon/z_memman_pc.cpp:509:15 | |
| #1 0x7f0b5c80aaea in G_FreeEntity(gentity_s*) /home/civil/src/OpenJK/code/game/g_utils.cpp:942:23 | |
| #2 0x7f0b5c71d2d4 in SP_waypoint(gentity_s*) /home/civil/src/OpenJK/code/game/g_nav.cpp:210:3 | |
| #3 0x7f0b5c7b52a1 in G_CallSpawn(gentity_s*) /home/civil/src/OpenJK/code/game/g_spawn.cpp:893:4 | |
| #4 0x7f0b5c7b6f84 in G_SpawnGEntityFromSpawnVars() /home/civil/src/OpenJK/code/game/g_spawn.cpp:1108:8 | |
| #5 0x7f0b5c7b989c in G_SpawnEntitiesFromString(char const*) /home/civil/src/OpenJK/code/game/g_spawn.cpp:1653:3 | |
| #6 0x7f0b5c6b9d77 in InitGame(char const*, char const*, int, char const*, int, int, int, SavedGameJustLoaded_e, int) /home/civil/src/OpenJK/code/game/g_main.cpp:784:2 | |
| #7 0x6464c0 in SV_InitGameProgs() /home/civil/src/OpenJK/code/server/sv_game.cpp:1073:2 | |
| #8 0x649df3 in SV_SpawnServer(char const*, ForceReload_e, int) /home/civil/src/OpenJK/code/server/sv_init.cpp:311:2 | |
| #9 0x650423 in SG_ReadSavegame(char const*) /home/civil/src/OpenJK/code/server/sv_savegame.cpp:1133:2 | |
| #10 0x65095e in SV_LoadGame_f() /home/civil/src/OpenJK/code/server/sv_savegame.cpp:414:7 | |
| #11 0x5cb676 in Cmd_ExecuteString(char const*) /home/civil/src/OpenJK/code/qcommon/cmd.cpp:726:5 | |
| #12 0x5cc107 in Cbuf_Execute() /home/civil/src/OpenJK/code/qcommon/cmd.cpp:251:3 | |
| #13 0x5d4ec1 in Com_Frame() /home/civil/src/OpenJK/code/qcommon/common.cpp:1375:3 | |
| #14 0x71113d in main /home/civil/src/OpenJK/shared/sys/sys_main.cpp:789:3 | |
| #15 0x7f0b831485af in __libc_start_main (/lib64/libc.so.6+0x205af) | |
| #16 0x41cf98 in _start (/home/civil/src/OpenJK/dist/usr/local/JediAcademy/openjk_sp.x86_64+0x41cf98) | |
| 0x7f0b5ce3f080 is located 32 bytes to the left of global variable '<string literal>' defined in '/home/civil/src/OpenJK/code/game/g_nav.cpp:183:20' (0x7f0b5ce3f0a0) of size 9 | |
| '<string literal>' is ascii string 'waypoint' | |
| 0x7f0b5ce3f080 is located 25 bytes to the right of global variable '<string literal>' defined in '/home/civil/src/OpenJK/code/game/g_nav.cpp:99:3' (0x7f0b5ce3f020) of size 71 | |
| '<string literal>' is ascii string 'void NPC_SetMoveGoal(gentity_t *, float *, int, int, int, gentity_t *)' | |
| SUMMARY: AddressSanitizer: global-buffer-overflow /home/civil/src/OpenJK/code/qcommon/z_memman_pc.cpp:509:15 in Z_IsFromZone(void const*, unsigned int) | |
| Shadow bytes around the buggy address: | |
| 0x0fe1eb9bfdc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
| 0x0fe1eb9bfdd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
| 0x0fe1eb9bfde0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
| 0x0fe1eb9bfdf0: 00 00 00 02 f9 f9 f9 f9 00 00 00 00 00 03 f9 f9 | |
| 0x0fe1eb9bfe00: f9 f9 f9 f9 00 00 00 00 00 00 00 00 07 f9 f9 f9 | |
| =>0x0fe1eb9bfe10:[f9]f9 f9 f9 00 01 f9 f9 f9 f9 f9 f9 00 00 00 00 | |
| 0x0fe1eb9bfe20: 06 f9 f9 f9 f9 f9 f9 f9 00 00 00 02 f9 f9 f9 f9 | |
| 0x0fe1eb9bfe30: 00 00 00 06 f9 f9 f9 f9 00 00 00 00 00 04 f9 f9 | |
| 0x0fe1eb9bfe40: f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 | |
| 0x0fe1eb9bfe50: 04 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 06 f9 f9 | |
| 0x0fe1eb9bfe60: f9 f9 f9 f9 00 00 00 00 06 f9 f9 f9 f9 f9 f9 f9 | |
| Shadow byte legend (one shadow byte represents 8 application bytes): | |
| Addressable: 00 | |
| Partially addressable: 01 02 03 04 05 06 07 | |
| Heap left redzone: fa | |
| Heap right redzone: fb | |
| Freed heap region: fd | |
| Stack left redzone: f1 | |
| Stack mid redzone: f2 | |
| Stack right redzone: f3 | |
| Stack partial redzone: f4 | |
| Stack after return: f5 | |
| Stack use after scope: f8 | |
| Global redzone: f9 | |
| Global init order: f6 | |
| Poisoned by user: f7 | |
| Container overflow: fc | |
| Array cookie: ac | |
| Intra object redzone: bb | |
| ASan internal: fe | |
| Left alloca redzone: ca | |
| Right alloca redzone: cb | |
| ==15538==ABORTING | |
| ==16356==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffc7803752e at pc 0x7f05e463559c bp 0x7ffc78035c70 sp 0x7ffc78035c68 | |
| READ of size 1 at 0x7ffc7803752e thread T0 | |
| #0 0x7f05e463559b in Q_stricmpn(char const*, char const*, int) /home/civil/src/OpenJK/code/qcommon/q_shared.cpp:920:8 | |
| #1 0x7f05e45c8291 in Q_stricmp(char const*, char const*) /home/civil/src/OpenJK/code/rd-vanilla/../qcommon/q_shared.h:1053:64 | |
| #2 0x7f05e46dd599 in RE_RegisterModel(char const*) /home/civil/src/OpenJK/code/rd-vanilla/tr_model.cpp:773:6 | |
| #3 0x4e581d in CL_CgameSystemCalls(long*) /home/civil/src/OpenJK/code/client/cl_cgame.cpp:960:10 | |
| #4 0x5964f3 in VM_DllSyscall(long, ...) /home/civil/src/OpenJK/code/client/vmachine.cpp:91:9 | |
| #5 0x7f05c606b82c in cgi_R_RegisterModel(char const*) /home/civil/src/OpenJK/code/cgame/cg_syscalls.cpp:247:9 | |
| #6 0x7f05c5fd8162 in CG_RegisterGraphics() /home/civil/src/OpenJK/code/cgame/cg_main.cpp:1557:28 | |
| #7 0x7f05c5fcde19 in CG_GameStateReceived() /home/civil/src/OpenJK/code/cgame/cg_main.cpp:1882:2 | |
| #8 0x7f05c5fc6666 in CG_Init(int) /home/civil/src/OpenJK/code/cgame/cg_main.cpp:2145:2 | |
| #9 0x7f05c5fc60a4 in vmMain /home/civil/src/OpenJK/code/cgame/cg_main.cpp:107:3 | |
| #10 0x596213 in VM_Call(int, ...) /home/civil/src/OpenJK/code/client/vmachine.cpp:46:10 | |
| #11 0x4eaa04 in CL_InitCGame() /home/civil/src/OpenJK/code/client/cl_cgame.cpp:1407:2 | |
| #12 0x52480e in CL_StartHunkUsers() /home/civil/src/OpenJK/code/client/cl_main.cpp:977:3 | |
| #13 0x52aabe in CL_ParseGamestate(msg_t*) /home/civil/src/OpenJK/code/client/cl_parse.cpp:430:2 | |
| #14 0x52b252 in CL_ParseServerMessage(msg_t*) /home/civil/src/OpenJK/code/client/cl_parse.cpp:531:4 | |
| #15 0x5234bc in CL_PacketEvent(netadr_s, msg_t*) /home/civil/src/OpenJK/code/client/cl_main.cpp:681:2 | |
| #16 0x5d2570 in Com_EventLoop() /home/civil/src/OpenJK/code/qcommon/common.cpp:848:5 | |
| #17 0x5d4b53 in Com_Frame() /home/civil/src/OpenJK/code/qcommon/common.cpp:1369:20 | |
| #18 0x710eed in main /home/civil/src/OpenJK/shared/sys/sys_main.cpp:789:3 | |
| #19 0x7f05ec6055af in __libc_start_main (/lib64/libc.so.6+0x205af) | |
| #20 0x41cf98 in _start (/home/civil/src/OpenJK/dist/usr/local/JediAcademy/openjk_sp.x86_64+0x41cf98) | |
| Address 0x7ffc7803752e is located in stack of thread T0 at offset 622 in frame | |
| #0 0x7f05c5fd651f in CG_RegisterGraphics() /home/civil/src/OpenJK/code/cgame/cg_main.cpp:1278 | |
| This frame has 10 object(s): | |
| [32, 161) 'items' | |
| [240, 328) 'sb_nums' | |
| [368, 456) 'sb_t_nums' | |
| [496, 584) 'sb_c_nums' | |
| [624, 634) 'name' <== Memory access at offset 622 underflows this variable | |
| [656, 668) 'mins' | |
| [688, 700) 'maxs' | |
| [720, 732) 'mins2' | |
| [752, 764) 'maxs3' | |
| [784, 848) 'temp' | |
| HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext | |
| (longjmp and C++ exceptions *are* supported) | |
| SUMMARY: AddressSanitizer: stack-buffer-overflow /home/civil/src/OpenJK/code/qcommon/q_shared.cpp:920:8 in Q_stricmpn(char const*, char const*, int) | |
| Shadow bytes around the buggy address: | |
| 0x10000effee50: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 | |
| 0x10000effee60: 00 00 00 00 00 00 00 00 00 00 00 00 01 f2 f2 f2 | |
| 0x10000effee70: f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 | |
| 0x10000effee80: 00 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 | |
| 0x10000effee90: 00 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 | |
| =>0x10000effeea0: 00 f2 f2 f2 f2[f2]00 02 f2 f2 00 04 f2 f2 00 04 | |
| 0x10000effeeb0: f2 f2 00 04 f2 f2 00 04 f2 f2 00 00 00 00 00 00 | |
| 0x10000effeec0: 00 00 f3 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 | |
| 0x10000effeed0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
| 0x10000effeee0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
| 0x10000effeef0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
| Shadow byte legend (one shadow byte represents 8 application bytes): | |
| Addressable: 00 | |
| Partially addressable: 01 02 03 04 05 06 07 | |
| Heap left redzone: fa | |
| Heap right redzone: fb | |
| Freed heap region: fd | |
| Stack left redzone: f1 | |
| Stack mid redzone: f2 | |
| Stack right redzone: f3 | |
| Stack partial redzone: f4 | |
| Stack after return: f5 | |
| Stack use after scope: f8 | |
| Global redzone: f9 | |
| Global init order: f6 | |
| Poisoned by user: f7 | |
| Container overflow: fc | |
| Array cookie: ac | |
| Intra object redzone: bb | |
| ASan internal: fe | |
| Left alloca redzone: ca | |
| Right alloca redzone: cb | |
| ==16356==ABORTING | |
| ==16688==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffceb0172ac at pc 0x7f5f6886178a bp 0x7ffceb015760 sp 0x7ffceb015758 | |
| READ of size 4 at 0x7ffceb0172ac thread T0 | |
| #0 0x7f5f68861789 in RE_SetColor(float const*) /home/civil/src/OpenJK/code/rd-vanilla/tr_cmds.cpp:210:19 | |
| #1 0x4e6cef in CL_CgameSystemCalls(long*) /home/civil/src/OpenJK/code/client/cl_cgame.cpp:1014:3 | |
| #2 0x5964f3 in VM_DllSyscall(long, ...) /home/civil/src/OpenJK/code/client/vmachine.cpp:91:9 | |
| #3 0x7f5f4a2fda3c in cgi_R_SetColor(float const*) /home/civil/src/OpenJK/code/cgame/cg_syscalls.cpp:334:2 | |
| #4 0x7f5f4a307b8e in CG_SaberClashFlare() /home/civil/src/OpenJK/code/cgame/cg_view.cpp:1565:2 | |
| #5 0x7f5f4a1f1f02 in CG_Draw2D() /home/civil/src/OpenJK/code/cgame/cg_draw.cpp:4024:2 | |
| #6 0x7f5f4a1f1441 in CG_DrawActive(stereoFrame_t) /home/civil/src/OpenJK/code/cgame/cg_draw.cpp:4296:2 | |
| #7 0x7f5f4a30a3ef in CG_DrawActiveFrame(int, stereoFrame_t) /home/civil/src/OpenJK/code/cgame/cg_view.cpp:2253:3 | |
| #8 0x7f5f4a257ce9 in vmMain /home/civil/src/OpenJK/code/cgame/cg_main.cpp:115:3 | |
| #9 0x596213 in VM_Call(int, ...) /home/civil/src/OpenJK/code/client/vmachine.cpp:46:10 | |
| #10 0x4eacc2 in CL_CGameRendering(stereoFrame_t) /home/civil/src/OpenJK/code/client/cl_cgame.cpp:1473:2 | |
| #11 0x52df41 in SCR_DrawScreenField(stereoFrame_t) /home/civil/src/OpenJK/code/client/cl_scrn.cpp:452:5 | |
| #12 0x52e21d in SCR_UpdateScreen() /home/civil/src/OpenJK/code/client/cl_scrn.cpp:506:4 | |
| #13 0x52461e in CL_Frame(int, float) /home/civil/src/OpenJK/code/client/cl_main.cpp:869:3 | |
| #14 0x5d4edc in Com_Frame() /home/civil/src/OpenJK/code/qcommon/common.cpp:1419:4 | |
| #15 0x710e6d in main /home/civil/src/OpenJK/shared/sys/sys_main.cpp:789:3 | |
| #16 0x7f5f707fd5af in __libc_start_main (/lib64/libc.so.6+0x205af) | |
| #17 0x41cf98 in _start (/home/civil/src/OpenJK/dist/usr/local/JediAcademy/openjk_sp.x86_64+0x41cf98) | |
| Address 0x7ffceb0172ac is located in stack of thread T0 at offset 1292 in frame | |
| #0 0x7f5f4a30761f in CG_SaberClashFlare() /home/civil/src/OpenJK/code/cgame/cg_view.cpp:1521 | |
| This frame has 5 object(s): | |
| [32, 44) 'dif' | |
| [64, 1144) 'tr' | |
| [1280, 1292) 'color' <== Memory access at offset 1292 overflows this variable | |
| [1312, 1316) 'x' | |
| [1328, 1332) 'y' | |
| HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext | |
| (longjmp and C++ exceptions *are* supported) | |
| SUMMARY: AddressSanitizer: stack-buffer-overflow /home/civil/src/OpenJK/code/rd-vanilla/tr_cmds.cpp:210:19 in RE_SetColor(float const*) | |
| Shadow bytes around the buggy address: | |
| 0x10001d5fae00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
| 0x10001d5fae10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
| 0x10001d5fae20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
| 0x10001d5fae30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
| 0x10001d5fae40: 00 00 00 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 | |
| =>0x10001d5fae50: f2 f2 f2 f2 00[04]f2 f2 04 f2 04 f3 00 00 00 00 | |
| 0x10001d5fae60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
| 0x10001d5fae70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
| 0x10001d5fae80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
| 0x10001d5fae90: f1 f1 f1 f1 00 00 00 00 00 00 00 00 00 00 00 00 | |
| 0x10001d5faea0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
| Shadow byte legend (one shadow byte represents 8 application bytes): | |
| Addressable: 00 | |
| Partially addressable: 01 02 03 04 05 06 07 | |
| Heap left redzone: fa | |
| Heap right redzone: fb | |
| Freed heap region: fd | |
| Stack left redzone: f1 | |
| Stack mid redzone: f2 | |
| Stack right redzone: f3 | |
| Stack partial redzone: f4 | |
| Stack after return: f5 | |
| Stack use after scope: f8 | |
| Global redzone: f9 | |
| Global init order: f6 | |
| Poisoned by user: f7 | |
| Container overflow: fc | |
| Array cookie: ac | |
| Intra object redzone: bb | |
| ASan internal: fe | |
| Left alloca redzone: ca | |
| Right alloca redzone: cb | |
| ==16688==ABORTING | |
| ==16847==ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed: 0x60e000014c20 in thread T0 | |
| #0 0x4df3f0 in operator delete(void*) /var/tmp/portage/sys-devel/llvm-3.7.0-r4/work/llvm-3.7.0.src/projects/compiler-rt/lib/asan/asan_new_delete.cc:94 | |
| #1 0x7fb6b6dcc348 in StringAndSize_t::~StringAndSize_t() /home/civil/src/OpenJK/code/cgame/cg_credits.cpp:42:8 | |
| #2 0x7fb6b6dce254 in void std::_Destroy<StringAndSize_t>(StringAndSize_t*) /usr/lib/gcc/x86_64-pc-linux-gnu/5.3.0/include/g++-v5/bits/stl_construct.h:93:7 | |
| #3 0x7fb6b6dce21e in void std::_Destroy_aux<false>::__destroy<StringAndSize_t*>(StringAndSize_t*, StringAndSize_t*) /usr/lib/gcc/x86_64-pc-linux-gnu/5.3.0/include/g++-v5/bits/stl_construct.h:103:6 | |
| #4 0x7fb6b6dce1dc in void std::_Destroy<StringAndSize_t*>(StringAndSize_t*, StringAndSize_t*) /usr/lib/gcc/x86_64-pc-linux-gnu/5.3.0/include/g++-v5/bits/stl_construct.h:126:7 | |
| #5 0x7fb6b6dce090 in void std::_Destroy<StringAndSize_t*, StringAndSize_t>(StringAndSize_t*, StringAndSize_t*, std::allocator<StringAndSize_t>&) /usr/lib/gcc/x86_64-pc-linux-gnu/5.3.0/include/g++-v5/bits/stl_construct.h:151:7 | |
| #6 0x7fb6b6dce01f in std::vector<StringAndSize_t, std::allocator<StringAndSize_t> >::~vector() /usr/lib/gcc/x86_64-pc-linux-gnu/5.3.0/include/g++-v5/bits/stl_vector.h:424:9 | |
| #7 0x7fb6b6dcc1f2 in CreditLine_t::~CreditLine_t() /home/civil/src/OpenJK/code/cgame/cg_credits.cpp:97:8 | |
| #8 0x7fb6b6dc9cfd in CG_Credits_Init(char const*, float (*) [4]) /home/civil/src/OpenJK/code/cgame/cg_credits.cpp:450:5 | |
| #9 0x7fb6b6dd6a6c in CG_DrawCredits() /home/civil/src/OpenJK/code/cgame/cg_draw.cpp:2420:3 | |
| #10 0x7fb6b6dda8f7 in CG_Draw2D() /home/civil/src/OpenJK/code/cgame/cg_draw.cpp:3940:4 | |
| #11 0x7fb6b6dda441 in CG_DrawActive(stereoFrame_t) /home/civil/src/OpenJK/code/cgame/cg_draw.cpp:4296:2 | |
| #12 0x7fb6b6ef33ef in CG_DrawActiveFrame(int, stereoFrame_t) /home/civil/src/OpenJK/code/cgame/cg_view.cpp:2253:3 | |
| #13 0x7fb6b6e40ce9 in vmMain /home/civil/src/OpenJK/code/cgame/cg_main.cpp:115:3 | |
| #14 0x596213 in VM_Call(int, ...) /home/civil/src/OpenJK/code/client/vmachine.cpp:46:10 | |
| #15 0x4eacc2 in CL_CGameRendering(stereoFrame_t) /home/civil/src/OpenJK/code/client/cl_cgame.cpp:1473:2 | |
| #16 0x52df41 in SCR_DrawScreenField(stereoFrame_t) /home/civil/src/OpenJK/code/client/cl_scrn.cpp:452:5 | |
| #17 0x52e21d in SCR_UpdateScreen() /home/civil/src/OpenJK/code/client/cl_scrn.cpp:506:4 | |
| #18 0x52461e in CL_Frame(int, float) /home/civil/src/OpenJK/code/client/cl_main.cpp:869:3 | |
| #19 0x5d4edc in Com_Frame() /home/civil/src/OpenJK/code/qcommon/common.cpp:1419:4 | |
| #20 0x710e6d in main /home/civil/src/OpenJK/shared/sys/sys_main.cpp:789:3 | |
| #21 0x7fb6dd0435af in __libc_start_main (/lib64/libc.so.6+0x205af) | |
| #22 0x41cf98 in _start (/home/civil/src/OpenJK/dist/usr/local/JediAcademy/openjk_sp.x86_64+0x41cf98) | |
| 0x60e000014c20 is located 64 bytes inside of 160-byte region [0x60e000014be0,0x60e000014c80) | |
| allocated by thread T0 here: | |
| #0 0x4dedf0 in operator new(unsigned long) /var/tmp/portage/sys-devel/llvm-3.7.0-r4/work/llvm-3.7.0.src/projects/compiler-rt/lib/asan/asan_new_delete.cc:62 | |
| #1 0x7fb6b6dcf965 in __gnu_cxx::new_allocator<StringAndSize_t>::allocate(unsigned long, void const*) /usr/lib/gcc/x86_64-pc-linux-gnu/5.3.0/include/g++-v5/ext/new_allocator.h:104:27 | |
| #2 0x7fb6b6dcf90b in std::allocator_traits<std::allocator<StringAndSize_t> >::allocate(std::allocator<StringAndSize_t>&, unsigned long) /usr/lib/gcc/x86_64-pc-linux-gnu/5.3.0/include/g++-v5/bits/alloc_traits.h:360:16 | |
| #3 0x7fb6b6dcf8b2 in std::_Vector_base<StringAndSize_t, std::allocator<StringAndSize_t> >::_M_allocate(unsigned long) /usr/lib/gcc/x86_64-pc-linux-gnu/5.3.0/include/g++-v5/bits/stl_vector.h:170:20 | |
| #4 0x7fb6b6dd034b in void std::vector<StringAndSize_t, std::allocator<StringAndSize_t> >::_M_emplace_back_aux<StringAndSize_t>(StringAndSize_t&&) /usr/lib/gcc/x86_64-pc-linux-gnu/5.3.0/include/g++-v5/bits/vector.tcc:412:22 | |
| #5 0x7fb6b6dd027a in void std::vector<StringAndSize_t, std::allocator<StringAndSize_t> >::emplace_back<StringAndSize_t>(StringAndSize_t&&) /usr/lib/gcc/x86_64-pc-linux-gnu/5.3.0/include/g++-v5/bits/vector.tcc:101:4 | |
| #6 0x7fb6b6dcc26f in std::vector<StringAndSize_t, std::allocator<StringAndSize_t> >::push_back(StringAndSize_t&&) /usr/lib/gcc/x86_64-pc-linux-gnu/5.3.0/include/g++-v5/bits/stl_vector.h:932:9 | |
| #7 0x7fb6b6dc9bc8 in CG_Credits_Init(char const*, float (*) [4]) /home/civil/src/OpenJK/code/cgame/cg_credits.cpp:437:8 | |
| #8 0x7fb6b6dd6a6c in CG_DrawCredits() /home/civil/src/OpenJK/code/cgame/cg_draw.cpp:2420:3 | |
| #9 0x7fb6b6dda8f7 in CG_Draw2D() /home/civil/src/OpenJK/code/cgame/cg_draw.cpp:3940:4 | |
| #10 0x7fb6b6dda441 in CG_DrawActive(stereoFrame_t) /home/civil/src/OpenJK/code/cgame/cg_draw.cpp:4296:2 | |
| #11 0x7fb6b6ef33ef in CG_DrawActiveFrame(int, stereoFrame_t) /home/civil/src/OpenJK/code/cgame/cg_view.cpp:2253:3 | |
| #12 0x7fb6b6e40ce9 in vmMain /home/civil/src/OpenJK/code/cgame/cg_main.cpp:115:3 | |
| #13 0x596213 in VM_Call(int, ...) /home/civil/src/OpenJK/code/client/vmachine.cpp:46:10 | |
| #14 0x4eacc2 in CL_CGameRendering(stereoFrame_t) /home/civil/src/OpenJK/code/client/cl_cgame.cpp:1473:2 | |
| #15 0x52df41 in SCR_DrawScreenField(stereoFrame_t) /home/civil/src/OpenJK/code/client/cl_scrn.cpp:452:5 | |
| #16 0x52e21d in SCR_UpdateScreen() /home/civil/src/OpenJK/code/client/cl_scrn.cpp:506:4 | |
| #17 0x52461e in CL_Frame(int, float) /home/civil/src/OpenJK/code/client/cl_main.cpp:869:3 | |
| #18 0x5d4edc in Com_Frame() /home/civil/src/OpenJK/code/qcommon/common.cpp:1419:4 | |
| #19 0x710e6d in main /home/civil/src/OpenJK/shared/sys/sys_main.cpp:789:3 | |
| #20 0x7fb6dd0435af in __libc_start_main (/lib64/libc.so.6+0x205af) | |
| SUMMARY: AddressSanitizer: bad-free /var/tmp/portage/sys-devel/llvm-3.7.0-r4/work/llvm-3.7.0.src/projects/compiler-rt/lib/asan/asan_new_delete.cc:94 in operator delete(void*) | |
| ==16847==ABORTING | |
| ==20452==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60400009b978 at pc 0x00000049e414 bp 0x7ffeb0108230 sp 0x7ffeb01079e0 | |
| READ of size 12 at 0x60400009b978 thread T0 | |
| #0 0x49e413 in __asan_memcpy /var/tmp/portage/sys-devel/llvm-3.7.0-r4/work/llvm-3.7.0.src/projects/compiler-rt/lib/asan/asan_interceptors.cc:421 | |
| #1 0x7f0882c734a5 in void CBlockMember::WriteDataPointer<float>(float const*, int, CIcarus*) /home/civil/src/OpenJK/code/icarus/blockstream.h:101:3 | |
| #2 0x7f0882c6faeb in CBlockMember::SetData(float*, CIcarus*) /home/civil/src/OpenJK/code/icarus/BlockStream.cpp:102:2 | |
| #3 0x7f0882c7122d in CBlock::Write(int, float*, CIcarus*) /home/civil/src/OpenJK/code/icarus/BlockStream.cpp:284:2 | |
| #4 0x7f0882c92cc1 in CSequence::LoadCommand(CBlock*, CIcarus*) /home/civil/src/OpenJK/code/icarus/Sequence.cpp:518:4 | |
| #5 0x7f0882c93f91 in CSequence::Load(CIcarus*) /home/civil/src/OpenJK/code/icarus/Sequence.cpp:688:3 | |
| #6 0x7f0882c7f1a1 in CIcarus::LoadSequences() /home/civil/src/OpenJK/code/icarus/IcarusImplementation.cpp:641:10 | |
| #7 0x7f0882c7fa3a in CIcarus::Load() /home/civil/src/OpenJK/code/icarus/IcarusImplementation.cpp:708:7 | |
| #8 0x7f088268e85d in ReadGEntities(int) /home/civil/src/OpenJK/code/game/g_savegame.cpp:1138:3 | |
| #9 0x7f088268c2c6 in ReadLevel(int, int) /home/civil/src/OpenJK/code/game/g_savegame.cpp:1233:2 | |
| #10 0x650281 in SG_ReadSavegame(char const*) /home/civil/src/OpenJK/code/server/sv_savegame.cpp:1144:2 | |
| #11 0x65068e in SV_LoadGame_f() /home/civil/src/OpenJK/code/server/sv_savegame.cpp:414:7 | |
| #12 0x5cb366 in Cmd_ExecuteString(char const*) /home/civil/src/OpenJK/code/qcommon/cmd.cpp:726:5 | |
| #13 0x5cbdf7 in Cbuf_Execute() /home/civil/src/OpenJK/code/qcommon/cmd.cpp:251:3 | |
| #14 0x5d4bb1 in Com_Frame() /home/civil/src/OpenJK/code/qcommon/common.cpp:1375:3 | |
| #15 0x710e6d in main /home/civil/src/OpenJK/shared/sys/sys_main.cpp:789:3 | |
| #16 0x7f08a9e695af in __libc_start_main (/lib64/libc.so.6+0x205af) | |
| #17 0x41cf98 in _start (/home/civil/src/OpenJK/dist/usr/local/JediAcademy/openjk_sp.x86_64+0x41cf98) | |
| 0x60400009b978 is located 0 bytes to the right of 40-byte region [0x60400009b950,0x60400009b978) | |
| allocated by thread T0 here: | |
| #0 0x4b33c0 in calloc /var/tmp/portage/sys-devel/llvm-3.7.0-r4/work/llvm-3.7.0.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:56 | |
| #1 0x634f2b in Z_Malloc(int, unsigned int, int, int) /home/civil/src/OpenJK/code/qcommon/z_memman_pc.cpp:279:31 | |
| #2 0x646353 in G_ZMalloc_Helper(int, unsigned int, int) /home/civil/src/OpenJK/code/server/sv_game.cpp:420:9 | |
| #3 0x7f0882900fae in CQuake3GameInterface::Malloc(int) /home/civil/src/OpenJK/code/game/Q3_Interface.cpp:11196:9 | |
| #4 0x7f0882c929a5 in CSequence::LoadCommand(CBlock*, CIcarus*) /home/civil/src/OpenJK/code/icarus/Sequence.cpp:489:18 | |
| #5 0x7f0882c93f91 in CSequence::Load(CIcarus*) /home/civil/src/OpenJK/code/icarus/Sequence.cpp:688:3 | |
| #6 0x7f0882c7f1a1 in CIcarus::LoadSequences() /home/civil/src/OpenJK/code/icarus/IcarusImplementation.cpp:641:10 | |
| #7 0x7f0882c7fa3a in CIcarus::Load() /home/civil/src/OpenJK/code/icarus/IcarusImplementation.cpp:708:7 | |
| #8 0x7f088268e85d in ReadGEntities(int) /home/civil/src/OpenJK/code/game/g_savegame.cpp:1138:3 | |
| #9 0x7f088268c2c6 in ReadLevel(int, int) /home/civil/src/OpenJK/code/game/g_savegame.cpp:1233:2 | |
| #10 0x650281 in SG_ReadSavegame(char const*) /home/civil/src/OpenJK/code/server/sv_savegame.cpp:1144:2 | |
| #11 0x65068e in SV_LoadGame_f() /home/civil/src/OpenJK/code/server/sv_savegame.cpp:414:7 | |
| #12 0x5cb366 in Cmd_ExecuteString(char const*) /home/civil/src/OpenJK/code/qcommon/cmd.cpp:726:5 | |
| #13 0x5cbdf7 in Cbuf_Execute() /home/civil/src/OpenJK/code/qcommon/cmd.cpp:251:3 | |
| #14 0x5d4bb1 in Com_Frame() /home/civil/src/OpenJK/code/qcommon/common.cpp:1375:3 | |
| #15 0x710e6d in main /home/civil/src/OpenJK/shared/sys/sys_main.cpp:789:3 | |
| #16 0x7f08a9e695af in __libc_start_main (/lib64/libc.so.6+0x205af) | |
| SUMMARY: AddressSanitizer: heap-buffer-overflow /var/tmp/portage/sys-devel/llvm-3.7.0-r4/work/llvm-3.7.0.src/projects/compiler-rt/lib/asan/asan_interceptors.cc:421 in __asan_memcpy | |
| Shadow bytes around the buggy address: | |
| 0x0c088000b6d0: fa fa 00 00 00 00 00 05 fa fa fd fd fd fd fd fd | |
| 0x0c088000b6e0: fa fa 00 00 00 00 00 fa fa fa 00 00 00 00 00 05 | |
| 0x0c088000b6f0: fa fa 00 00 00 00 00 01 fa fa fd fd fd fd fd fd | |
| 0x0c088000b700: fa fa 00 00 00 00 00 06 fa fa 00 00 00 00 02 fa | |
| 0x0c088000b710: fa fa fd fd fd fd fd fa fa fa 00 00 00 00 00 fa | |
| =>0x0c088000b720: fa fa 00 00 00 00 00 01 fa fa 00 00 00 00 00[fa] | |
| 0x0c088000b730: fa fa 00 00 00 00 00 fa fa fa 00 00 00 00 00 00 | |
| 0x0c088000b740: fa fa 00 00 00 00 00 04 fa fa fa fa fa fa fa fa | |
| 0x0c088000b750: fa fa 00 00 00 00 00 03 fa fa fa fa fa fa fa fa | |
| 0x0c088000b760: fa fa 00 00 00 00 00 06 fa fa 00 00 00 00 00 00 | |
| 0x0c088000b770: fa fa fa fa fa fa fa fa fa fa 00 00 00 00 00 07 | |
| Shadow byte legend (one shadow byte represents 8 application bytes): | |
| Addressable: 00 | |
| Partially addressable: 01 02 03 04 05 06 07 | |
| Heap left redzone: fa | |
| Heap right redzone: fb | |
| Freed heap region: fd | |
| Stack left redzone: f1 | |
| Stack mid redzone: f2 | |
| Stack right redzone: f3 | |
| Stack partial redzone: f4 | |
| Stack after return: f5 | |
| Stack use after scope: f8 | |
| Global redzone: f9 | |
| Global init order: f6 | |
| Poisoned by user: f7 | |
| Container overflow: fc | |
| Array cookie: ac | |
| Intra object redzone: bb | |
| ASan internal: fe | |
| Left alloca redzone: ca | |
| Right alloca redzone: cb | |
| ==20452==ABORTING | |
| ==15714==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7f23028a3c58 at pc 0x7f2301c272ca bp 0x7ffe5359e8b0 sp 0x7ffe5359e8a0 | |
| READ of size 4 at 0x7f23028a3c58 thread T0 | |
| #0 0x7f2301c272c9 in WP_SaberDamageEffects(trace_t*, float const*, float, float, float*, float*, int, saberType_t, saberInfo_t*, int) /home/civil/src/OpenJK-civil/code/game/wp_saber.cpp:2277 | |
| #1 0x7f2301c2c028 in WP_SaberDamageForTrace(int, float*, float*, float, float*, int, int, saberType_t, int, int, int) /home/civil/src/OpenJK-civil/code/game/wp_saber.cpp:2929 | |
| #2 0x7f2301c3c788 in WP_SaberDamageTrace(gentity_s*, int, int) /home/civil/src/OpenJK-civil/code/game/wp_saber.cpp:5066 | |
| #3 0x7f2301c440e0 in WP_SabersDamageTrace(gentity_s*, int) /home/civil/src/OpenJK-civil/code/game/wp_saber.cpp:5812 | |
| #4 0x7f23019d19b7 in ClientEvents(gentity_s*, int) /home/civil/src/OpenJK-civil/code/game/g_active.cpp:1832 | |
| #5 0x7f23019f43ac in ClientThink_real(gentity_s*, usercmd_s*) /home/civil/src/OpenJK-civil/code/game/g_active.cpp:5481 | |
| #6 0x7f23019f61ec in ClientThink(int, usercmd_s*) /home/civil/src/OpenJK-civil/code/game/g_active.cpp:5696 | |
| #7 0x4dd676 in SV_ClientThink(client_s*, usercmd_s*) /home/civil/src/OpenJK-civil/code/server/sv_client.cpp:399 | |
| #8 0x4de1b0 in SV_UserMove /home/civil/src/OpenJK-civil/code/server/sv_client.cpp:520 | |
| #9 0x4de378 in SV_ExecuteClientMessage(client_s*, msg_t*) /home/civil/src/OpenJK-civil/code/server/sv_client.cpp:565 | |
| #10 0x4e63a5 in SV_PacketEvent(netadr_s, msg_t*) /home/civil/src/OpenJK-civil/code/server/sv_main.cpp:348 | |
| #11 0x49b4e4 in Com_RunAndTimeServerPacket(netadr_s*, msg_t*) /home/civil/src/OpenJK-civil/code/qcommon/common.cpp:815 | |
| #12 0x49b7a1 in Com_EventLoop() /home/civil/src/OpenJK-civil/code/qcommon/common.cpp:854 | |
| #13 0x49cb9a in Com_Frame() /home/civil/src/OpenJK-civil/code/qcommon/common.cpp:1369 | |
| #14 0x572901 in main /home/civil/src/OpenJK-civil/shared/sys/sys_main.cpp:789 | |
| #15 0x7f23281405af in __libc_start_main (/lib64/libc.so.6+0x205af) | |
| #16 0x406bf8 in _start (/home/civil/src/OpenJK/dist/usr/local/JediAcademy/openjk_sp.x86_64+0x406bf8) | |
| 0x7f23028a3c58 is located 20 bytes to the right of global variable 'numVictims' defined in '/home/civil/src/OpenJK-civil/code/game/wp_saber.cpp:50:13' (0x7f23028a3c40) of size 4 | |
| 0x7f23028a3c58 is located 40 bytes to the left of global variable 'g_saberNoEffects' defined in '/home/civil/src/OpenJK-civil/code/game/wp_saber.cpp:168:10' (0x7f23028a3c80) of size 4 | |
| SUMMARY: AddressSanitizer: global-buffer-overflow /home/civil/src/OpenJK-civil/code/game/wp_saber.cpp:2277 WP_SaberDamageEffects(trace_t*, float const*, float, float, float*, float*, int, saberType_t, saberInfo_t*, int) | |
| Shadow bytes around the buggy address: | |
| 0x0fe4e050c730: 00 00 00 00 f9 f9 f9 f9 00 00 00 00 00 00 00 00 | |
| 0x0fe4e050c740: f9 f9 f9 f9 00 00 00 00 00 00 00 00 f9 f9 f9 f9 | |
| 0x0fe4e050c750: 00 00 00 00 00 00 00 00 f9 f9 f9 f9 00 00 00 00 | |
| 0x0fe4e050c760: 00 00 00 00 f9 f9 f9 f9 00 04 f9 f9 f9 f9 f9 f9 | |
| 0x0fe4e050c770: 04 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 | |
| =>0x0fe4e050c780: 04 f9 f9 f9 f9 f9 f9 f9 04 f9 f9[f9]f9 f9 f9 f9 | |
| 0x0fe4e050c790: 04 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 | |
| 0x0fe4e050c7a0: 04 f9 f9 f9 f9 f9 f9 f9 00 04 f9 f9 f9 f9 f9 f9 | |
| 0x0fe4e050c7b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
| 0x0fe4e050c7c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
| 0x0fe4e050c7d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
| Shadow byte legend (one shadow byte represents 8 application bytes): | |
| Addressable: 00 | |
| Partially addressable: 01 02 03 04 05 06 07 | |
| Heap left redzone: fa | |
| Heap right redzone: fb | |
| Freed heap region: fd | |
| Stack left redzone: f1 | |
| Stack mid redzone: f2 | |
| Stack right redzone: f3 | |
| Stack partial redzone: f4 | |
| Stack after return: f5 | |
| Stack use after scope: f8 | |
| Global redzone: f9 | |
| Global init order: f6 | |
| Poisoned by user: f7 | |
| Container overflow: fc | |
| Array cookie: ac | |
| Intra object redzone: bb | |
| ASan internal: fe | |
| ==15714==ABORTING |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment