Context Navigation

← Previous Ticket
Next Ticket →

#10869 closed defect (fixed)

GLK: FROTZ: Out of bounds read in Mem::initializeUndo

Reported by:	bgK	Owned by:	dreammaster
Priority:	normal	Component:	Engine: GLK
Version:		Keywords:
Cc:		Game:

Description

When running a z-code game with an ASan enabled scummvm build, the following error is shown:

==26763==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6060000c34e0 at pc 0x7fb36351111b bp 0x7ffd28f7da70 sp 0x7ffd28f7d218
READ of size 17435 at 0x6060000c34e0 thread T0
    #0 0x7fb36351111a in __interceptor_memcpy /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:737
    #1 0x556d4b086d0c in Glk::Frotz::Mem::initializeUndo() ../engines/glk/frotz/mem.cpp:82
    #2 0x556d4b08656f in Glk::Frotz::Mem::initialize() ../engines/glk/frotz/mem.cpp:39
    #3 0x556d4b091f0a in Glk::Frotz::Processor::initialize() ../engines/glk/frotz/processor.cpp:190
    #4 0x556d4b07c3fd in Glk::Frotz::Frotz::initialize() ../engines/glk/frotz/frotz.cpp:73
    #5 0x556d4b07bf6b in Glk::Frotz::Frotz::runGame() ../engines/glk/frotz/frotz.cpp:49
    #6 0x556d4b0eb560 in Glk::GlkEngine::run() ../engines/glk/glk.cpp:145
    #7 0x556d4affd721 in runGame ../base/main.cpp:273
    #8 0x556d4b0000d4 in scummvm_main ../base/main.cpp:545
    #9 0x556d4aff79f2 in main ../backends/platform/sdl/posix/posix-main.cpp:45
    #10 0x7fb3618b6222 in __libc_start_main (/usr/lib/libc.so.6+0x24222)
    #11 0x556d4afec66d in _start (/home/bastien/dev/scummvm/build/scummvm+0x16766d)

0x6060000c34e0 is located 0 bytes to the right of 64-byte region [0x6060000c34a0,0x6060000c34e0)
allocated by thread T0 here:
    #0 0x7fb3635c3019 in __interceptor_malloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:86
    #1 0x556d4b086ea2 in Glk::Frotz::Mem::loadGameHeader() ../engines/glk/frotz/mem.cpp:93
    #2 0x556d4b086563 in Glk::Frotz::Mem::initialize() ../engines/glk/frotz/mem.cpp:38
    #3 0x556d4b091f0a in Glk::Frotz::Processor::initialize() ../engines/glk/frotz/processor.cpp:190
    #4 0x556d4b07c3fd in Glk::Frotz::Frotz::initialize() ../engines/glk/frotz/frotz.cpp:73
    #5 0x556d4b07bf6b in Glk::Frotz::Frotz::runGame() ../engines/glk/frotz/frotz.cpp:49
    #6 0x556d4b0eb560 in Glk::GlkEngine::run() ../engines/glk/glk.cpp:145
    #7 0x556d4affd721 in runGame ../base/main.cpp:273
    #8 0x556d4b0000d4 in scummvm_main ../base/main.cpp:545
    #9 0x556d4aff79f2 in main ../backends/platform/sdl/posix/posix-main.cpp:45
    #10 0x7fb3618b6222 in __libc_start_main (/usr/lib/libc.so.6+0x24222)

I believe the undo memory should be initialized after reading the story file. Mem::initializeUndo makes a copy of it.

Change History (1)

comment:1 by dreammaster, 6 years ago

Owner:	set to dreammaster
Resolution:	→ fixed
Status:	new → closed

In 8515590b:

GLK: FROTZ: Fix #10869 Crash initializing undo data

Note: See TracTickets for help on using tickets.

Download in other formats: