[Scummvm-tracker] [ScummVM] #10869: GLK: FROTZ: Out of bounds read in Mem::initializeUndo
ScummVM
trac at scummvm.org
Sun Jan 6 17:53:56 CET 2019
#10869: GLK: FROTZ: Out of bounds read in Mem::initializeUndo
-------------------+-------------------------
Reporter: bgK | Owner: (none)
Type: defect | Status: new
Priority: normal | Component: Engine: GLK
Keywords: | Game:
-------------------+-------------------------
When running a z-code game with an ASan enabled scummvm build, the
following error is shown:
{{{
==26763==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x6060000c34e0 at pc 0x7fb36351111b bp 0x7ffd28f7da70 sp 0x7ffd28f7d218
READ of size 17435 at 0x6060000c34e0 thread T0
#0 0x7fb36351111a in __interceptor_memcpy
/build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:737
#1 0x556d4b086d0c in Glk::Frotz::Mem::initializeUndo()
../engines/glk/frotz/mem.cpp:82
#2 0x556d4b08656f in Glk::Frotz::Mem::initialize()
../engines/glk/frotz/mem.cpp:39
#3 0x556d4b091f0a in Glk::Frotz::Processor::initialize()
../engines/glk/frotz/processor.cpp:190
#4 0x556d4b07c3fd in Glk::Frotz::Frotz::initialize()
../engines/glk/frotz/frotz.cpp:73
#5 0x556d4b07bf6b in Glk::Frotz::Frotz::runGame()
../engines/glk/frotz/frotz.cpp:49
#6 0x556d4b0eb560 in Glk::GlkEngine::run() ../engines/glk/glk.cpp:145
#7 0x556d4affd721 in runGame ../base/main.cpp:273
#8 0x556d4b0000d4 in scummvm_main ../base/main.cpp:545
#9 0x556d4aff79f2 in main ../backends/platform/sdl/posix/posix-
main.cpp:45
#10 0x7fb3618b6222 in __libc_start_main (/usr/lib/libc.so.6+0x24222)
#11 0x556d4afec66d in _start
(/home/bastien/dev/scummvm/build/scummvm+0x16766d)
0x6060000c34e0 is located 0 bytes to the right of 64-byte region
[0x6060000c34a0,0x6060000c34e0)
allocated by thread T0 here:
#0 0x7fb3635c3019 in __interceptor_malloc
/build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:86
#1 0x556d4b086ea2 in Glk::Frotz::Mem::loadGameHeader()
../engines/glk/frotz/mem.cpp:93
#2 0x556d4b086563 in Glk::Frotz::Mem::initialize()
../engines/glk/frotz/mem.cpp:38
#3 0x556d4b091f0a in Glk::Frotz::Processor::initialize()
../engines/glk/frotz/processor.cpp:190
#4 0x556d4b07c3fd in Glk::Frotz::Frotz::initialize()
../engines/glk/frotz/frotz.cpp:73
#5 0x556d4b07bf6b in Glk::Frotz::Frotz::runGame()
../engines/glk/frotz/frotz.cpp:49
#6 0x556d4b0eb560 in Glk::GlkEngine::run() ../engines/glk/glk.cpp:145
#7 0x556d4affd721 in runGame ../base/main.cpp:273
#8 0x556d4b0000d4 in scummvm_main ../base/main.cpp:545
#9 0x556d4aff79f2 in main ../backends/platform/sdl/posix/posix-
main.cpp:45
#10 0x7fb3618b6222 in __libc_start_main (/usr/lib/libc.so.6+0x24222)
}}}
I believe the undo memory should be initialized after reading the story
file. Mem::initializeUndo makes a copy of it.
--
Ticket URL: <https://bugs.scummvm.org/ticket/10869>
ScummVM <https://bugs.scummvm.org>
ScummVM
More information about the Scummvm-tracker
mailing list