widelands

Opening a network game in local lan crashes throug ASAN

Bug #1734534 reported by SirVer on 2017-11-26

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	widelands	Fix Released	Critical	Unassigned	widelands build20-rc1

Bug Description

Repro: "Multiplayer" -> LAN -> "Host a new game" -> "Map" -> select any map through doubleclick.

Last few lines from stdout:

[] Section [global], key 'ai_training' not used (did you spell the name correctly?)
[] Section [global], key 'auto_speed' not used (did you spell the name correctly?)
[LAN] Started an IPv4 socket on UDP port 7394.
[LAN] Started an IPv6 socket on UDP port 7394.
[LAN] Will broadcast to 127.0.0.1.
[LAN] Will broadcast to 192.168.178.255.
[LAN] Will broadcast for IPv6.
[Host]: starting up.
[NetHost]: Opening a listening IPv4 socket on TCP port 7396
[NetHost]: Opening a listening IPv6 socket on TCP port 7396
[LAN] Started an IPv4 socket on UDP port 7395.
[LAN] Started an IPv6 socket on UDP port 7395.
[LAN] Will broadcast to 127.0.0.1.
[LAN] Will broadcast to 192.168.178.255.
[LAN] Will broadcast for IPv6.
=================================================================
==49172==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6100000ff000 at pc 0x000104201a89 bp 0x7ffeed484320 sp 0x7ffeed484318
READ of size 4 at 0x6100000ff000 thread T0
    #0 0x104201a88 in MultiPlayerPlayerGroup::MultiPlayerPlayerGroup(UI::Panel*, int, int, unsigned char, GameSettingsProvider*, NetworkPlayerSettingsBackend*)::'lambda'(NoteGameSettings const&)::operator()(NoteGameSettings const&) const (/Users/sirver/Desktop/Programming/cpp/widelands/bzr_repo/../build/debug/src/widelands:x86_64+0x101a99a88)
    #1 0x10420159c in _ZNSt3__128__invoke_void_return_wrapperIvE6__callIJRZN22MultiPlayerPlayerGroupC1EPN2UI5PanelEiihP20GameSettingsProviderP28NetworkPlayerSettingsBackendEUlRK16NoteGameSettingsE_SD_EEEvDpOT_ (/Users/sirver/Desktop/Programming/cpp/widelands/bzr_repo/../build/debug/src/widelands:x86_64+0x101a9959c)
    #2 0x1042013f8 in std::__1::__function::__func<MultiPlayerPlayerGroup::MultiPlayerPlayerGroup(UI::Panel*, int, int, unsigned char, GameSettingsProvider*, NetworkPlayerSettingsBackend*)::'lambda'(NoteGameSettings const&), std::__1::allocator<MultiPlayerPlayerGroup::MultiPlayerPlayerGroup(UI::Panel*, int, int, unsigned char, GameSettingsProvider*, NetworkPlayerSettingsBackend*)::'lambda'(NoteGameSettings const&)>, void (NoteGameSettings const&)>::operator()(NoteGameSettings const&) (/Users/sirver/Desktop/Programming/cpp/widelands/bzr_repo/../build/debug/src/widelands:x86_64+0x101a993f8)
    #3 0x10375ece2 in std::__1::function<void (NoteGameSettings const&)>::operator()(NoteGameSettings const&) const (/Users/sirver/Desktop/Programming/cpp/widelands/bzr_repo/../build/debug/src/widelands:x86_64+0x100ff6ce2)
    #4 0x10375ea01 in void Notifications::NotificationsManager::publish<NoteGameSettings>(NoteGameSettings const&) (/Users/sirver/Desktop/Programming/cpp/widelands/bzr_repo/../build/debug/src/widelands:x86_64+0x100ff6a01)
    #5 0x10372ce0c in void Notifications::publish<NoteGameSettings>(NoteGameSettings const&) (/Users/sirver/Desktop/Programming/cpp/widelands/bzr_repo/../build/debug/src/widelands:x86_64+0x100fc4e0c)
    #6 0x1037bf2fe in GameHost::write_setting_player(SendPacket&, unsigned char) (/Users/sirver/Desktop/Programming/cpp/widelands/bzr_repo/../build/debug/src/widelands:x86_64+0x1010572fe)
    #7 0x1037ba2b2 in GameHost::write_setting_all_players(SendPacket&) (/Users/sirver/Desktop/Programming/cpp/widelands/bzr_repo/../build/debug/src/widelands:x86_64+0x1010522b2)
    #8 0x1037b829b in GameHost::set_map(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, unsigned int, bool) (/Users/sirver/Desktop/Programming/cpp/widelands/bzr_repo/../build/debug/src/widelands:x86_64+0x10105029b)
    #9 0x1037f4493 in HostGameSettingsProvider::set_map(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, unsigned int, bool) (/Users/sirver/Desktop/Programming/cpp/widelands/bzr_repo/../build/debug/src/widelands:x86_64+0x10108c493)
    #10 0x103bea7b7 in FullscreenMenuLaunchMPG::select_map() (/Users/sirver/Desktop/Programming/cpp/widelands/bzr_repo/../build/debug/src/widelands:x86_64+0x1014827b7)
    #11 0x103be7143 in FullscreenMenuLaunchMPG::change_map_or_save() (/Users/sirver/Desktop/Programming/cpp/widelands/bzr_repo/../build/debug/src/widelands:x86_64+0x10147f143)
    #12 0x103be5a64 in FullscreenMenuLaunchMPG::FullscreenMenuLaunchMPG(GameSettingsProvider*, GameController*) (/Users/sirver/Desktop/Programming/cpp/widelands/bzr_repo/../build/debug/src/widelands:x86_64+0x10147da64)
    #13 0x103be85c4 in FullscreenMenuLaunchMPG::FullscreenMenuLaunchMPG(GameSettingsProvider*, GameController*) (/Users/sirver/Desktop/Programming/cpp/widelands/bzr_repo/../build/debug/src/widelands:x86_64+0x1014805c4)
    #14 0x10379679c in GameHost::run() (/Users/sirver/Desktop/Programming/cpp/widelands/bzr_repo/../build/debug/src/widelands:x86_64+0x10102e79c)
    #15 0x1027b8fa2 in WLApplication::mainmenu_multiplayer() (/Users/sirver/Desktop/Programming/cpp/widelands/bzr_repo/../build/debug/src/widelands:x86_64+0x100050fa2)
    #16 0x102793077 in WLApplication::mainmenu() (/Users/sirver/Desktop/Programming/cpp/widelands/bzr_repo/../build/debug/src/widelands:x86_64+0x10002b077)
    #17 0x10278d72d in WLApplication::run() (/Users/sirver/Desktop/Programming/cpp/widelands/bzr_repo/../build/debug/src/widelands:x86_64+0x10002572d)
    #18 0x10276db1f in main (/Users/sirver/Desktop/Programming/cpp/widelands/bzr_repo/../build/debug/src/widelands:x86_64+0x100005b1f)
    #19 0x7fff51e1d144 in start (/usr/lib/system/libdyld.dylib:x86_64+0x1144)

0x6100000ff000 is located 0 bytes to the right of 192-byte region [0x6100000fef40,0x6100000ff000)
allocated by thread T0 here:
    #0 0x107b9c39b in wrap__Znwm (/Users/sirver/.rustup/toolchains/stable-x86_64-apple-darwin/lib/libclang_rt.asan_osx_dynamic.dylib:x86_64+0x6439b)
    #1 0x103775558 in std::__1::__split_buffer<PlayerSettings, std::__1::allocator<PlayerSettings>&>::__split_buffer(unsigned long, unsigned long, std::__1::allocator<PlayerSettings>&) (/Users/sirver/Desktop/Programming/cpp/widelands/bzr_repo/../build/debug/src/widelands:x86_64+0x10100d558)
    #2 0x1037723ec in std::__1::__split_buffer<PlayerSettings, std::__1::allocator<PlayerSettings>&>::__split_buffer(unsigned long, unsigned long, std::__1::allocator<PlayerSettings>&) (/Users/sirver/Desktop/Programming/cpp/widelands/bzr_repo/../build/debug/src/widelands:x86_64+0x10100a3ec)
    #3 0x103771e88 in std::__1::vector<PlayerSettings, std::__1::allocator<PlayerSettings> >::__append(unsigned long) (/Users/sirver/Desktop/Programming/cpp/widelands/bzr_repo/../build/debug/src/widelands:x86_64+0x101009e88)
    #4 0x103740f49 in std::__1::vector<PlayerSettings, std::__1::allocator<PlayerSettings> >::resize(unsigned long) (/Users/sirver/Desktop/Programming/cpp/widelands/bzr_repo/../build/debug/src/widelands:x86_64+0x100fd8f49)
    #5 0x1037b7d5d in GameHost::set_map(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, unsigned int, bool) (/Users/sirver/Desktop/Programming/cpp/widelands/bzr_repo/../build/debug/src/widelands:x86_64+0x10104fd5d)
    #6 0x1037f4493 in HostGameSettingsProvider::set_map(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, unsigned int, bool) (/Users/sirver/Desktop/Programming/cpp/widelands/bzr_repo/../build/debug/src/widelands:x86_64+0x10108c493)
    #7 0x103bea7b7 in FullscreenMenuLaunchMPG::select_map() (/Users/sirver/Desktop/Programming/cpp/widelands/bzr_repo/../build/debug/src/widelands:x86_64+0x1014827b7)
    #8 0x103be7143 in FullscreenMenuLaunchMPG::change_map_or_save() (/Users/sirver/Desktop/Programming/cpp/widelands/bzr_repo/../build/debug/src/widelands:x86_64+0x10147f143)
    #9 0x103be5a64 in FullscreenMenuLaunchMPG::FullscreenMenuLaunchMPG(GameSettingsProvider*, GameController*) (/Users/sirver/Desktop/Programming/cpp/widelands/bzr_repo/../build/debug/src/widelands:x86_64+0x10147da64)
    #10 0x103be85c4 in FullscreenMenuLaunchMPG::FullscreenMenuLaunchMPG(GameSettingsProvider*, GameController*) (/Users/sirver/Desktop/Programming/cpp/widelands/bzr_repo/../build/debug/src/widelands:x86_64+0x1014805c4)
    #11 0x10379679c in GameHost::run() (/Users/sirver/Desktop/Programming/cpp/widelands/bzr_repo/../build/debug/src/widelands:x86_64+0x10102e79c)
    #12 0x1027b8fa2 in WLApplication::mainmenu_multiplayer() (/Users/sirver/Desktop/Programming/cpp/widelands/bzr_repo/../build/debug/src/widelands:x86_64+0x100050fa2)
    #13 0x102793077 in WLApplication::mainmenu() (/Users/sirver/Desktop/Programming/cpp/widelands/bzr_repo/../build/debug/src/widelands:x86_64+0x10002b077)
    #14 0x10278d72d in WLApplication::run() (/Users/sirver/Desktop/Programming/cpp/widelands/bzr_repo/../build/debug/src/widelands:x86_64+0x10002572d)
    #15 0x10276db1f in main (/Users/sirver/Desktop/Programming/cpp/widelands/bzr_repo/../build/debug/src/widelands:x86_64+0x100005b1f)
    #16 0x7fff51e1d144 in start (/usr/lib/system/libdyld.dylib:x86_64+0x1144)

SUMMARY: AddressSanitizer: heap-buffer-overflow (/Users/sirver/Desktop/Programming/cpp/widelands/bzr_repo/../build/debug/src/widelands:x86_64+0x101a99a88) in MultiPlayerPlayerGroup::MultiPlayerPlayerGroup(UI::Panel*, int, int, unsigned char, GameSettingsProvider*, NetworkPlayerSettingsBackend*)::'lambda'(NoteGameSettings const&)::operator()(NoteGameSettings const&) const
Shadow bytes around the buggy address:
  0x1c200001fdb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c200001fdc0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x1c200001fdd0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c200001fde0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x1c200001fdf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x1c200001fe00:[fa]fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x1c200001fe10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c200001fe20: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x1c200001fe30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c200001fe40: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x1c200001fe50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable: 00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone: fa
  Freed heap region: fd
  Stack left redzone: f1
  Stack mid redzone: f2
  Stack right redzone: f3
  Stack after return: f5
  Stack use after scope: f8
  Global redzone: f9
  Global init order: f6
  Poisoned by user: f7
  Container overflow: fc
  Array cookie: ac
  Intra object redzone: bb
  ASan internal: fe
  Left alloca redzone: ca
  Right alloca redzone: cb
==49172==ABORTING

Tags:

Related branches

lp:~widelands-dev/widelands/fix_asan_crash_nethost

Merged into lp:widelands at revision 8507

GunChleoc: Approve on 2017-11-27

SirVer (sirver) on 2017-11-26

tags:

added: asan

Revision history for this message

GunChleoc (gunchleoc) wrote on 2017-11-26:

Previously reported in https://bugs.launchpad.net/widelands/+bug/1734126/comments/8

It's more appropriate to continue working in this branch now.

At the moment, I'm not sure that reporting ASAN issues is very useful unless you also have time to tackle the bug, or it happens under rare conditions only - there are just too many of them.

GunChleoc (gunchleoc) on 2017-11-26

Changed in widelands:
status:	New → Confirmed
milestone:	none → build20-rc1
importance:	Undecided → Critical

Revision history for this message

SirVer (sirver) wrote on 2017-11-26:

Okay, will not report more individual asan bugs. It's great that we now use this tool by default, it will help to find a ton of bugs.

Changed in widelands:
status:	Confirmed → In Progress
assignee:	nobody → SirVer (sirver)

Revision history for this message

GunChleoc (gunchleoc) wrote on 2017-11-27:

It definitely will!

GunChleoc (gunchleoc) on 2017-11-27

Changed in widelands:
status:	In Progress → Fix Committed
assignee:	SirVer (sirver) → nobody

Revision history for this message

GunChleoc (gunchleoc) wrote on 2019-04-22:

Fixed in build20-rc1

Changed in widelands:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

Bug #1733778

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.