カテゴリ 重要度 ステータス 解決状況 登録日時 最終更新
その他重要 (本体)解決済み修正済み2015-03-06 02:402017-07-06 22:17
 
テスターFirewave担当者 ソースm92.cpp
バージョン0.159発生バージョン修正バージョン0.161
フラグ
セット nbbatman2bl
セット詳細
nbbatman2bl - Ninja Baseball Bat Man II (海賊版)
 
概 要AddressSanitizer: heap-buffer-overflow with -aviwriteエラー。
詳 細
==20714==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x625000129430 at pc 0x00000579676e bp 0x7fff7f53e230 sp 0x7fff7f53e228
READ of size 4 at 0x625000129430 thread T0
    #0 0x579676d in rgb_t::operator unsigned int() const /home/notroot/trunk/src/lib/util/palette.h:59:28
    #1 0x579676d in software_renderer<unsigned int, 0, 0, 0, 16, 8, 0, false, false>::get_texel_palette16(render_texinfo const&, int, int) /home/notroot/trunk/src/emu/rendersw.inc:157
    #2 0x579676d in software_renderer<unsigned int, 0, 0, 0, 16, 8, 0, false, false>::draw_quad_palette16_none(render_primitive const&, unsigned int*, unsigned int, software_renderer<unsigned int, 0, 0, 0, 16, 8, 0, false, false>::quad_setup_data&) /home/notroot/trunk/src/emu/rendersw.inc:640
    #3 0x579556e in software_renderer<unsigned int, 0, 0, 0, 16, 8, 0, false, false>::setup_and_draw_textured_quad(render_primitive const&, unsigned int*, int, int, unsigned int) /home/notroot/trunk/src/emu/rendersw.inc:1868:5
    #4 0x576dca8 in software_renderer<unsigned int, 0, 0, 0, 16, 8, 0, false, false>::draw_primitives(render_primitive_list const&, void*, unsigned int, unsigned int, unsigned int) /home/notroot/trunk/src/emu/rendersw.inc:1936:7
    #5 0x81dcc7a in video_manager::create_snapshot_bitmap(screen_device*) /home/notroot/trunk/src/emu/video.c:1095:3
    #6 0x81deb69 in video_manager::record_frame() /home/notroot/trunk/src/emu/video.c:1243:2
    #7 0x81d94ab in video_manager::finish_screen_updates() /home/notroot/trunk/src/emu/video.c:664:3
    #8 0x81d853f in video_manager::frame_update(bool) /home/notroot/trunk/src/emu/video.c:202:27
    #9 0x813f362 in screen_device::vblank_begin() /home/notroot/trunk/src/emu/screen.c:822:3
    #10 0x813f029 in screen_device::device_timer(emu_timer&, unsigned int, int, void*) /home/notroot/trunk/src/emu/screen.c:404:4
    #11 0x8136b63 in device_t::timer_expired(emu_timer&, unsigned int, int, void*) /home/notroot/trunk/src/emu/device.h:191:83
    #12 0x8136b63 in device_scheduler::execute_timers() /home/notroot/trunk/src/emu/schedule.c:902
    #13 0x813263b in device_scheduler::timeslice() /home/notroot/trunk/src/emu/schedule.c:517:2
    #14 0x804fe48 in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:397:5
    #15 0x8047ee6 in machine_manager::execute() /home/notroot/trunk/src/emu/mame.c:222:11
    #16 0x7e79dbc in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:220:15
    #17 0x575d9bb in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:322:9
    #18 0x7ff26f83fec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287
    #19 0x116cdfc in _start (/home/notroot/trunk/mame64d+0x116cdfc)

0x625000129430 is located 808 bytes to the right of 8200-byte region [0x625000127100,0x625000129108)
allocated by thread T0 here:
    #0 0x114f78b in __interceptor_malloc /home/ben/development/llvm/3.5/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:40:3
    #1 0x8b42538 in osd_malloc_array(unsigned long) /home/notroot/trunk/src/osd/modules/lib/osdlib_unix.c:89:9
    #2 0x8419fca in malloc_file_line(unsigned long, char const*, int, bool, bool, bool) /home/notroot/trunk/src/lib/util/corealloc.c:112:25
    #3 0x80cfbfd in operator new[](unsigned long, char const*, int) /home/notroot/trunk/src/lib/util/corealloc.h:72:125
    #4 0x80cfbfd in dynamic_array<rgb_t>::expand_internal(int) /home/notroot/trunk/src/lib/util/coretmpl.h:115
    #5 0x80cfbfd in dynamic_array<rgb_t>::resize(int) /home/notroot/trunk/src/lib/util/coretmpl.h:94
    #6 0x80cfbfd in render_container::bcg_lookup_table(int, palette_t*) /home/notroot/trunk/src/emu/render.c:728
    #7 0x80cf96c in render_texture::get_adjusted_palette(render_container&) /home/notroot/trunk/src/emu/render.c:546:11
    #8 0x80dc235 in render_target::add_container_primitives(render_primitive_list&, object_transform const&, render_container&, int) /home/notroot/trunk/src/emu/render.c:1739:30
    #9 0x80da1b6 in render_target::get_primitives() /home/notroot/trunk/src/emu/render.c:1320:7
    #10 0x81dcb2d in video_manager::create_snapshot_bitmap(screen_device*) /home/notroot/trunk/src/emu/video.c:1090:36
    #11 0x81deb69 in video_manager::record_frame() /home/notroot/trunk/src/emu/video.c:1243:2
    #12 0x81d94ab in video_manager::finish_screen_updates() /home/notroot/trunk/src/emu/video.c:664:3
    #13 0x81d853f in video_manager::frame_update(bool) /home/notroot/trunk/src/emu/video.c:202:27
    #14 0x813f362 in screen_device::vblank_begin() /home/notroot/trunk/src/emu/screen.c:822:3
    #15 0x813f029 in screen_device::device_timer(emu_timer&, unsigned int, int, void*) /home/notroot/trunk/src/emu/screen.c:404:4
    #16 0x8136b63 in device_t::timer_expired(emu_timer&, unsigned int, int, void*) /home/notroot/trunk/src/emu/device.h:191:83
    #17 0x8136b63 in device_scheduler::execute_timers() /home/notroot/trunk/src/emu/schedule.c:902
    #18 0x813263b in device_scheduler::timeslice() /home/notroot/trunk/src/emu/schedule.c:517:2
    #19 0x804fe48 in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:397:5
    #20 0x8047ee6 in machine_manager::execute() /home/notroot/trunk/src/emu/mame.c:222:11
    #21 0x7e79dbc in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:220:15
    #22 0x575d9bb in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:322:9
    #23 0x7ff26f83fec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287

SUMMARY: AddressSanitizer: heap-buffer-overflow /home/notroot/trunk/src/lib/util/palette.h:59 rgb_t::operator unsigned int() const
Shadow bytes around the buggy address:
  0x0c4a8001d230: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c4a8001d240: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c4a8001d250: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c4a8001d260: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c4a8001d270: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c4a8001d280: fa fa fa fa fa fa[fa]fa fa fa fa fa fa fa fa fa
  0x0c4a8001d290: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c4a8001d2a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c4a8001d2b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c4a8001d2c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c4a8001d2d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  ASan internal:           fe
再現手順 
追加情報 
 
添付ファイル