カテゴリ 重要度 ステータス 解決状況 登録日時 最終更新
その他重要 (本体)仮承認未処理2018-01-08 18:492018-01-10 07:01
 
テスターFirewave担当者 ソースmegadriv.cpp
バージョン0.193発生バージョン修正バージョン
フラグ
セット megadriv, megadrij
セット詳細
megadrij - メガドライブ (日本版, NTSC)
megadriv - メガドライブ (EU版, PAL)
 
概 要-cart starodysで、AddressSanitizer: heap-buffer-overflowエラー発生。
詳 細
==112120==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62900072c200 at pc 0x000009e3e96a bp 0x7ffc1ac48190 sp 0x7ffc1ac48188
WRITE of size 2 at 0x62900072c200 thread T0
    #0 0x9e3e969 in write /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/bus/megadrive/rom.cpp:1500:28
    #1 0x9e3e969 in non-virtual thunk to md_rom_starodys_device::write(address_space&, unsigned int, unsigned short, unsigned short) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/bus/megadrive/rom.cpp
    #2 0x9e26b43 in base_md_cart_slot_device::write(address_space&, unsigned int, unsigned short, unsigned short) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/bus/megadrive/md_slot.cpp:965:11
    #3 0xe2c0a3d in operator() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:544:11
    #4 0xe2c0a3d in write16 /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.cpp:469
    #5 0xe2c0a3d in write_native /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.cpp:1172
    #6 0xe2c0a3d in write_direct<unsigned short, true> /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.cpp:1337
    #7 0xe2c0a3d in address_space_specific<unsigned short, (endianness_t)1, 0, true>::write_word(unsigned int, unsigned short, unsigned short) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.cpp:1479
    #8 0xb13d51d in m68000_base_device::m68000_write_byte(unsigned int, unsigned char) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kcpu.cpp:1249:11
    #9 0xb2f92e9 in operator() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:544:11
    #10 0xb2f92e9 in m68ki_write_8_fc /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kcpu.h:681
    #11 0xb2f92e9 in m68ki_write_8 /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kcpu.h:428
    #12 0xb2f92e9 in m68000_base_device::m68k_op_move_8_ai_d() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kops.cpp:16153
    #13 0xb1332d1 in m68000_base_device::execute_run() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kcpu.cpp:806:5
    #14 0xb13582f in non-virtual thunk to m68000_base_device::execute_run() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kcpu.cpp
    #15 0xe78e272 in run /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/diexec.h:188:15
    #16 0xe78e272 in device_scheduler::timeslice() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:481
    #17 0xe6a324b in running_machine::run(bool) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:357:17
    #18 0x8cd10e0 in mame_machine_manager::execute() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:236:19
    #19 0x8e1e0d3 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:257:22
    #20 0x8e20ee0 in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:273:3
    #21 0x8cd3717 in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:336:18
    #22 0x8acddf2 in main /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:216:9
    #23 0x7f780e82d82f in __libc_start_main /build/glibc-bfm8X4/glibc-2.23/csu/../csu/libc-start.c:291
    #24 0x1431838 in _start (/mnt/mame/mame64_as+0x1431838)

Address 0x62900072c200 is a wild pointer.
SUMMARY: AddressSanitizer: heap-buffer-overflow /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/bus/megadrive/rom.cpp:1500:28 in write
Shadow bytes around the buggy address:
  0x0c52800dd7f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c52800dd800: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c52800dd810: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c52800dd820: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c52800dd830: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c52800dd840:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c52800dd850: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c52800dd860: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c52800dd870: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c52800dd880: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c52800dd890: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
再現手順 
追加情報 
 
添付ファイル