summaryrefslogtreecommitdiff
path: root/README
diff options
context:
space:
mode:
authorVito Caputo <vcaputo@pengaru.com>2022-06-09 07:38:39 -0700
committerVito Caputo <vcaputo@pengaru.com>2022-06-10 20:59:03 -0700
commit923aa25cfac8bfcb9e2a8f56398fa8fa7a6c8cc7 (patch)
tree5dfc70e6faf2896ad460d494b4e859ba0f32f91a /README
parentd944160f1d6a25710b298442972a8562ffc62942 (diff)
modules/pixbounce: use til_fb_put_pixel_checked()
While testing a checkers change that fills cells using other modules, ASAN kept tripping on pixbounce: ==147817==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7fc78a31c10c at pc 0x55b30cd406e2 bp 0x7fc790afd0d0 sp 0x7fc790afd0c8 WRITE of size 4 at 0x7fc78a31c10c thread T2 #0 0x55b30cd406e1 in til_fb_fragment_put_pixel_unchecked pixbounce.c #1 0x55b30cd3f8ae in pixbounce_render_fragment pixbounce.c #2 0x55b30cd1dffb in module_render_fragment til.c #3 0x55b30cd1d989 in til_module_render (/home/foo/src/rototiller/build/src/rototiller+0x134989) #4 0x55b30cd22534 in checkers_render_fragment checkers.c #5 0x55b30cd14681 in thread_func til_threads.c #6 0x7fc792b3d5c1 in start_thread pthread_create.c #7 0x7fc792bc2583 in __clone (/usr/lib/libc.so.6+0x112583) 0x7fc78a31c10c is located 2276 bytes to the right of 1228840-byte region [0x7fc78a1ef800,0x7fc78a31b828) allocated by thread T0 here: #0 0x55b30cccf219 in __interceptor_malloc (/home/foo/src/rototiller/build/src/rototiller+0xe6219) #1 0x7fc792d0e528 (/usr/lib/libSDL2-2.0.so.0+0x39528) Thread T2 created by T0 here: #0 0x55b30cc3cfa8 in pthread_create (/home/foo/src/rototiller/build/src/rototiller+0x53fa8) #1 0x55b30cd13fff in til_threads_create (/home/foo/src/rototiller/build/src/rototiller+0x12afff) #2 0x55b30cd1d573 in til_init (/home/foo/src/rototiller/build/src/rototiller+0x134573) #3 0x55b30cd08f6c in main (/home/foo/src/rototiller/build/src/rototiller+0x11ff6c) #4 0x7fc792add30f in __libc_start_call_main libc-start.c SUMMARY: AddressSanitizer: heap-buffer-overflow pixbounce.c in til_fb_fragment_put_pixel_unchecked Shadow bytes around the buggy address: 0x0ff97145b7d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0ff97145b7e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0ff97145b7f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0ff97145b800: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0ff97145b810: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x0ff97145b820: fa[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0ff97145b830: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0ff97145b840: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0ff97145b850: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0ff97145b860: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0ff97145b870: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==147817==ABORTING --- Rather than spend time digging into pixbounce's arithmetic, just using the checked variant for now.
Diffstat (limited to 'README')
0 files changed, 0 insertions, 0 deletions
© All Rights Reserved