From ed3286994ca59abc669b229c62e63f238f1e73d1 Mon Sep 17 00:00:00 2001 From: elsid Date: Mon, 20 Dec 2021 19:50:58 +0100 Subject: [PATCH] Fix ASAN error: heap-use-after-free ================================================================= ==20931==ERROR: AddressSanitizer: heap-use-after-free on address 0x607000206030 at pc 0x7fc8b0f3a72b bp 0x7ffcee176860 sp 0x7ffcee176008 READ of size 13 at 0x607000206030 thread T0 #0 0x7fc8b0f3a72a in __interceptor_strlen /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:389 #1 0x562e069a0af7 in QString::fromUtf8(char const*, int) /usr/include/qt/QtCore/qstring.h:706 #2 0x562e069a0af7 in Launcher::AdvancedPage::AdvancedPage(Config::GameSettings&, QWidget*) /home/elsid/dev/openmw/apps/launcher/advancedpage.cpp:29 #3 0x562e06959613 in Launcher::MainDialog::createPages() /home/elsid/dev/openmw/apps/launcher/maindialog.cpp:127 #4 0x562e069691d2 in Launcher::MainDialog::setup() /home/elsid/dev/openmw/apps/launcher/maindialog.cpp:228 #5 0x562e06969d88 in Launcher::MainDialog::showFirstRunDialog() /home/elsid/dev/openmw/apps/launcher/maindialog.cpp:188 #6 0x562e06957025 in main /home/elsid/dev/openmw/apps/launcher/main.cpp:35 #7 0x7fc8ad0d9b24 in __libc_start_main (/usr/lib/libc.so.6+0x27b24) #8 0x562e0690fced in _start (/home/elsid/dev/openmw/build/gcc/asan/openmw-launcher+0x56ced) 0x607000206030 is located 16 bytes inside of 64-byte region [0x607000206020,0x607000206060) freed by thread T0 here: #0 0x7fc8b0fb3f19 in __interceptor_free /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cpp:127 #1 0x7fc8b0de3388 (/usr/lib/libopenal.so.1+0x40388) previously allocated by thread T0 here: #0 0x7fc8b0fb4fd6 in __interceptor_posix_memalign /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cpp:226 #1 0x7fc8b0e379cb (/usr/lib/libopenal.so.1+0x949cb) SUMMARY: AddressSanitizer: heap-use-after-free /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:389 in __interceptor_strlen Shadow bytes around the buggy address: 0x0c0e80038bb0: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa 00 00 0x0c0e80038bc0: 00 00 00 00 00 00 00 fa fa fa fa fa 00 00 00 00 0x0c0e80038bd0: 00 00 00 00 00 fa fa fa fa fa 00 00 00 00 00 00 0x0c0e80038be0: 00 00 02 fa fa fa fa fa 00 00 00 00 00 00 00 00 0x0c0e80038bf0: 02 fa fa fa fa fa fd fd fd fd fd fd fd fd fa fa =>0x0c0e80038c00: fa fa fa fa fd fd[fd]fd fd fd fd fd fa fa fa fa 0x0c0e80038c10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e80038c20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e80038c30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e80038c40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e80038c50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==20931==ABORTING --- apps/launcher/advancedpage.cpp | 9 +++++---- apps/launcher/utils/openalutil.cpp | 10 +++++----- apps/launcher/utils/openalutil.hpp | 7 ++++--- 3 files changed, 14 insertions(+), 12 deletions(-) diff --git a/apps/launcher/advancedpage.cpp b/apps/launcher/advancedpage.cpp index d09704851a..b9d35b3c95 100644 --- a/apps/launcher/advancedpage.cpp +++ b/apps/launcher/advancedpage.cpp @@ -1,6 +1,7 @@ #include "advancedpage.hpp" #include +#include #include #include @@ -20,13 +21,13 @@ Launcher::AdvancedPage::AdvancedPage(Config::GameSettings &gameSettings, QWidget setObjectName ("AdvancedPage"); setupUi(this); - for(const char * name : Launcher::enumerateOpenALDevices()) + for(const std::string& name : Launcher::enumerateOpenALDevices()) { - audioDeviceSelectorComboBox->addItem(QString::fromUtf8(name), QString::fromUtf8(name)); + audioDeviceSelectorComboBox->addItem(QString::fromStdString(name), QString::fromStdString(name)); } - for(const char * name : Launcher::enumerateOpenALDevicesHrtf()) + for(const std::string& name : Launcher::enumerateOpenALDevicesHrtf()) { - hrtfProfileSelectorComboBox->addItem(QString::fromUtf8(name), QString::fromUtf8(name)); + hrtfProfileSelectorComboBox->addItem(QString::fromStdString(name), QString::fromStdString(name)); } loadSettings(); diff --git a/apps/launcher/utils/openalutil.cpp b/apps/launcher/utils/openalutil.cpp index 53fd704203..469872d158 100644 --- a/apps/launcher/utils/openalutil.cpp +++ b/apps/launcher/utils/openalutil.cpp @@ -9,9 +9,9 @@ #define ALC_ALL_DEVICES_SPECIFIER 0x1013 #endif -std::vector Launcher::enumerateOpenALDevices() +std::vector Launcher::enumerateOpenALDevices() { - std::vector devlist; + std::vector devlist; const ALCchar *devnames; if(alcIsExtensionPresent(nullptr, "ALC_ENUMERATE_ALL_EXT")) @@ -22,7 +22,7 @@ std::vector Launcher::enumerateOpenALDevices() { devnames = alcGetString(nullptr, ALC_DEVICE_SPECIFIER); } - + while(devnames && *devnames) { devlist.emplace_back(devnames); @@ -31,9 +31,9 @@ std::vector Launcher::enumerateOpenALDevices() return devlist; } -std::vector Launcher::enumerateOpenALDevicesHrtf() +std::vector Launcher::enumerateOpenALDevicesHrtf() { - std::vector ret; + std::vector ret; ALCdevice *device = alcOpenDevice(nullptr); if(device) diff --git a/apps/launcher/utils/openalutil.hpp b/apps/launcher/utils/openalutil.hpp index 4a84fbae7d..b084dce7ce 100644 --- a/apps/launcher/utils/openalutil.hpp +++ b/apps/launcher/utils/openalutil.hpp @@ -1,7 +1,8 @@ #include +#include namespace Launcher { - std::vector enumerateOpenALDevices(); - std::vector enumerateOpenALDevicesHrtf(); -} \ No newline at end of file + std::vector enumerateOpenALDevices(); + std::vector enumerateOpenALDevicesHrtf(); +}