Crash with winter images on bridges with adress sanitzer

[prissi]

MSVC stops execution when accessing imageslist at child 5 and 6, which makeobj says are there and which have a valid child count and pointer.

If this is just an error of MSVC ASAN, I would be glad if the linux people could test this with the gnu/clang equivalent. I spent the evening debugging, but all looks ok.

[ceeac]

Cannot reproduce when compiling pak128, valgrind also does not show errors for me.
What source files and command line options are you using for makeobj?

[prissi]

I used the pak64 from sourceforge. Simutrans can built the (above the snow line with winter images, like classic road) bridge and displays is but crashes on loading the same game. The ASAN stops execution with heap overflow when acessing the image_list 5 and 6 which according the makeobj dump are there.

But I tried it on a different computer with a different version from MSVC and it works. So a certain version of ASAN seems buggy. Ah, compiler errors, I hate them so much.

[ceeac]

This is not a compiler bug - I got this:

Code Select Expand

/home/ceeac/code/simu/simusvn/src/simutrans/descriptor/bridge_desc.cc:105:9: runtime error: load of value 4294967295, which is not a valid value for type 'img_t'
and

Code Select Expand

...
#6 0x0000559905e7862d in __ubsan_handle_load_invalid_value_abort ()
#7 0x00005599061a4d75 in bridge_desc_t::get_end (this=0x7c50e1a3d100, test_slope=0 '\000', ground_slope=0 '\000', way_slope=0 '\000') at /home/ceeac/code/simu/simusvn/src/simutrans/descriptor/bridge_desc.cc:107
#8 0x0000559906f0fb99 in tool_build_bridge_t::mark_tiles (this=0x7ca0e161e730, player=0x7d30e168b040, start=..., end=...) at /home/ceeac/code/simu/simusvn/src/simutrans/tool/simtool.cc:3074
#9 0x0000559906e9b58c in two_click_tool_t::move (this=0x7ca0e161e730, player=0x7d30e168b040, buttonstate=1, pos=...) at /home/ceeac/code/simu/simusvn/src/simutrans/tool/simmenu.cc:1459
#10 0x0000559907122d55 in karte_t::interactive (this=0x7e30e17ee100, quit_month=2147483647) at /home/ceeac/code/simu/simusvn/src/simutrans/world/simworld.cc:6189
#11 0x0000559906e5f99a in simu_main (argc=1, argv=0x7c10e15e0030) at /home/ceeac/code/simu/simusvn/src/simutrans/simmain.cc:1691
#12 0x0000559906e83bd9 in sysmain (argc=1, argv=0x7ffd179f4e08) at /home/ceeac/code/simu/simusvn/src/simutrans/sys/simsys.cc:1541
#13 0x000055990733fe72 in main (argc=1, argv=0x7ffd179f4e08) at /home/ceeac/code/simu/simusvn/src/simutrans/sys/simsys_s2.cc:1196

Seems like bridge_builder_t::can_build_bridge, which is called from tool_build_bridge_t::mark_tiles, returns a bridge height that is at terrain level, and bridge_desc_t::get_end does not handle this.

To reproduce, just build the pak64 brick viaduct on flat terrain.

[prissi]

Found the erro, it was a reading out of baounds, causing by a wrong order of number_of_season reading, letting the other always be 1 even for bridges without seasons.