News:

Congratulations!
 You've won the News Item Lottery! Your prize? Reading this news item! :)

[r9787] Crash when editing and changing name of halt at the same time

Started by ceeac, May 19, 2021, 03:20:38 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

ceeac

Steps to reproduce:

  • Edit the name of a station but do *not* confirm the edit
  • Expand the station by building a new station piece
Result:

==10681==ERROR: AddressSanitizer: heap-use-after-free on address 0x6030003850c0 at pc 0x000001f64dfe bp 0x7ffe4f71d380 sp 0x7ffe4f71d378
READ of size 1 at 0x6030003850c0 thread T0
    #0 0x1f64dfd in utf8_decoder_t::has_next() const /media/ceeac/Projects/code/simutrans/unicode.cc:84:9
    #1 0x97f9e4 in display_text_proportional_len_clip_rgb(int, int, char const*, unsigned short, unsigned short, bool, int, signed char) /media/ceeac/Projects/code/simutrans/display/simgraph16.cc:4598:45
    #2 0x11e2590 in win_draw_window_title(scr_coord, scr_size, unsigned int, char const*, unsigned int, koord3d, unsigned short, bool, bool, simwin_gadget_flags_t&) /media/ceeac/Projects/code/simutrans/gui/simwin.cc:338:19
    #3 0x11c3333 in display_win(int) /media/ceeac/Projects/code/simutrans/gui/simwin.cc:1074:3
    #4 0x11c17f3 in display_all_win() /media/ceeac/Projects/code/simutrans/gui/simwin.cc:1133:3
    #5 0x11dcb17 in win_display_flush(double) /media/ceeac/Projects/code/simutrans/gui/simwin.cc:1731:3
    #6 0x1aa451e in intr_refresh_display(bool) /media/ceeac/Projects/code/simutrans/simintr.cc:83:3
    #7 0x1cfbd07 in karte_t::sync_step(unsigned int, bool, bool) /media/ceeac/Projects/code/simutrans/simworld.cc:3693:3
    #8 0x1aa4987 in interrupt_check(char const*) /media/ceeac/Projects/code/simutrans/simintr.cc:114:17
    #9 0x1d56d9e in karte_t::interactive(unsigned int) /media/ceeac/Projects/code/simutrans/simworld.cc:7309:5
    #10 0x1ad2e15 in simu_main(int, char**) /media/ceeac/Projects/code/simutrans/simmain.cc:1579:9
    #11 0x1f64079 in sysmain(int, char**) /media/ceeac/Projects/code/simutrans/sys/simsys.cc:1125:9
    #12 0x20a37f9 in main /media/ceeac/Projects/code/simutrans/sys/simsys_s2.cc:810:9
    #13 0x7f750c5be0b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16
    #14 0x42cdcd in _start (/media/ceeac/Projects/code/simutrans/build/client/sim+0x42cdcd)

0x6030003850c0 is located 0 bytes inside of 30-byte region [0x6030003850c0,0x6030003850de)
freed by thread T0 here:
    #0 0x4a7dc2 in free (/media/ceeac/Projects/code/simutrans/build/client/sim+0x4a7dc2)
    #1 0x686f1c in grund_t::set_text(char const*) /media/ceeac/Projects/code/simutrans/boden/grund.cc:109:3
    #2 0x1a29035 in haltestelle_t::recalc_basis_pos() /media/ceeac/Projects/code/simutrans/simhalt.cc:291:25
    #3 0x1beeb6d in tool_build_station_t::tool_station_aux(player_t*, koord3d, building_desc_t const*, waytype_t, char const*) /media/ceeac/Projects/code/simutrans/simtool.cc:4498:9
    #4 0x1bf6520 in tool_build_station_t::work(player_t*, koord3d) /media/ceeac/Projects/code/simutrans/simtool.cc:4773:34
    #5 0x1d125f7 in karte_t::call_work(tool_t*, player_t*, koord3d, bool&) /media/ceeac/Projects/code/simutrans/simworld.cc:6975:16
    #6 0x1a9f56e in interaction_t::interactive_event(event_t const&) /media/ceeac/Projects/code/simutrans/siminteraction.cc:239:18
    #7 0x1aa3955 in interaction_t::process_event(event_t&) /media/ceeac/Projects/code/simutrans/siminteraction.cc:417:2
    #8 0x1aa3c8c in interaction_t::check_events() /media/ceeac/Projects/code/simutrans/siminteraction.cc:439:7
    #9 0x1d56b1e in karte_t::interactive(unsigned int) /media/ceeac/Projects/code/simutrans/simworld.cc:7286:17
    #10 0x1ad2e15 in simu_main(int, char**) /media/ceeac/Projects/code/simutrans/simmain.cc:1579:9
    #11 0x1f64079 in sysmain(int, char**) /media/ceeac/Projects/code/simutrans/sys/simsys.cc:1125:9
    #12 0x20a37f9 in main /media/ceeac/Projects/code/simutrans/sys/simsys_s2.cc:810:9
    #13 0x7f750c5be0b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16

previously allocated by thread T0 here:
    #0 0x493924 in strdup (/media/ceeac/Projects/code/simutrans/build/client/sim+0x493924)
    #1 0x686d7c in grund_t::set_text(char const*) /media/ceeac/Projects/code/simutrans/boden/grund.cc:102:20
    #2 0x1a28a38 in haltestelle_t::recalc_basis_pos() /media/ceeac/Projects/code/simutrans/simhalt.cc:284:16
    #3 0x1beeb6d in tool_build_station_t::tool_station_aux(player_t*, koord3d, building_desc_t const*, waytype_t, char const*) /media/ceeac/Projects/code/simutrans/simtool.cc:4498:9
    #4 0x1bf6520 in tool_build_station_t::work(player_t*, koord3d) /media/ceeac/Projects/code/simutrans/simtool.cc:4773:34
    #5 0x1d125f7 in karte_t::call_work(tool_t*, player_t*, koord3d, bool&) /media/ceeac/Projects/code/simutrans/simworld.cc:6975:16
    #6 0x1a9f56e in interaction_t::interactive_event(event_t const&) /media/ceeac/Projects/code/simutrans/siminteraction.cc:239:18
    #7 0x1aa3955 in interaction_t::process_event(event_t&) /media/ceeac/Projects/code/simutrans/siminteraction.cc:417:2
    #8 0x1aa3c8c in interaction_t::check_events() /media/ceeac/Projects/code/simutrans/siminteraction.cc:439:7
    #9 0x1d56b1e in karte_t::interactive(unsigned int) /media/ceeac/Projects/code/simutrans/simworld.cc:7286:17
    #10 0x1ad2e15 in simu_main(int, char**) /media/ceeac/Projects/code/simutrans/simmain.cc:1579:9
    #11 0x1f64079 in sysmain(int, char**) /media/ceeac/Projects/code/simutrans/sys/simsys.cc:1125:9
    #12 0x20a37f9 in main /media/ceeac/Projects/code/simutrans/sys/simsys_s2.cc:810:9
    #13 0x7f750c5be0b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16

Dwachs

Parsley, sage, rosemary, and maggikraut.