- edited description
Use after free on enemy armour
Issue #258
resolved
Triggered frequently when destroying an enemy with armour.
==14193==ERROR: AddressSanitizer: heap-use-after-free on address 0x613000039e00 at pc 0x000000539515 bp 0x7ffdba449670 sp 0x7ffdba449668
READ of size 8 at 0x613000039e00 thread T0
#0 0x539514 in entity::armour::~armour() /home/slowriot/code/sphereface/entity/armour.cpp:61
#1 0x6611c2 in entity::enemy_armour::~enemy_armour() /home/slowriot/code/sphereface/entity/enemy_armour.cpp:20
#2 0x66120c in entity::enemy_armour::~enemy_armour() /home/slowriot/code/sphereface/entity/enemy_armour.cpp:21
#3 0x95c2ac in sphere::clean_destroyed() /home/slowriot/code/sphereface/sphere.cpp:461
#4 0x964464 in sphere::update() /home/slowriot/code/sphereface/sphere.cpp:431
#5 0xb6c55d in universe::update() /home/slowriot/code/sphereface/universe/universe.cpp:653
#6 0xa228ea in universe::loop_main() /home/slowriot/code/sphereface/universe/loop_main.cpp:54
#7 0x9eff5e in universe::loop_dispatcher() /home/slowriot/code/sphereface/universe/loop_dispatcher.cpp:25
#8 0x81d58a in main /home/slowriot/code/sphereface/main.cpp:89
#9 0x7fd2e09462b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
#10 0x412ae9 in _start (/home/slowriot/code/sphereface/bin/Linux64/Debug/sphereFACE_debug+0x412ae9)
0x613000039e00 is located 0 bytes inside of 352-byte region [0x613000039e00,0x613000039f60)
freed by thread T0 here:
#0 0x7fd2e36037f0 in operator delete(void*, unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc37f0)
#1 0x6a0bf5 in entity::ship::enemy::fighter::~fighter() /home/slowriot/code/sphereface/entity/ship/enemy/fighter.cpp:125
#2 0x95c2ac in sphere::clean_destroyed() /home/slowriot/code/sphereface/sphere.cpp:461
#3 0x964464 in sphere::update() /home/slowriot/code/sphereface/sphere.cpp:431
#4 0xb6c55d in universe::update() /home/slowriot/code/sphereface/universe/universe.cpp:653
#5 0xa228ea in universe::loop_main() /home/slowriot/code/sphereface/universe/loop_main.cpp:54
#6 0x9eff5e in universe::loop_dispatcher() /home/slowriot/code/sphereface/universe/loop_dispatcher.cpp:25
#7 0x81d58a in main /home/slowriot/code/sphereface/main.cpp:89
#8 0x7fd2e09462b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
previously allocated by thread T0 here:
#0 0x7fd2e3602bf0 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc2bf0)
#1 0xdd33eb in weapon::enemy_launcher::update() /home/slowriot/code/sphereface/weapon/enemy_launcher.cpp:68
#2 0x70f863 in entity::ship::playership::update() /home/slowriot/code/sphereface/entity/ship/playership.cpp:334
#3 0x9642ce in sphere::update() /home/slowriot/code/sphereface/sphere.cpp:427
#4 0xb6c55d in universe::update() /home/slowriot/code/sphereface/universe/universe.cpp:653
#5 0xa228ea in universe::loop_main() /home/slowriot/code/sphereface/universe/loop_main.cpp:54
#6 0x9eff5e in universe::loop_dispatcher() /home/slowriot/code/sphereface/universe/loop_dispatcher.cpp:25
#7 0x81d58a in main /home/slowriot/code/sphereface/main.cpp:89
#8 0x7fd2e09462b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
SUMMARY: AddressSanitizer: heap-use-after-free /home/slowriot/code/sphereface/entity/armour.cpp:61 in entity::armour::~armour()
Comments (5)
-
reporter
-
reporter
Most reliably triggered by turning on god mode, and flying into an enemy with armour
-
reporter
Ugh, it's because
entity::ship::base::armoursis empty for those fighters. -
reporter
- changed status to resolved
disown parent ship of armour on cleanup, resolves
#258→ <<cset b7cfbd2f799e>>
-
reporter
- removed milestone
Removing milestone: Beta (automated comment)
- Log in to comment