Source-1-Games
Source-1-Games copied to clipboard
Published
20 hours ago •
ValveSoftware
ValveSoftware
[Non-windows] TSList not thread-safe
==17135==ERROR: AddressSanitizer: heap-use-after-free on address 0x606001633590 at pc 0x7ffff7657640 bp 0x7fff9db22d30 sp 0x7fff9db22d28
READ of size 8 at 0x606001633590 thread T53
[Detaching after fork from child process 17236]
#0 0x7ffff765763f in CTSListBase::Pop() /home/nillerusr/projects/source-engine/build/../public/tier0/tslist.h:280:45
#1 0x7ffff765763f in CTSList<int>::Pop() /home/nillerusr/projects/source-engine/build/../public/tier0/tslist.h:494:33
#2 0x7ffff765763f in CTSList<int>::PopItem(int*) /home/nillerusr/projects/source-engine/build/../public/tier0/tslist.h:504:19
#3 0x7ffff765763f in TSListTests::CListOps::Pop(int*) /home/nillerusr/projects/source-engine/build/../tier0/tslist.cpp:85:19
#4 0x7ffff76531ba in TSListTests::PopThreadFunc(void*) /home/nillerusr/projects/source-engine/build/../tier0/tslist.cpp:150:21
#5 0x7ffff764d5d7 in ThreadProcConvert(void*) /home/nillerusr/projects/source-engine/build/../tier0/threadtools.cpp:195:18
#6 0x7ffff7ae778c (/usr/lib/libc.so.6+0x8678c) (BuildId: 9ad81314b54c454ecec155883550a079f3beba48)
#7 0x7ffff7b688e3 in clone (/usr/lib/libc.so.6+0x1078e3) (BuildId: 9ad81314b54c454ecec155883550a079f3beba48)
0x606001633590 is located 16 bytes inside of 55-byte region [0x606001633580,0x6060016335b7)
freed by thread T52 here:
#0 0x5555555f9db2 in __interceptor_free (/home/nillerusr/Desktop/HL2/hl2_launcher+0xa5db2)
#1 0x7ffff764ba80 in CStdMemAlloc::Free(void*) /home/nillerusr/projects/source-engine/build/../tier0/memstd.cpp:1556:2
#2 0x7ffff76575d1 in MemAlloc_FreeAligned(void*) /home/nillerusr/projects/source-engine/build/../public/tier0/memalloc.h:296:15
#3 0x7ffff76575d1 in CTSList<int>::Node_t::operator delete(void*) /home/nillerusr/projects/source-engine/build/../public/tier0/tslist.h:456:4
#4 0x7ffff76575d1 in CTSList<int>::PopItem(int*) /home/nillerusr/projects/source-engine/build/../public/tier0/tslist.h:508:3
#5 0x7ffff76575d1 in TSListTests::CListOps::Pop(int*) /home/nillerusr/projects/source-engine/build/../tier0/tslist.cpp:85:19
#6 0x7ffff76531ba in TSListTests::PopThreadFunc(void*) /home/nillerusr/projects/source-engine/build/../tier0/tslist.cpp:150:21
#7 0x7ffff764d5d7 in ThreadProcConvert(void*) /home/nillerusr/projects/source-engine/build/../tier0/threadtools.cpp:195:18
#8 0x7ffff7ae778c (/usr/lib/libc.so.6+0x8678c) (BuildId: 9ad81314b54c454ecec155883550a079f3beba48)
previously allocated by thread T50 here:
#0 0x5555555fa05e in malloc (/home/nillerusr/Desktop/HL2/hl2_launcher+0xa605e)
#1 0x7ffff764bab7 in CStdMemAlloc::Alloc(unsigned long) /home/nillerusr/projects/source-engine/build/../tier0/memstd.cpp:1491:9
#2 0x7ffff764bab7 in CStdMemAlloc::Alloc(unsigned long, char const*, int) /home/nillerusr/projects/source-engine/build/../tier0/memstd.cpp:1570:23
#3 0x7ffff7657169 in MemAlloc_Alloc(unsigned long, char const*, int) /home/nillerusr/projects/source-engine/build/../public/tier0/memalloc.h:160:22
#4 0x7ffff7657169 in MemAlloc_AllocAlignedFileLine(unsigned long, unsigned long, char const*, int) /home/nillerusr/projects/source-engine/build/../public/tier0/memalloc.h:242:33
#5 0x7ffff7657169 in CTSList<int>::Node_t::operator new(unsigned long) /home/nillerusr/projects/source-engine/build/../public/tier0/tslist.h:443:30
#6 0x7ffff7657169 in CTSList<int>::PushItem(int const&) /home/nillerusr/projects/source-engine/build/../public/tier0/tslist.h:499:9
#7 0x7ffff7657169 in TSListTests::CListOps::Push(int) /home/nillerusr/projects/source-engine/build/../tier0/tslist.cpp:80:14
#8 0x7ffff7653456 in TSListTests::PushThreadFunc(void*) /home/nillerusr/projects/source-engine/build/../tier0/tslist.cpp:180:15
#9 0x7ffff764d5d7 in ThreadProcConvert(void*) /home/nillerusr/projects/source-engine/build/../tier0/threadtools.cpp:195:18
#10 0x7ffff7ae778c (/usr/lib/libc.so.6+0x8678c) (BuildId: 9ad81314b54c454ecec155883550a079f3beba48)
Thread T53 created by T0 here:
#0 0x5555555e342c in __interceptor_pthread_create (/home/nillerusr/Desktop/HL2/hl2_launcher+0x8f42c)
#1 0x7ffff764d420 in CreateSimpleThread /home/nillerusr/projects/source-engine/build/../tier0/threadtools.cpp:434:2
#2 0x7ffff7654aea in TSListTests::STPushMTPop(bool) /home/nillerusr/projects/source-engine/build/../tier0/tslist.cpp:329:28
#3 0x7ffff7656117 in RunSharedTests(int) /home/nillerusr/projects/source-engine/build/../tier0/tslist.cpp:475:4
#4 0x7ffff7656206 in RunTSListTests /home/nillerusr/projects/source-engine/build/../tier0/tslist.cpp:516:2
#5 0x7fffe31750dd in thread_test_tslist(CCommand const&) /home/nillerusr/projects/source-engine/build/../engine/host.cpp:532:2
#6 0x7fffe39d6477 in ConCommand::Dispatch(CCommand const&) /home/nillerusr/projects/source-engine/build/../tier1/convar.cpp:573:4
#7 0x7fffe30613a7 in Cmd_Dispatch(ConCommandBase const*, CCommand const&) /home/nillerusr/projects/source-engine/build/../engine/cmd.cpp:850:15
#8 0x7fffe30613a7 in Cmd_ExecuteCommand(CCommand const&, cmd_source_t, int) /home/nillerusr/projects/source-engine/build/../engine/cmd.cpp:1046:4
#9 0x7fffe305e731 in Cbuf_ExecuteCommand(CCommand const&, cmd_source_t) /home/nillerusr/projects/source-engine/build/../engine/cmd.cpp:375:31
#10 0x7fffe305e731 in Cbuf_Execute() /home/nillerusr/projects/source-engine/build/../engine/cmd.cpp:419:3
#11 0x7fffe318032e in _Host_RunFrame(float) /home/nillerusr/projects/source-engine/build/../engine/host.cpp:3146:3
#12 0x7fffe3182d5a in Host_RunFrame(float) /home/nillerusr/projects/source-engine/build/../engine/host.cpp:3614:3
#13 0x7fffe31a6255 in CHostState::State_Run(float) /home/nillerusr/projects/source-engine/build/../engine/host_state.cpp:509:2
#14 0x7fffe31a2841 in CHostState::FrameUpdate(float) /home/nillerusr/projects/source-engine/build/../engine/host_state.cpp:652:4
#15 0x7fffe31a251f in HostState_Frame(float) /home/nillerusr/projects/source-engine/build/../engine/host_state.cpp:124:14
#16 0x7fffe32df1cf in CEngine::Frame() /home/nillerusr/projects/source-engine/build/../engine/sys_engine.cpp:432:3
#17 0x7fffe32d5866 in CEngineAPI::MainLoop() /home/nillerusr/projects/source-engine/build/../engine/sys_dll2.cpp:1535:8
#18 0x7fffe32d89eb in CModAppSystemGroup::Main() /home/nillerusr/projects/source-engine/build/../engine/sys_dll2.cpp:2107:21
#19 0x7fffe3adf62d in CAppSystemGroup::Run() /home/nillerusr/projects/source-engine/build/../appframework/AppSystemGroup.cpp:380:12
#20 0x7fffe32d6855 in CEngineAPI::RunListenServer() /home/nillerusr/projects/source-engine/build/../engine/sys_dll2.cpp:1816:34
#21 0x7fffe32d6dbb in CEngineAPI::Run() /home/nillerusr/projects/source-engine/build/../engine/sys_dll2.cpp:1922:9
#22 0x7ffff76908e0 in CSourceAppSystemGroup::Main() /home/nillerusr/projects/source-engine/build/../launcher/launcher.cpp:847:23
#23 0x7ffff76b0fe5 in CAppSystemGroup::Run() /home/nillerusr/projects/source-engine/build/../appframework/AppSystemGroup.cpp:380:12
#24 0x7ffff76b6ada in CSteamApplication::Main() /home/nillerusr/projects/source-engine/build/../appframework/posixapp.cpp:155:33
#25 0x7ffff76b0fe5 in CAppSystemGroup::Run() /home/nillerusr/projects/source-engine/build/../appframework/AppSystemGroup.cpp:380:12
#26 0x7ffff7690f4e in LauncherMain /home/nillerusr/projects/source-engine/build/../launcher/launcher.cpp:1483:34
#27 0x55555563d5a1 in main /home/nillerusr/projects/source-engine/build/../launcher_main/main.cpp:278:9
#28 0x7ffff7a842cf (/usr/lib/libc.so.6+0x232cf) (BuildId: 9ad81314b54c454ecec155883550a079f3beba48)
Thread T52 created by T0 here:
#0 0x5555555e342c in __interceptor_pthread_create (/home/nillerusr/Desktop/HL2/hl2_launcher+0x8f42c)
#1 0x7ffff764d420 in CreateSimpleThread /home/nillerusr/projects/source-engine/build/../tier0/threadtools.cpp:434:2
#2 0x7ffff7654aea in TSListTests::STPushMTPop(bool) /home/nillerusr/projects/source-engine/build/../tier0/tslist.cpp:329:28
#3 0x7ffff7656117 in RunSharedTests(int) /home/nillerusr/projects/source-engine/build/../tier0/tslist.cpp:475:4
#4 0x7ffff7656206 in RunTSListTests /home/nillerusr/projects/source-engine/build/../tier0/tslist.cpp:516:2
#5 0x7fffe31750dd in thread_test_tslist(CCommand const&) /home/nillerusr/projects/source-engine/build/../engine/host.cpp:532:2
#6 0x7fffe39d6477 in ConCommand::Dispatch(CCommand const&) /home/nillerusr/projects/source-engine/build/../tier1/convar.cpp:573:4
#7 0x7fffe30613a7 in Cmd_Dispatch(ConCommandBase const*, CCommand const&) /home/nillerusr/projects/source-engine/build/../engine/cmd.cpp:850:15
#8 0x7fffe30613a7 in Cmd_ExecuteCommand(CCommand const&, cmd_source_t, int) /home/nillerusr/projects/source-engine/build/../engine/cmd.cpp:1046:4
#9 0x7fffe305e731 in Cbuf_ExecuteCommand(CCommand const&, cmd_source_t) /home/nillerusr/projects/source-engine/build/../engine/cmd.cpp:375:31
#10 0x7fffe305e731 in Cbuf_Execute() /home/nillerusr/projects/source-engine/build/../engine/cmd.cpp:419:3
#11 0x7fffe318032e in _Host_RunFrame(float) /home/nillerusr/projects/source-engine/build/../engine/host.cpp:3146:3
#12 0x7fffe3182d5a in Host_RunFrame(float) /home/nillerusr/projects/source-engine/build/../engine/host.cpp:3614:3
#13 0x7fffe31a6255 in CHostState::State_Run(float) /home/nillerusr/projects/source-engine/build/../engine/host_state.cpp:509:2
#14 0x7fffe31a2841 in CHostState::FrameUpdate(float) /home/nillerusr/projects/source-engine/build/../engine/host_state.cpp:652:4
#15 0x7fffe31a251f in HostState_Frame(float) /home/nillerusr/projects/source-engine/build/../engine/host_state.cpp:124:14
#16 0x7fffe32df1cf in CEngine::Frame() /home/nillerusr/projects/source-engine/build/../engine/sys_engine.cpp:432:3
#17 0x7fffe32d5866 in CEngineAPI::MainLoop() /home/nillerusr/projects/source-engine/build/../engine/sys_dll2.cpp:1535:8
#18 0x7fffe32d89eb in CModAppSystemGroup::Main() /home/nillerusr/projects/source-engine/build/../engine/sys_dll2.cpp:2107:21
#19 0x7fffe3adf62d in CAppSystemGroup::Run() /home/nillerusr/projects/source-engine/build/../appframework/AppSystemGroup.cpp:380:12
#20 0x7fffe32d6855 in CEngineAPI::RunListenServer() /home/nillerusr/projects/source-engine/build/../engine/sys_dll2.cpp:1816:34
#21 0x7fffe32d6dbb in CEngineAPI::Run() /home/nillerusr/projects/source-engine/build/../engine/sys_dll2.cpp:1922:9
#22 0x7ffff76908e0 in CSourceAppSystemGroup::Main() /home/nillerusr/projects/source-engine/build/../launcher/launcher.cpp:847:23
#23 0x7ffff76b0fe5 in CAppSystemGroup::Run() /home/nillerusr/projects/source-engine/build/../appframework/AppSystemGroup.cpp:380:12
#24 0x7ffff76b6ada in CSteamApplication::Main() /home/nillerusr/projects/source-engine/build/../appframework/posixapp.cpp:155:33
#25 0x7ffff76b0fe5 in CAppSystemGroup::Run() /home/nillerusr/projects/source-engine/build/../appframework/AppSystemGroup.cpp:380:12
#26 0x7ffff7690f4e in LauncherMain /home/nillerusr/projects/source-engine/build/../launcher/launcher.cpp:1483:34
#27 0x55555563d5a1 in main /home/nillerusr/projects/source-engine/build/../launcher_main/main.cpp:278:9
#28 0x7ffff7a842cf (/usr/lib/libc.so.6+0x232cf) (BuildId: 9ad81314b54c454ecec155883550a079f3beba48)
Thread T50 created by T0 here:
#0 0x5555555e342c in __interceptor_pthread_create (/home/nillerusr/Desktop/HL2/hl2_launcher+0x8f42c)
#1 0x7ffff764d420 in CreateSimpleThread /home/nillerusr/projects/source-engine/build/../tier0/threadtools.cpp:434:2
#2 0x7ffff7654a72 in TSListTests::STPushMTPop(bool) /home/nillerusr/projects/source-engine/build/../tier0/tslist.cpp:326:29
#3 0x7ffff7656117 in RunSharedTests(int) /home/nillerusr/projects/source-engine/build/../tier0/tslist.cpp:475:4
#4 0x7ffff7656206 in RunTSListTests /home/nillerusr/projects/source-engine/build/../tier0/tslist.cpp:516:2
#5 0x7fffe31750dd in thread_test_tslist(CCommand const&) /home/nillerusr/projects/source-engine/build/../engine/host.cpp:532:2
#6 0x7fffe39d6477 in ConCommand::Dispatch(CCommand const&) /home/nillerusr/projects/source-engine/build/../tier1/convar.cpp:573:4
#7 0x7fffe30613a7 in Cmd_Dispatch(ConCommandBase const*, CCommand const&) /home/nillerusr/projects/source-engine/build/../engine/cmd.cpp:850:15
#8 0x7fffe30613a7 in Cmd_ExecuteCommand(CCommand const&, cmd_source_t, int) /home/nillerusr/projects/source-engine/build/../engine/cmd.cpp:1046:4
#9 0x7fffe305e731 in Cbuf_ExecuteCommand(CCommand const&, cmd_source_t) /home/nillerusr/projects/source-engine/build/../engine/cmd.cpp:375:31
#10 0x7fffe305e731 in Cbuf_Execute() /home/nillerusr/projects/source-engine/build/../engine/cmd.cpp:419:3
#11 0x7fffe318032e in _Host_RunFrame(float) /home/nillerusr/projects/source-engine/build/../engine/host.cpp:3146:3
#12 0x7fffe3182d5a in Host_RunFrame(float) /home/nillerusr/projects/source-engine/build/../engine/host.cpp:3614:3
#13 0x7fffe31a6255 in CHostState::State_Run(float) /home/nillerusr/projects/source-engine/build/../engine/host_state.cpp:509:2
#14 0x7fffe31a2841 in CHostState::FrameUpdate(float) /home/nillerusr/projects/source-engine/build/../engine/host_state.cpp:652:4
#15 0x7fffe31a251f in HostState_Frame(float) /home/nillerusr/projects/source-engine/build/../engine/host_state.cpp:124:14
#16 0x7fffe32df1cf in CEngine::Frame() /home/nillerusr/projects/source-engine/build/../engine/sys_engine.cpp:432:3
#17 0x7fffe32d5866 in CEngineAPI::MainLoop() /home/nillerusr/projects/source-engine/build/../engine/sys_dll2.cpp:1535:8
#18 0x7fffe32d89eb in CModAppSystemGroup::Main() /home/nillerusr/projects/source-engine/build/../engine/sys_dll2.cpp:2107:21
#19 0x7fffe3adf62d in CAppSystemGroup::Run() /home/nillerusr/projects/source-engine/build/../appframework/AppSystemGroup.cpp:380:12
#20 0x7fffe32d6855 in CEngineAPI::RunListenServer() /home/nillerusr/projects/source-engine/build/../engine/sys_dll2.cpp:1816:34
#21 0x7fffe32d6dbb in CEngineAPI::Run() /home/nillerusr/projects/source-engine/build/../engine/sys_dll2.cpp:1922:9
#22 0x7ffff76908e0 in CSourceAppSystemGroup::Main() /home/nillerusr/projects/source-engine/build/../launcher/launcher.cpp:847:23
#23 0x7ffff76b0fe5 in CAppSystemGroup::Run() /home/nillerusr/projects/source-engine/build/../appframework/AppSystemGroup.cpp:380:12
#24 0x7ffff76b6ada in CSteamApplication::Main() /home/nillerusr/projects/source-engine/build/../appframework/posixapp.cpp:155:33
#25 0x7ffff76b0fe5 in CAppSystemGroup::Run() /home/nillerusr/projects/source-engine/build/../appframework/AppSystemGroup.cpp:380:12
#26 0x7ffff7690f4e in LauncherMain /home/nillerusr/projects/source-engine/build/../launcher/launcher.cpp:1483:34
#27 0x55555563d5a1 in main /home/nillerusr/projects/source-engine/build/../launcher_main/main.cpp:278:9
#28 0x7ffff7a842cf (/usr/lib/libc.so.6+0x232cf) (BuildId: 9ad81314b54c454ecec155883550a079f3beba48)
SUMMARY: AddressSanitizer: heap-use-after-free /home/nillerusr/projects/source-engine/build/../public/tier0/tslist.h:280:45 in CTSListBase::Pop()
Shadow bytes around the buggy address:
0x0c0c802be660: fd fd fd fa fa fa fa fa fd fd fd fd fd fd fd fa
0x0c0c802be670: fa fa fa fa fd fd fd fd fd fd fd fa fa fa fa fa
0x0c0c802be680: fd fd fd fd fd fd fd fa fa fa fa fa fd fd fd fd
0x0c0c802be690: fd fd fd fa fa fa fa fa fd fd fd fd fd fd fd fa
0x0c0c802be6a0: fa fa fa fa fd fd fd fd fd fd fd fa fa fa fa fa
=>0x0c0c802be6b0: fd fd[fd]fd fd fd fd fa fa fa fa fa fd fd fd fd
0x0c0c802be6c0: fd fd fd fa fa fa fa fa fd fd fd fd fd fd fd fa
0x0c0c802be6d0: fa fa fa fa fd fd fd fd fd fd fd fa fa fa fa fa
0x0c0c802be6e0: fd fd fd fd fd fd fd fa fa fa fa fa fd fd fd fd
0x0c0c802be6f0: fd fd fd fa fa fa fa fa fd fd fd fd fd fd fd fa
0x0c0c802be700: fa fa fa fa fd fd fd fd fd fd fd fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==17135==ABORTING
https://github.com/ValveSoftware/source-sdk-2013/blob/master/sp/src/public/tier0/tslist.h#L257 that implementation sucks
