ddnet
ddnet copied to clipboard
ddnet
Various ASan and UBSan errors when playing demos with fuzzed chunk data
==47744==ERROR: AddressSanitizer: global-buffer-overflow on address 0x558618e3767f at pc 0x558614b9bdfb bp 0x7ffe58a32cd0 sp 0x7ffe58a32cc0
READ of size 4 at 0x558618e3767f thread T0
#0 0x558614b9bdfa in CSnapshotItem::Type() const src/engine/shared/snapshot.h:16
#1 0x558615c3c911 in CSnapshot::GetItemType(int) const src/engine/shared/snapshot.cpp:29
#2 0x558614aebaba in CClient::UnpackAndValidateSnapshot(CSnapshot*, CSnapshot*) src/engine/client/client.cpp:2264
#3 0x558614af87cb in CClient::OnDemoPlayerSnapshot(void*, int) src/engine/client/client.cpp:2598
#4 0x558615b9db1a in CDemoPlayer::DoTick() src/engine/shared/demo.cpp:659
#5 0x558615babd3f in CDemoPlayer::Update(bool) src/engine/shared/demo.cpp:1007
#6 0x558614afb08b in CClient::Update() src/engine/client/client.cpp:2686
#7 0x558614b1d9eb in CClient::Run() src/engine/client/client.cpp:3296
#8 0x558614b8e64f in main src/engine/client/client.cpp:4761
0x558618e3767f is located 55 bytes to the right of global variable 'guard variable for CDemoPlayer::DoTick()::sc_InitialSeed' defined in 'src/engine/shared/demo.cpp:609:30' (0x558618e37640) of size 8
0x558618e3767f is located 1 bytes to the left of global variable 's_FuzzSeed' defined in 'src/engine/shared/demo.cpp:610:24' (0x558618e37680) of size 4
SUMMARY: AddressSanitizer: global-buffer-overflow src/engine/shared/snapshot.h:16 in CSnapshotItem::Type() const
Shadow bytes around the buggy address:
0x0ab1431bee70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ab1431bee80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ab1431bee90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ab1431beea0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ab1431beeb0: 00 00 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9
=>0x0ab1431beec0: 04 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9[f9]
0x0ab1431beed0: 04 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
0x0ab1431beee0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ab1431beef0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ab1431bef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ab1431bef10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
src/engine/shared/snapshot.cpp:29:41: runtime error: member call on misaligned address 0x558618e3767f for type 'struct CSnapshotItem', which requires 4 byte alignment
0x558618e3767f: note: pointer points here
00 00 00 00 00 4b f5 fe f9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
#0 0x558615c3c909 in CSnapshot::GetItemType(int) const src/engine/shared/snapshot.cpp:29
#1 0x558614aebaba in CClient::UnpackAndValidateSnapshot(CSnapshot*, CSnapshot*) src/engine/client/client.cpp:2264
#2 0x558614af87cb in CClient::OnDemoPlayerSnapshot(void*, int) src/engine/client/client.cpp:2598
#3 0x558615b9db1a in CDemoPlayer::DoTick() src/engine/shared/demo.cpp:659
#4 0x558615babd3f in CDemoPlayer::Update(bool) src/engine/shared/demo.cpp:1007
#5 0x558614afb08b in CClient::Update() src/engine/client/client.cpp:2686
#6 0x558614b1d9eb in CClient::Run() src/engine/client/client.cpp:3296
#7 0x558614b8e64f in main src/engine/client/client.cpp:4761
src/engine/shared/snapshot.h:16:28: runtime error: member access within misaligned address 0x558618e3767f for type 'const struct CSnapshotItem', which requires 4 byte alignment
0x558618e3767f: note: pointer points here
00 00 00 00 00 4b f5 fe f9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
#0 0x558614b9bdc3 in CSnapshotItem::Type() const src/engine/shared/snapshot.h:16
#1 0x558615c3c911 in CSnapshot::GetItemType(int) const src/engine/shared/snapshot.cpp:29
#2 0x558614aebaba in CClient::UnpackAndValidateSnapshot(CSnapshot*, CSnapshot*) src/engine/client/client.cpp:2264
#3 0x558614af87cb in CClient::OnDemoPlayerSnapshot(void*, int) src/engine/client/client.cpp:2598
#4 0x558615b9db1a in CDemoPlayer::DoTick() src/engine/shared/demo.cpp:659
#5 0x558615babd3f in CDemoPlayer::Update(bool) src/engine/shared/demo.cpp:1007
#6 0x558614afb08b in CClient::Update() src/engine/client/client.cpp:2686
#7 0x558614b1d9eb in CClient::Run() src/engine/client/client.cpp:3296
#8 0x558614b8e64f in main src/engine/client/client.cpp:4761
src/engine/shared/snapshot.cpp:657:28: runtime error: left shift of negative value -1
#0 0x55c134d7427f in CSnapshotBuilder::NewItem(int, int, int) src/engine/shared/snapshot.cpp:657
#1 0x55c134d703e7 in CSnapshotDelta::UnpackDelta(CSnapshot*, CSnapshot*, void const*, int) src/engine/shared/snapshot.cpp:360
#2 0x55c134ccb119 in CDemoPlayer::DoTick() src/engine/shared/demo.cpp:631
#3 0x55c134cd66bb in CDemoPlayer::Play() src/engine/shared/demo.cpp:915
#4 0x55c133c6fddd in CClient::DemoPlayer_Play(char const*, int) src/engine/client/client.cpp:3953
#5 0x55c133c70c12 in CClient::Con_Play(IConsole::IResult*, void*) src/engine/client/client.cpp:3978
#6 0x55c134c346a4 in CConsole::ExecuteLineStroked(int, char const*, int, bool) src/engine/shared/console.cpp:528
#7 0x55c134c362d6 in CConsole::ExecuteLine(char const*, int, bool) src/engine/shared/console.cpp:582
#8 0x55c13400b6b8 in CGameConsole::CInstance::ExecuteLine(char const*) src/game/client/components/console.cpp:137
#9 0x55c134014027 in CGameConsole::CInstance::OnInput(IInput::CEvent) src/game/client/components/console.cpp:290
#10 0x55c134038790 in CGameConsole::OnInput(IInput::CEvent) src/game/client/components/console.cpp:877
#11 0x55c13465e700 in CGameClient::OnUpdate() src/game/client/gameclient.cpp:398
#12 0x55c133c39801 in CClient::Update() src/engine/client/client.cpp:2951
#13 0x55c133c4c9eb in CClient::Run() src/engine/client/client.cpp:3296
#14 0x55c133cbd64f in main src/engine/client/client.cpp:4761
src/engine/shared/snapshot.cpp:189:18: runtime error: signed integer overflow: 1442840651 + 926299442 cannot be represented in type 'int'
#0 0x55d84fa49be1 in CSnapshotDelta::UndiffItem(int*, int*, int*, int, int*) src/engine/shared/snapshot.cpp:189
#1 0x55d84fa4ccf1 in CSnapshotDelta::UnpackDelta(CSnapshot*, CSnapshot*, void const*, int) src/engine/shared/snapshot.cpp:412
#2 0x55d84f9a7118 in CDemoPlayer::DoTick() src/engine/shared/demo.cpp:630
#3 0x55d84f9b6c81 in CDemoPlayer::Update(bool) src/engine/shared/demo.cpp:1006
#4 0x55d84e90608b in CClient::Update() src/engine/client/client.cpp:2686
#5 0x55d84e9289eb in CClient::Run() src/engine/client/client.cpp:3296
#6 0x55d84e99964f in main src/engine/client/client.cpp:4761
Fixed by #5647:
src/game/client/components/chat.cpp:795:89: runtime error: index -1 out of bounds for type 'CClientData [64]'
#0 0x55c133fd047a in CChat::AddLine(int, int, char const*) src/game/client/components/chat.cpp:795
#1 0x55c133fc80b5 in CChat::OnMessage(int, void*) src/game/client/components/chat.cpp:570
#2 0x55c134677688 in CGameClient::OnMessage(int, CUnpacker*, int, bool) src/game/client/gameclient.cpp:770
#3 0x55c133c282d2 in CClient::OnDemoPlayerMessage(void*, int) src/engine/client/client.cpp:2627
#4 0x55c134ccdcba in CDemoPlayer::DoTick() src/engine/shared/demo.cpp:679
#5 0x55c134cdac81 in CDemoPlayer::Update(bool) src/engine/shared/demo.cpp:1007
#6 0x55c133c2a08b in CClient::Update() src/engine/client/client.cpp:2686
#7 0x55c133c4c9eb in CClient::Run() src/engine/client/client.cpp:3296
#8 0x55c133cbd64f in main src/engine/client/client.cpp:4761
src/game/client/components/maplayers.cpp:98:112: runtime error: member access within null pointer of type 'const struct CNetObj_GameInfo'
#0 0x55d84eea9e1e in CMapLayers::EnvelopeEval(int, int, ColorRGBA&, void*) src/game/client/components/maplayers.cpp:98
#1 0x55d84f518082 in CRenderTools::ForceRenderQuads(CQuad*, int, int, void (*)(int, int, ColorRGBA&, void*), void*, float) src/game/client/render_map.cpp:112
#2 0x55d84f517ac7 in CRenderTools::RenderQuads(CQuad*, int, int, void (*)(int, int, ColorRGBA&, void*), void*) src/game/client/render_map.cpp:98
#3 0x55d84eee10b0 in CMapLayers::OnRender() src/game/client/components/maplayers.cpp:1839
#4 0x55d84f34b915 in CGameClient::OnRender() src/game/client/gameclient.cpp:640
#5 0x55d84e8d44c2 in CClient::Render() src/engine/client/client.cpp:1222
#6 0x55d84e92d1a0 in CClient::Run() src/engine/client/client.cpp:3370
#7 0x55d84e99964f in main src/engine/client/client.cpp:4761
I added a few lines of fuzzing code in demo.cpp so the line numbers in that file will be slightly different than the current state 5daa0f96f593460a594ba237646b3119d5b6c4c1.
In particular, I used the radamsa fuzzer while playing a demo in the client to fuzz the demo chunk data after it has been decompressed https://github.com/ddnet/ddnet/blob/5daa0f96f593460a594ba237646b3119d5b6c4c1/src/engine/shared/demo.cpp#L602-L604
Some of the errors just happen because the snapshot diffs create integer overflows or underflows. should be expected on random data.
But looks like there also happen a buffer overflow in my new UnpackAndValidateSnapshot function... mybe we should investigate in that.
I'll handle the errors in chat and maplayers ~~as well as the unaligned accesses~~.
After fixing the alignment of what I believed to be all CSnapshot data arrays (2926bce8fd4c2206af600da564d040ab93460f54), I found even more misalignments and I'd rather not chase down this rabbit hole right now.
src/engine/shared/snapshot.cpp:58:21: runtime error: member call on misaligned address 0x56357a9c9233 for type 'struct CSnapshotItem', which requires 4 byte alignment
0x56357a9c9233: note: pointer points here
00 6b ff 00 00 07 00 0a 00 00 00 00 00 07 00 00 00 00 00 00 00 53 00 00 00 00 00 00 00 08 00 0b
^
#0 0x5635777de3cd in CSnapshot::GetItemIndex(int) const src/engine/shared/snapshot.cpp:58
#1 0x5635777ddfa8 in CSnapshot::GetExternalItemType(int) const src/engine/shared/snapshot.cpp:40
#2 0x5635777dde96 in CSnapshot::GetItemType(int) const src/engine/shared/snapshot.cpp:30
#3 0x56357668caba in CClient::UnpackAndValidateSnapshot(CSnapshot*, CSnapshot*) src/engine/client/client.cpp:2264
#4 0x5635766997cb in CClient::OnDemoPlayerSnapshot(void*, int) src/engine/client/client.cpp:2598
#5 0x56357773f066 in CDemoPlayer::DoTick() src/engine/shared/demo.cpp:659
#6 0x56357774d28b in CDemoPlayer::Update(bool) src/engine/shared/demo.cpp:1007
#7 0x56357669c08b in CClient::Update() src/engine/client/client.cpp:2686
#8 0x5635766be9eb in CClient::Run() src/engine/client/client.cpp:3296
#9 0x56357672f64f in main src/engine/client/client.cpp:4761
src/engine/shared/snapshot.h:18:27: runtime error: member access within misaligned address 0x56357a9c9233 for type 'const struct CSnapshotItem', which requires 4 byte alignment
0x56357a9c9233: note: pointer points here
00 6b ff 00 00 07 00 0a 00 00 00 00 00 07 00 00 00 00 00 00 00 53 00 00 00 00 00 00 00 08 00 0b
^
#0 0x5635777e6da5 in CSnapshotItem::Key() const src/engine/shared/snapshot.h:18
#1 0x5635777de3d5 in CSnapshot::GetItemIndex(int) const src/engine/shared/snapshot.cpp:58
#2 0x5635777ddfa8 in CSnapshot::GetExternalItemType(int) const src/engine/shared/snapshot.cpp:40
#3 0x5635777dde96 in CSnapshot::GetItemType(int) const src/engine/shared/snapshot.cpp:30
#4 0x56357668caba in CClient::UnpackAndValidateSnapshot(CSnapshot*, CSnapshot*) src/engine/client/client.cpp:2264
#5 0x5635766997cb in CClient::OnDemoPlayerSnapshot(void*, int) src/engine/client/client.cpp:2598
#6 0x56357773f066 in CDemoPlayer::DoTick() src/engine/shared/demo.cpp:659
#7 0x56357774d28b in CDemoPlayer::Update(bool) src/engine/shared/demo.cpp:1007
#8 0x56357669c08b in CClient::Update() src/engine/client/client.cpp:2686
#9 0x5635766be9eb in CClient::Run() src/engine/client/client.cpp:3296
#10 0x56357672f64f in main src/engine/client/client.cpp:4761
src/engine/shared/snapshot.cpp:29:41: runtime error: member call on misaligned address 0x56357a9c9233 for type 'struct CSnapshotItem', which requires 4 byte alignment
0x56357a9c9233: note: pointer points here
00 6b ff 00 00 07 00 0a 00 00 00 00 00 07 00 00 00 00 00 00 00 53 00 00 00 00 00 00 00 08 00 0b
^
#0 0x5635777dde55 in CSnapshot::GetItemType(int) const src/engine/shared/snapshot.cpp:29
#1 0x56357668caba in CClient::UnpackAndValidateSnapshot(CSnapshot*, CSnapshot*) src/engine/client/client.cpp:2264
#2 0x5635766997cb in CClient::OnDemoPlayerSnapshot(void*, int) src/engine/client/client.cpp:2598
#3 0x56357773f066 in CDemoPlayer::DoTick() src/engine/shared/demo.cpp:659
#4 0x56357774d28b in CDemoPlayer::Update(bool) src/engine/shared/demo.cpp:1007
#5 0x56357669c08b in CClient::Update() src/engine/client/client.cpp:2686
#6 0x5635766be9eb in CClient::Run() src/engine/client/client.cpp:3296
#7 0x56357672f64f in main src/engine/client/client.cpp:4761
src/engine/shared/snapshot.h:16:28: runtime error: member access within misaligned address 0x56357a9c9233 for type 'const struct CSnapshotItem', which requires 4 byte alignment
0x56357a9c9233: note: pointer points here
00 6b ff 00 00 07 00 0a 00 00 00 00 00 07 00 00 00 00 00 00 00 53 00 00 00 00 00 00 00 08 00 0b
^
#0 0x56357673cdc3 in CSnapshotItem::Type() const src/engine/shared/snapshot.h:16
#1 0x5635777dde5d in CSnapshot::GetItemType(int) const src/engine/shared/snapshot.cpp:29
#2 0x56357668caba in CClient::UnpackAndValidateSnapshot(CSnapshot*, CSnapshot*) src/engine/client/client.cpp:2264
#3 0x5635766997cb in CClient::OnDemoPlayerSnapshot(void*, int) src/engine/client/client.cpp:2598
#4 0x56357773f066 in CDemoPlayer::DoTick() src/engine/shared/demo.cpp:659
#5 0x56357774d28b in CDemoPlayer::Update(bool) src/engine/shared/demo.cpp:1007
#6 0x56357669c08b in CClient::Update() src/engine/client/client.cpp:2686
#7 0x5635766be9eb in CClient::Run() src/engine/client/client.cpp:3296
#8 0x56357672f64f in main src/engine/client/client.cpp:4761
src/engine/client/client.cpp:2265:32: runtime error: member call on misaligned address 0x56357a9c9233 for type 'struct CSnapshotItem', which requires 4 byte alignment
0x56357a9c9233: note: pointer points here
00 6b ff 00 00 07 00 0a 00 00 00 00 00 07 00 00 00 00 00 00 00 53 00 00 00 00 00 00 00 08 00 0b
^
#0 0x56357668cae9 in CClient::UnpackAndValidateSnapshot(CSnapshot*, CSnapshot*) src/engine/client/client.cpp:2265
#1 0x5635766997cb in CClient::OnDemoPlayerSnapshot(void*, int) src/engine/client/client.cpp:2598
#2 0x56357773f066 in CDemoPlayer::DoTick() src/engine/shared/demo.cpp:659
#3 0x56357774d28b in CDemoPlayer::Update(bool) src/engine/shared/demo.cpp:1007
#4 0x56357669c08b in CClient::Update() src/engine/client/client.cpp:2686
#5 0x5635766be9eb in CClient::Run() src/engine/client/client.cpp:3296
#6 0x56357672f64f in main src/engine/client/client.cpp:4761
src/engine/shared/snapshot.cpp:351:36: runtime error: member call on misaligned address 0x7f17d3dceb77 for type 'struct CSnapshotItem', which requires 4 byte alignment
0x7f17d3dceb77: note: pointer points here
e1 e4 ef d9 80 80 80 80 80 80 80 80 80 80 80 80 00 80 80 80 01 00 00 00 4e c3 c4 00 4e c3 c4 00
^
#0 0x5635777e2912 in CSnapshotDelta::UnpackDelta(CSnapshot*, CSnapshot*, void const*, int) src/engine/shared/snapshot.cpp:351
#1 0x56357773d723 in CDemoPlayer::DoTick() src/engine/shared/demo.cpp:631
#2 0x56357774d28b in CDemoPlayer::Update(bool) src/engine/shared/demo.cpp:1007
#3 0x56357669c08b in CClient::Update() src/engine/client/client.cpp:2686
#4 0x5635766be9eb in CClient::Run() src/engine/client/client.cpp:3296
#5 0x56357672f64f in main src/engine/client/client.cpp:4761
src/engine/shared/snapshot.cpp:360:65: runtime error: member call on misaligned address 0x7f17d3dceb77 for type 'struct CSnapshotItem', which requires 4 byte alignment
0x7f17d3dceb77: note: pointer points here
e1 e4 ef d9 80 80 80 80 80 80 80 80 80 80 80 80 00 80 80 80 01 00 00 00 4e c3 c4 00 4e c3 c4 00
^
#0 0x5635777e2999 in CSnapshotDelta::UnpackDelta(CSnapshot*, CSnapshot*, void const*, int) src/engine/shared/snapshot.cpp:360
#1 0x56357773d723 in CDemoPlayer::DoTick() src/engine/shared/demo.cpp:631
#2 0x56357774d28b in CDemoPlayer::Update(bool) src/engine/shared/demo.cpp:1007
#3 0x56357669c08b in CClient::Update() src/engine/client/client.cpp:2686
#4 0x5635766be9eb in CClient::Run() src/engine/client/client.cpp:3296
#5 0x56357672f64f in main src/engine/client/client.cpp:4761
src/engine/shared/snapshot.h:17:26: runtime error: member access within misaligned address 0x7f17d3dceb77 for type 'const struct CSnapshotItem', which requires 4 byte alignment
0x7f17d3dceb77: note: pointer points here
e1 e4 ef d9 80 80 80 80 80 80 80 80 80 80 80 80 00 80 80 80 01 00 00 00 4e c3 c4 00 4e c3 c4 00
^
#0 0x56357673ce5d in CSnapshotItem::ID() const (build-demofuzz/DDNet+0x28a5e5d)
#1 0x5635777e29a1 in CSnapshotDelta::UnpackDelta(CSnapshot*, CSnapshot*, void const*, int) src/engine/shared/snapshot.cpp:360
#2 0x56357773d723 in CDemoPlayer::DoTick() src/engine/shared/demo.cpp:631
#3 0x56357774d28b in CDemoPlayer::Update(bool) src/engine/shared/demo.cpp:1007
#4 0x56357669c08b in CClient::Update() src/engine/client/client.cpp:2686
#5 0x5635766be9eb in CClient::Run() src/engine/client/client.cpp:3296
#6 0x56357672f64f in main src/engine/client/client.cpp:4761
src/engine/shared/snapshot.cpp:657:20: runtime error: member access within misaligned address 0x7ffea3828673 for type 'struct CSnapshotItem', which requires 4 byte alignment
0x7ffea3828673: note: pointer points here
e1 e4 ef d9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
#0 0x5635777e68b8 in CSnapshotBuilder::NewItem(int, int, int) src/engine/shared/snapshot.cpp:657
#1 0x5635777e29f1 in CSnapshotDelta::UnpackDelta(CSnapshot*, CSnapshot*, void const*, int) src/engine/shared/snapshot.cpp:360
#2 0x56357773d723 in CDemoPlayer::DoTick() src/engine/shared/demo.cpp:631
#3 0x56357774d28b in CDemoPlayer::Update(bool) src/engine/shared/demo.cpp:1007
#4 0x56357669c08b in CClient::Update() src/engine/client/client.cpp:2686
#5 0x5635766be9eb in CClient::Run() src/engine/client/client.cpp:3296
#6 0x56357672f64f in main src/engine/client/client.cpp:4761
src/engine/shared/snapshot.cpp:662:19: runtime error: member call on misaligned address 0x7ffea3828673 for type 'struct CSnapshotItem', which requires 4 byte alignment
0x7ffea3828673: note: pointer points here
e1 e4 ef d9 80 80 80 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
#0 0x5635777e6cac in CSnapshotBuilder::NewItem(int, int, int) src/engine/shared/snapshot.cpp:662
#1 0x5635777e29f1 in CSnapshotDelta::UnpackDelta(CSnapshot*, CSnapshot*, void const*, int) src/engine/shared/snapshot.cpp:360
#2 0x56357773d723 in CDemoPlayer::DoTick() src/engine/shared/demo.cpp:631
#3 0x56357774d28b in CDemoPlayer::Update(bool) src/engine/shared/demo.cpp:1007
#4 0x56357669c08b in CClient::Update() src/engine/client/client.cpp:2686
#5 0x5635766be9eb in CClient::Run() src/engine/client/client.cpp:3296
#6 0x56357672f64f in main src/engine/client/client.cpp:4761
src/engine/shared/snapshot.cpp:365:34: runtime error: member call on misaligned address 0x7f17d3dceb77 for type 'struct CSnapshotItem', which requires 4 byte alignment
0x7f17d3dceb77: note: pointer points here
e1 e4 ef d9 80 80 80 80 80 80 80 80 80 80 80 80 00 80 80 80 01 00 00 00 4e c3 c4 00 4e c3 c4 00
^
#0 0x5635777e2a3c in CSnapshotDelta::UnpackDelta(CSnapshot*, CSnapshot*, void const*, int) src/engine/shared/snapshot.cpp:365
#1 0x56357773d723 in CDemoPlayer::DoTick() src/engine/shared/demo.cpp:631
#2 0x56357774d28b in CDemoPlayer::Update(bool) src/engine/shared/demo.cpp:1007
#3 0x56357669c08b in CClient::Update() src/engine/client/client.cpp:2686
#4 0x5635766be9eb in CClient::Run() src/engine/client/client.cpp:3296
#5 0x56357672f64f in main src/engine/client/client.cpp:4761
src/engine/shared/snapshot.cpp:569:21: runtime error: member call on misaligned address 0x7ffea3828673 for type 'struct CSnapshotItem', which requires 4 byte alignment
0x7ffea3828673: note: pointer points here
e1 e4 ef d9 80 80 80 80 80 80 80 80 80 80 80 80 00 80 80 80 01 00 00 00 4e c3 c4 00 4e c3 c4 00
^
#0 0x5635777e528b in CSnapshotBuilder::GetItemData(int) src/engine/shared/snapshot.cpp:569
#1 0x5635777e3109 in CSnapshotDelta::UnpackDelta(CSnapshot*, CSnapshot*, void const*, int) src/engine/shared/snapshot.cpp:401
#2 0x56357773d723 in CDemoPlayer::DoTick() src/engine/shared/demo.cpp:631
#3 0x56357774d28b in CDemoPlayer::Update(bool) src/engine/shared/demo.cpp:1007
#4 0x56357669c08b in CClient::Update() src/engine/client/client.cpp:2686
#5 0x5635766be9eb in CClient::Run() src/engine/client/client.cpp:3296
#6 0x56357672f64f in main src/engine/client/client.cpp:4761
src/engine/shared/packer.cpp:137:6: runtime error: load of misaligned address 0x56357a9d96bd for type 'int', which requires 4 byte alignment
0x56357a9d96bd: note: pointer points here
08 00 0c 00 00 00 ff a0 9b 78 b4 ac ab 81 a8 08 08 00 ff 7f 01 00 00 cb e8 ff ff 00 ce 31 ba 66
^
#0 0x5635777d4172 in CUnpacker::GetUncompressedInt() src/engine/shared/packer.cpp:137
#1 0x56357781ef61 in CNetObjHandler::SecureUnpackObj(int, CUnpacker*) build-demofuzz/src/game/generated/protocol.cpp:430
#2 0x56357668cb57 in CClient::UnpackAndValidateSnapshot(CSnapshot*, CSnapshot*) src/engine/client/client.cpp:2268
#3 0x5635766997cb in CClient::OnDemoPlayerSnapshot(void*, int) src/engine/client/client.cpp:2598
#4 0x56357773ddb0 in CDemoPlayer::DoTick() src/engine/shared/demo.cpp:636
#5 0x56357774d28b in CDemoPlayer::Update(bool) src/engine/shared/demo.cpp:1007
#6 0x56357669c08b in CClient::Update() src/engine/client/client.cpp:2686
#7 0x5635766be9eb in CClient::Run() src/engine/client/client.cpp:3296
#8 0x56357672f64f in main src/engine/client/client.cpp:4761
src/engine/client/client.cpp:2281:64: runtime error: member call on misaligned address 0x56357a9d96b9 for type 'struct CSnapshotItem', which requires 4 byte alignment
0x56357a9d96b9: note: pointer points here
d3 2d 00 08 08 00 0c 00 00 00 ff a0 9b 78 b4 ac ab 81 a8 08 08 00 ff 7f 01 00 00 cb e8 ff ff 00
^
#0 0x56357668d33e in CClient::UnpackAndValidateSnapshot(CSnapshot*, CSnapshot*) src/engine/client/client.cpp:2281
#1 0x5635766997cb in CClient::OnDemoPlayerSnapshot(void*, int) src/engine/client/client.cpp:2598
#2 0x56357773ddb0 in CDemoPlayer::DoTick() src/engine/shared/demo.cpp:636
#3 0x56357774d28b in CDemoPlayer::Update(bool) src/engine/shared/demo.cpp:1007
#4 0x56357669c08b in CClient::Update() src/engine/client/client.cpp:2686
#5 0x5635766be9eb in CClient::Run() src/engine/client/client.cpp:3296
#6 0x56357672f64f in main src/engine/client/client.cpp:4761
src/engine/shared/snapshot.cpp:570:27: runtime error: member call on misaligned address 0x7ffea38289b5 for type 'struct CSnapshotItem', which requires 4 byte alignment
0x7ffea38289b5: note: pointer points here
d3 2d 00 08 08 00 0c 00 00 00 ff a0 9b 78 b4 ac ab 81 a8 08 08 00 ff 7f 01 00 00 cb e8 ff ff 00
^
#0 0x5635777e52f8 in CSnapshotBuilder::GetItemData(int) src/engine/shared/snapshot.cpp:570
#1 0x5635777e3109 in CSnapshotDelta::UnpackDelta(CSnapshot*, CSnapshot*, void const*, int) src/engine/shared/snapshot.cpp:401
#2 0x56357773d723 in CDemoPlayer::DoTick() src/engine/shared/demo.cpp:631
#3 0x56357774d28b in CDemoPlayer::Update(bool) src/engine/shared/demo.cpp:1007
#4 0x56357669c08b in CClient::Update() src/engine/client/client.cpp:2686
#5 0x5635766be9eb in CClient::Run() src/engine/client/client.cpp:3296
#6 0x56357672f64f in main src/engine/client/client.cpp:4761
src/engine/shared/snapshot.cpp:412:46: runtime error: member call on misaligned address 0x7f17d3dceedd for type 'struct CSnapshotItem', which requires 4 byte alignment
0x7f17d3dceedd: note: pointer points here
d3 2d 00 08 08 00 0c 00 00 00 ff a0 9b 78 b4 ac ab 81 a8 08 08 00 ff 7f 01 00 00 cb e8 ff ff 00
^
#0 0x5635777e32d4 in CSnapshotDelta::UnpackDelta(CSnapshot*, CSnapshot*, void const*, int) src/engine/shared/snapshot.cpp:412
#1 0x56357773d723 in CDemoPlayer::DoTick() src/engine/shared/demo.cpp:631
#2 0x56357774d28b in CDemoPlayer::Update(bool) src/engine/shared/demo.cpp:1007
#3 0x56357669c08b in CClient::Update() src/engine/client/client.cpp:2686
#4 0x5635766be9eb in CClient::Run() src/engine/client/client.cpp:3296
#5 0x56357672f64f in main src/engine/client/client.cpp:4761
src/engine/shared/snapshot.cpp:189:11: runtime error: load of misaligned address 0x7f17d3dceee1 for type 'int', which requires 4 byte alignment
0x7f17d3dceee1: note: pointer points here
08 00 0c 00 00 00 ff a0 9b 78 b4 ac ab 81 a8 08 08 00 ff 7f 01 00 00 cb e8 ff ff 00 ce 31 ba 66
^
#0 0x5635777e011c in CSnapshotDelta::UndiffItem(int*, int*, int*, int, int*) src/engine/shared/snapshot.cpp:189
#1 0x5635777e32fb in CSnapshotDelta::UnpackDelta(CSnapshot*, CSnapshot*, void const*, int) src/engine/shared/snapshot.cpp:412
#2 0x56357773d723 in CDemoPlayer::DoTick() src/engine/shared/demo.cpp:631
#3 0x56357774d28b in CDemoPlayer::Update(bool) src/engine/shared/demo.cpp:1007
#4 0x56357669c08b in CClient::Update() src/engine/client/client.cpp:2686
#5 0x5635766be9eb in CClient::Run() src/engine/client/client.cpp:3296
#6 0x56357672f64f in main src/engine/client/client.cpp:4761