[invalid] r3325: Buffer overflow (on a broken build)

[tomreyn]

While playing on titi's server, I ran into a buffer overflow on r3325 on my ATI box running Ubuntu 12.04 x86_64 today.

uname -a:

Code: [Select]

Linux atibox 3.2.0-24-generic #38-Ubuntu SMP Tue May 1 16:18:50 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

Code: [Select]

*** buffer overflow detected ***: ./megaglest terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7f7715cef007]
/lib/x86_64-linux-gnu/libc.so.6(+0x107f00)[0x7f7715cedf00]
/lib/x86_64-linux-gnu/libc.so.6(+0x108fbe)[0x7f7715ceefbe]
./megaglest(_ZN6Shared8Platform6Socket10isWritableEP7timeval+0x5d)[0x9cc33d]
./megaglest(_ZN6Shared8Platform6Socket11isConnectedEv+0x47)[0x9cc537]
./megaglest(_ZN6Shared8Platform6Socket13getDataToReadEb+0xd9)[0x9cdb09]
./megaglest(_ZN5Glest4Game16NetworkInterface18getNextMessageTypeEv+0x6a)[0x79d2aa]
./megaglest(_ZN5Glest4Game15ClientInterface14waitForMessageEv+0x40)[0x7a54a0]
./megaglest(_ZN5Glest4Game15ClientInterface11updateFrameEPi+0x118)[0x7a9598]
./megaglest(_ZN5Glest4Game15ClientInterface10simpleTaskEPN6Shared14PlatformCommon10BaseThreadE+0x46)[0x7ac666]
./megaglest(_ZN6Shared14PlatformCommon16SimpleTaskThread7executeEv+0x384)[0x960674]
./megaglest(_ZN6Shared8Platform6Thread14beginExecutionEPv+0xf)[0x9b240f]
/usr/lib/x86_64-linux-gnu/libSDL-1.2.so.0(+0x12fd5)[0x7f7718eb2fd5]
/usr/lib/x86_64-linux-gnu/libSDL-1.2.so.0(+0x56999)[0x7f7718ef6999]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x7e9a)[0x7f7718c8ae9a]
/lib/x86_64-linux-gnu/libc.so.6(clone+0x6d)[0x7f7715cd84bd]
======= Memory map: ========
00400000-00af4000 r-xp 00000000 fc:02 12189707                           /home/tomreyn/SCM/megaglest-trunk/mk/linux/megaglest
00cf4000-00cf5000 r--p 006f4000 fc:02 12189707                           /home/tomreyn/SCM/megaglest-trunk/mk/linux/megaglest
00cf5000-00cf7000 rw-p 006f5000 fc:02 12189707                           /home/tomreyn/SCM/megaglest-trunk/mk/linux/megaglest
00cf7000-00d0c000 rw-p 00000000 00:00 0
01654000-1fa95000 rw-p 00000000 00:00 0                                  [heap]
7f76ac000000-7f76ac021000 rw-p 00000000 00:00 0
7f76ac021000-7f76b0000000 ---p 00000000 00:00 0
7f76b4000000-7f76b4353000 rw-p 00000000 00:00 0
7f76b4353000-7f76b8000000 ---p 00000000 00:00 0
7f76bc000000-7f76bc7b5000 rw-p 00000000 00:00 0
7f76bc7b5000-7f76c0000000 ---p 00000000 00:00 0
7f76c4000000-7f76c4610000 rw-p 00000000 00:00 0
7f76c4610000-7f76c8000000 ---p 00000000 00:00 0
7f76cc000000-7f76cc021000 rw-p 00000000 00:00 0
7f76cc021000-7f76d0000000 ---p 00000000 00:00 0
7f76d4000000-7f76d4aaa000 rw-p 00000000 00:00 0
7f76d4aaa000-7f76d8000000 ---p 00000000 00:00 0
7f76d8dfa000-7f76d8dfb000 rw-p 00000000 00:00 0
7f76d8dfb000-7f76d97fb000 rwxp 00000000 00:00 0
7f76d97fb000-7f76d97fc000 ---p 00000000 00:00 0
7f76d97fc000-7f76d9ffc000 rw-p 00000000 00:00 0
7f76d9ffc000-7f76d9ffd000 ---p 00000000 00:00 0
7f76d9ffd000-7f76da7fd000 rw-p 00000000 00:00 0
7f76da7fd000-7f76da7fe000 ---p 00000000 00:00 0
7f76da7fe000-7f76daffe000 rw-p 00000000 00:00 0
7f76daffe000-7f76dafff000 ---p 00000000 00:00 0
7f76dafff000-7f76db7ff000 rw-p 00000000 00:00 0
7f76db7ff000-7f76db800000 ---p 00000000 00:00 0
7f76db800000-7f76dc000000 rw-p 00000000 00:00 0
7f76dc000000-7f76dc021000 rw-p 00000000 00:00 0
7f76dc021000-7f76e0000000 ---p 00000000 00:00 0
7f76e0000000-7f76e0087000 rw-p 00000000 00:00 0
7f76e0087000-7f76e4000000 ---p 00000000 00:00 0
7f76e4000000-7f76e403a000 rw-p 00000000 00:00 0
7f76e403a000-7f76e8000000 ---p 00000000 00:00 0
7f76e8000000-7f76e8021000 rw-p 00000000 00:00 0
7f76e8021000-7f76ec000000 ---p 00000000 00:00 0
7f76ec000000-7f76ec021000 rw-p 00000000 00:00 0
7f76ec021000-7f76f0000000 ---p 00000000 00:00 0
7f76f0261000-7f76f0263000 rw-s 13c09e000 00:05 7507                      /dev/dri/card0
7f76f0263000-7f76f0266000 rw-s 13c099000 00:05 7507                      /dev/dri/card0
7f76f0266000-7f76f0268000 rw-s 13c097000 00:05 7507                      /dev/dri/card0
7f76f0268000-7f76f026b000 rw-s 13c092000 00:05 7507                      /dev/dri/card0
7f76f026b000-7f76f027b000 rw-s 13c06c000 00:05 7507                      /dev/dri/card0
7f76f027b000-7f76f027c000 ---p 00000000 00:00 0
7f76f027c000-7f76f0a7c000 rw-p 00000000 00:00 0
7f76f0a7c000-7f76f0a7d000 ---p 00000000 00:00 0
7f76f0a7d000-7f76f127d000 rw-p 00000000 00:00 0
7f76f127d000-7f76f127e000 ---p 00000000 00:00 0
7f76f127e000-7f76f1a7e000 rw-p 00000000 00:00 0
7f76f1a7e000-7f76f1a85000 r-xp 00000000 fc:01 688879                     /lib/x86_64-linux-gnu/libnss_dns-2.15.so
7f76f1a85000-7f76f1c84000 ---p 00007000 fc:01 688879                     /lib/x86_64-linux-gnu/libnss_dns-2.15.so
7f76f1c84000-7f76f1c85000 r--p 00006000 fc:01 688879                     /lib/x86_64-linux-gnu/libnss_dns-2.15.so
7f76f1c85000-7f76f1c86000 rw-p 00007000 fc:01 688879                     /lib/x86_64-linux-gnu/libnss_dns-2.15.so
7f76f1c86000-7f76f1c87000 ---p 00000000 00:00 0
7f76f1c87000-7f76f2487000 rw-p 00000000 00:00 0
7f76f2487000-7f76f2488000 ---p 00000000 00:00 0
7f76f2488000-7f76f2c88000 rw-p 00000000 00:00 0
7f76f2c88000-7f76f2d88000 rw-s 13e0d7000 00:05 7507                      /dev/dri/card0
7f76f2d89000-7f76f2e89000 rw-s 13bf60000 00:05 7507                      /dev/dri/card0
7f76f2e89000-7f76f2e8a000 rw-s 13bf4f000 00:05 7507                      /dev/dri/card0
7f76f2e8a000-7f76f2e8b000 rw-s 13bf4e000 00:05 7507                      /dev/dri/card0
7f76f2e8b000-7f76f2e8c000 rw-s 13bf4d000 00:05 7507                      /dev/dri/card0
7f76f2e8c000-7f76f2e8d000 rw-s 13bf4c000 00:05 7507                      /dev/dri/card0
7f76f2e8d000-7f76f2e8e000 rw-s 13bf3c000 00:05 7507                      /dev/dri/card0
7f76f2e8e000-7f76f2e8f000 rw-s 13bf3b000 00:05 7507                      /dev/dri/card0
7f76f2e8f000-7f76f2e90000 rw-s 13bf3a000 00:05 7507                      /dev/dri/card0
7f76f2e90000-7f76f2e91000 rw-s 13bf39000 00:05 7507                      /dev/dri/card0
7f76f2e91000-7f76f2e92000 rw-s 13bf38000 00:05 7507                      /dev/dri/card0
7f76f2e92000-7f76f2e93000 rw-s 13bf37000 00:05 7507                      /dev/dri/card0
7f76f2e93000-7f76f2e94000 rw-s 13bf36000 00:05 7507                      /dev/dri/card0
7f76f2e94000-7f76f2e95000 rw-s 13bf35000 00:05 7507                      /dev/dri/card0
7f76f2e95000-7f76f2e96000 rw-s 13bf34000 00:05 7507                      /dev/dri/card0
7f76f2e96000-7f76f2e97000 rw-s 13bf33000 00:05 7507                      /dev/dri/card0
7f76f2e97000-7f76f2e98000 rw-s 13bf32000 00:05 7507                      /dev/dri/card0
7f76f2e98000-7f76f2e99000 rw-s 13bf31000 00:05 7507                      /dev/dri/card0
7f76f2e99000-7f76f2e9a000 rw-s 13bf30000 00:05 7507                      /dev/dri/card0
7f76f2e9a000-7f76f2e9b000 rw-s 13bf2f000 00:05 7507                      /dev/dri/card0
7f76f2e9b000-7f76f2e9c000 rw-s 13bf2e000 00:05 7507                      /dev/dri/card0
7f76f2e9c000-7f76f2e9d000 rw-s 13bf2d000 00:05 7507                      /dev/dri/card0
7f76f2e9d000-7f76f2e9e000 rw-s 13bf2c000 00:05 7507                      /dev/dri/card0
7f76f2e9e000-7f76f2e9f000 rw-s 13bf2b000 00:05 7507                      /dev/dri/card0
7f76f2e9f000-7f76f2ea0000 rw-s 13bf2a000 00:05 7507                      /dev/dri/card0
7f76f2ea0000-7f76f2ea1000 rw-s 13bf29000 00:05 7507                      /dev/dri/card0
7f76f2ea1000-7f76f2ea2000 rw-s 13bf28000 00:05 7507                      /dev/dri/card0
7f76f2ea2000-7f76f2ea3000 rw-s 13bf27000 00:05 7507                      /dev/dri/card0
7f76f2ea3000-7f76f2ea4000 rw-s 13bf26000 00:05 7507                      /dev/dri/card0
7f76f2ea4000-7f76f2ea5000 rw-s 13bf25000 00:05 7507                      /dev/dri/card0
7f76f2ea5000-7f76f2ea6000 rw-s 13bf24000 00:05 7507                      /dev/dri/card0
7f76f2ea6000-7f76f2ea7000 rw-s 13bf23000 00:05 7507                      /dev/dri/card0
7f76f2ea7000-7f76f2ea8000 rw-s 13bf22000 00:05 7507                      /dev/dri/card0
7f76f2ea8000-7f76f2ea9000 rw-s 13bf21000 00:05 7507                      /dev/dri/card0
7f76f2ea9000-7f76f2eaa000 rw-s 13bf20000 00:05 7507                      /dev/dri/card0
7f76f2eaa000-7f76f2eab000 rw-s 13bf1f000 00:05 7507                      /dev/dri/card0
7f76f2eab000-7f76f2eac000 rw-s 13bf1e000 00:05 7507                      /dev/dri/card0
7f76f2eac000-7f76f2ead000 rw-s 13bf1d000 00:05 7507                      /dev/dri/card0
7f76f2ead000-7f76f2eae000 rw-s 13bf1c000 00:05 7507                      /dev/dri/card0
7f76f2eae000-7f76f2eaf000 rw-s 13bf1b000 00:05 7507                      /dev/dri/card0
7f76f2eaf000-7f76f2eb0000 rw-s 13bf1a000 00:05 7507                      /dev/dri/card0
7f76f2eb0000-7f76f2eb1000 rw-s 13bf19000 00:05 7507                      /dev/dri/card0
7f76f2eb1000-7f76f2eb2000 rw-s 13bf18000 00:05 7507                      /dev/dri/card0
7f76f2eb2000-7f76f2eb3000 rw-s 13bf17000 00:05 7507                      /dev/dri/card0
7f76f2eb3000-7f76f2eb4000 rw-s 13bf16000 00:05 7507                      /dev/dri/card0
7f76f2eb4000-7f76f2eb5000 rw-s 13bf15000 00:05 7507                      /dev/dri/card0
7f76f2eb5000-7f76f2eb6000 rw-s 13bf13000 00:05 7507                      /dev/dri/card0
7f76f2eb6000-7f76f2eb7000 rw-s 13bf12000 00:05 7507                      /dev/dri/card0
7f76f2eb7000-7f76f2eb8000 rw-s 13bf11000 00:05 7507                      /dev/dri/card0
7f76f2eb8000-7f76f2eb9000 rw-s 13bf10000 00:05 7507                      /dev/dri/card0
7f76f2eb9000-7f76f2eba000 rw-s 13bf0f000 00:05 7507                      /dev/dri/card0
7f76f2eba000-7f76f2ebb000 rw-s 13bf0e000 00:05 7507                      /dev/dri/card0
7f76f2ebb000-7f76f2ebc000 rw-s 13bf0d000 00:05 7507                      /dev/dri/card0
7f76f2ebc000-7f76f2ebd000 rw-s 13bf0c000 00:05 7507                      /dev/dri/card0
7f76f2ebd000-7f76f2ebe000 rw-s 13bef9000 00:05 7507                      /dev/dri/card0
7f76f2ebe000-7f76f2ebf000 rw-s 13bef8000 00:05 7507                      /dev/dri/card0
7f76f2ebf000-7f76f2ec0000 rw-s 13bef7000 00:05 7507                      /dev/dri/card0
7f76f2ec0000-7f76f2ec1000 rw-s 13bef6000 00:05 7507                      /dev/dri/card0
7f76f2ec1000-7f76f2ec2000 rw-s 13beeb000 00:05 7507                      /dev/dri/card0
7f76f2ec2000-7f76f2ec3000 rw-s 13beea000 00:05 7507                      /dev/dri/card0
7f76f2ec3000-7f76f2ec4000 rw-s 13bee9000 00:05 7507                      /dev/dri/card0
7f76f2ec4000-7f76f2ec5000 rw-s 13bee8000 00:05 7507                      /dev/dri/card0
7f76f2ec5000-7f76f2ec6000 rw-s 13bee7000 00:05 7507                      /dev/dri/card0
7f76f2ec6000-7f76f2ec7000 rw-s 13bee6000 00:05 7507                      /dev/dri/card0
7f76f2ec7000-7f76f2ec8000 rw-s 13bee5000 00:05 7507                      /dev/dri/card0
7f76f2ec8000-7f76f2ec9000 rw-s 13bee4000 00:05 7507                      /dev/dri/card0
7f76f2ec9000-7f76f2eca000 rw-s 13bee3000 00:05 7507                      /dev/dri/card0
7f76f2eca000-7f76f2ecb000 rw-s 13bee2000 00:05 7507                      /dev/dri/card0
7f76f2ecb000-7f76f2ecc000 rw-s 13bee1000 00:05 7507                      /dev/dri/card0
7f76f2ecc000-7f76f2ecd000 rw-s 13bee0000 00:05 7507                      /dev/dri/card0
7f76f2ecd000-7f76f2ece000 rw-s 13bedf000 00:05 7507                      /dev/dri/card0
7f76f2ece000-7f76f2ecf000 rw-s 13bede000 00:05 7507                      /dev/dri/card0
7f76f2ecf000-7f76f2ed0000 rw-s 13bedd000 00:05 7507                      /dev/dri/card0
7f76f2ed0000-7f76f2ed1000 rw-s 13bedc000 00:05 7507                      /dev/dri/card0
7f76f2ed1000-7f76f2ed2000 rw-s 13bedb000 00:05 7507                      /dev/dri/card0
7f76f2ed2000-7f76f2ed3000 rw-s 13beda000 00:05 7507                      /dev/dri/card0
7f76f2ed3000-7f76f2ed4000 rw-s 13bed9000 00:05 7507                      /dev/dri/card0
7f76f2ed4000-7f76f2ed5000 rw-s 13bed8000 00:05 7507                      /dev/dri/card0
7f76f2ed5000-7f76f2ed6000 rw-s 13bed7000 00:05 7507                      /dev/dri/card0
7f76f2ed6000-7f76f2ed7000 rw-s 13bed6000 00:05 7507                      /dev/dri/card0
7f76f2ed7000-7f76f2ed8000 rw-s 13bed5000 00:05 7507                      /dev/dri/card0
7f76f2ed8000-7f76f2ed9000 rw-s 13bed4000 00:05 7507                      /dev/dri/card0
7f76f2ed9000-7f76f2eda000 rw-s 13bed3000 00:05 7507                      /dev/dri/card0
7f76f2eda000-7f76f2edb000 rw-s 13bed2000 00:05 7507                      /dev/dri/card0
7f76f2edb000-7f76f2edc000 rw-s 13bed1000 00:05 7507                      /dev/dri/card0
7f76f2edc000-7f76f2edd000 rw-s 13bed0000 00:05 7507                      /dev/dri/card0
7f76f2edd000-7f76f2ede000 rw-s 13becf000 00:05 7507                      /dev/dri/card0
7f76f2ede000-7f76f2edf000 rw-s 13bece000 00:05 7507                      /dev/dri/card0
7f76f2edf000-7f76f2ee0000 rw-s 13becd000 00:05 7507                      /dev/dri/card0
7f76f2ee0000-7f76f2ee1000 rw-s 13becc000 00:05 7507                      /dev/dri/card0
7f76f2ee1000-7f76f2ee2000 rw-s 13becb000 00:05 7507                      /dev/dri/card0
7f76f2ee2000-7f76f2ee3000 rw-s 13beca000 00:05 7507                      /dev/dri/card0
7f76f2ee3000-7f76f2ee4000 rw-s 13bec9000 00:05 7507                      /dev/dri/card0
7f76f2ee4000-7f76f2ee5000 rw-s 13bec8000 00:05 7507                      /dev/dri/card0
7f76f2ee5000-7f76f2ee6000 rw-s 13bec7000 00:05 7507                      /dev/dri/card0
7f76f2ee6000-7f76f2ee7000 rw-s 13bec6000 00:05 7507                      /dev/dri/card0
7f76f2ee7000-7f76f2ee8000 rw-s 13bec5000 00:05 7507                      /dev/dri/card0
7f76f2ee8000-7f76f2ee9000 rw-s 13bec4000 00:05 7507                      /dev/dri/card0
7f76f2ee9000-7f76f2eea000 rw-s 13bec3000 00:05 7507                      /dev/dri/card0
7f76f2eea000-7f76f2eeb000 rw-s 13bec2000 00:05 7507                      /dev/dri/card0
7f76f2eeb000-7f76f2eec000 rw-s 13bec1000 00:05 7507                      /dev/dri/card0
7f76f2eec000-7f76f2eed000 rw-s 13bec0000 00:05 7507                      /dev/dri/card0
7f76f2eed000-7f76f2efd000 rw-s 13be71000 00:05 7507                      /dev/dri/card0megaglest v3.6.1-dev
Compiled using: GNUC: 40603 [64bit] on: May 15 2012 23:57:18
SVN: [Rev: 3324M] - using STREFLOP [SSE] - [no-denormals]
[2012-05-16 00:45:23] *ERROR* In [/home/tomreyn/SCM/megaglest-trunk/source/glest_game/game/commander.cpp::buildCommand Line: 989]
Can not find command type for network command = [networkCommandType = 0
unitId = 700026
commandTypeId = 2
positionX = 209
positionY = 441
unitTypeId = 3
targetId = 0
wantQueue= 0
fromFactionIndex = 0
unitFactionUnitCount = 42
unitFactionIndex = 7, commandStateType = 0, commandStateValue = -1, unitCommandGroupId = -1]
Commands:  id = 0 id = 1
for unit = 700026
[farm]
[

HP: 3000/3000
Armor: 0 (wood)
Sight: 5
Produce: 10 food
Store: 20 food]
actual local factionIndex = 7.
Unit Type Info:
[Unit Name: [farm] id = 4 maxHp = 3000 hpRegeneration = 0 maxEp = 0 epRegeneration = 0 maxUnitCount = 0 fields index = 0 value = 1 fields index = 1 value = 0 properties index = 0 value = 1 properties index = 1 value = 0 armor = 0 armorType Name: [wood id = 2 light = 0 lightColor = x [0] y [0] z [0] multiSelect = 0 sight = 5 size = 4 height = 2 rotatedBuildPos = 0.00 rotationAllowed = 1 cellMap: [4] i = 0 j = 0 value = 1 i = 0 j = 1 value = 1 i = 0 j = 2 value = 0 i = 0 j = 3 value = 1 i = 1 j = 0 value = 0 i = 1 j = 1 value = 0 i = 1 j = 2 value = 0 i = 1 j = 3 value = 0 i = 2 j = 0 value = 1 i = 2 j = 1 value = 1 i = 2 j = 2 value = 0 i = 2 j = 3 value = 1 i = 3 j = 0 value = 1 i = 3 j = 1 value = 1 i = 3 j = 2 value = 0 i = 3 j = 3 value = 1 skillTypes: [5] i = 0 Be built i = 1 Stop i = 2 Produce i = 3 Die i = 4 Upgrade commandTypes: [2] i = 0 Produce i = 1 Upgrade storedResources: [1] i = 0 food
20/0 levels: [0] meetingPoint = 1 countInVictoryConditions = 0]
Network unit type:
[fakir]
Game out of synch.
[2012-05-16 00:45:25] *ERROR* In [game.cpp::update Line: 1496] Error [Error [#3]: Game is out of sync, please check log files for details.
Stack Trace:
./megaglest:Shared::Platform::megaglest_runtime_error::megaglest_runtime_error(std::string const&) address [0x9b2326] line: 246
./megaglest:Glest::Game::Commander::buildCommand(Glest::Game::NetworkCommand const*) const address [0x52e140] line: 1007
./megaglest:Glest::Game::Commander::giveNetworkCommand(Glest::Game::NetworkCommand*) const address [0x532dde] line: 845
./megaglest:Glest::Game::Commander::updateNetwork(Glest::Game::Game*) address [0x535a7f] line: 605
./megaglest:Glest::Game::Game::update() address [0x576232] line: 1311
./megaglest:Glest::Game::Program::loopWorker() address [0x667706] line: 432
./megaglest:Glest::Game::glestMain(int, char**) address [0x64da64] line: 4570
./megaglest:Glest::Game::glestMainWrapper(int, char**) address [0x650f76] line: 4750
/lib/x86_64-linux-gnu/libc.so.6:__libc_start_main() address [0x7f7715c0776d] line: 0
./megaglest() [0x4b4549] address [0x4b4549]
]

Note that the buffer overflow output is listed before the actual game output since I'm buffering the game output (due to using tee to also log to a file).
For the GDB backtrace on the core file which was written, please see the above pastebin link.

[tomreyn]

Yesterday, when testing r3336 with Pizza90 and Jammy, I ran into another buffer overflow: http://megaglest.pzt.me/5rux
It occurred quickly or even immediately after starting the game. The game continued to run, and we were still able with chat to each other, but orders I gave to my units were not carried out, and ony my screen there was no unit movement at all, while Pizza and Jammy told me their units were moving.

[tomreyn]

This one may have been caused by a broken build I had. It hasn't occurred since I did a full rebuild (but I have also not played much on it since). I'll tag this [more info] for now until I can reproduce it.

[tomreyn]

I have been unable to reproduce this, and consider it [invalid] because it was likely caused by a broken build.