用最新编译的LIB在WSL下crash的问题 #957
Description
使用最新的驱动运行我的炎黄MUD在登录时就crash了,日志如下:
Accepting telnet connections on 0.0.0.0:5566.
Accepting telnet connections on 0.0.0.0:6666.
Accepting websocket connections on 0.0.0.0:8888.
Initializations complete.
/root/fluffos/src/packages/core/rc.cc:15:24: runtime error: index 256 out of bounds for type 'char *[255]'
/root/fluffos/src/packages/core/rc.cc:15:24: runtime error: load of address 0x7fd9fbb624a0 with insufficient space for an object of type 'char *'
0x7fd9fbb624a0: note: pointer points here
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
=================================================================
==1347==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7fd9fbb624a0 at pc 0x7fd9f994b79e bp 0x7fffff21a200 sp 0x7fffff21a1f0
READ of size 8 at 0x7fd9fbb624a0 thread T0
#0 0x7fd9f994b79d in get_config_item(svalue_t*, svalue_t*) /root/fluffos/src/packages/core/rc.cc:15
#1 0x7fd9f994ba73 in f_get_config() /root/fluffos/src/packages/core/rc.cc:28
#2 0x7fd9f95ef66d in eval_instruction(char*) /root/fluffos/src/vm/internal/base/interpret.cc:3791
#3 0x7fd9f96a545c in apply_low(char const*, object_t*, int) /root/fluffos/src/vm/internal/apply.cc:267
#4 0x7fd9f96a5697 in apply(char const*, object_t*, int, int) /root/fluffos/src/vm/internal/apply.cc:293
#5 0x7fd9f96762fd in call_create(object_t*, int) /root/fluffos/src/vm/internal/base/object.cc:1961
#6 0x7fd9f96d0d65 in load_object(char const*, int) /root/fluffos/src/vm/internal/simulate.cc:574
#7 0x7fd9f96dc222 in find_object(char const*) /root/fluffos/src/vm/internal/simulate.cc:1473
#8 0x7fd9f98d98d4 in f__call_other() /root/fluffos/src/packages/core/efuns_main.cc:220
#9 0x7fd9f95ef66d in eval_instruction(char*) /root/fluffos/src/vm/internal/base/interpret.cc:3791
#10 0x7fd9f96a545c in apply_low(char const*, object_t*, int) /root/fluffos/src/vm/internal/apply.cc:267
#11 0x7fd9f96a5697 in apply(char const*, object_t*, int, int) /root/fluffos/src/vm/internal/apply.cc:293
#12 0x7fd9f96a5968 in safe_apply(char const*, object_t*, int, int) /root/fluffos/src/vm/internal/apply.cc:322
#13 0x7fd9f97154fe in call_function_interactive /root/fluffos/src/comm.cc:1435
#14 0x7fd9f9712295 in process_user_command(interactive_t*) /root/fluffos/src/comm.cc:1200
#15 0x7fd9f96ff931 in on_user_command /root/fluffos/src/comm.cc:99
#16 0x7fd9f9d2da54 in event_process_active_single_queue /root/fluffos/src/thirdparty/libevent/event.c:1713
#17 0x7fd9f9d2f6a8 in event_process_active /root/fluffos/src/thirdparty/libevent/event.c:1805
#18 0x7fd9f9d3267e in event_base_loop /root/fluffos/src/thirdparty/libevent/event.c:2047
#19 0x7fd9f96efa1f in backend(event_base*) /root/fluffos/src/backend.cc:239
#20 0x7fd9f93c93f7 in driver_main /root/fluffos/src/mainlib.cc:435
#21 0x7fd9f93c636c in main /root/fluffos/src/main.cc:5
#22 0x7fd9f3ba4082 in __libc_start_main ../csu/libc-start.c:308
#23 0x7fd9f93c628d in _start (/usr/local/games/driver+0x15f428d)
0x7fd9fbb624a0 is located 8 bytes to the right of global variable 'config_str' defined in '/root/fluffos/src/base/internal/rc.cc:25:7' (0x7fd9fbb61ca0) of size 2040
0x7fd9fbb624a0 is located 32 bytes to the left of global variable 'config_int' defined in '/root/fluffos/src/base/internal/rc.cc:26:5' (0x7fd9fbb624c0) of size 1020
SUMMARY: AddressSanitizer: global-buffer-overflow /root/fluffos/src/packages/core/rc.cc:15 in get_config_item(svalue_t*, svalue_t*)
Shadow bytes around the buggy address:
0x0ffbbf764440: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffbbf764450: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffbbf764460: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffbbf764470: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffbbf764480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0ffbbf764490: 00 00 00 f9[f9]f9 f9 f9 00 00 00 00 00 00 00 00
0x0ffbbf7644a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffbbf7644b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffbbf7644c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffbbf7644d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffbbf7644e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==1347==ABORTING
同样的代码,同一个版本的驱动,在windows下正常,好奇怪呀~