Page MenuHome
Paste P858

T58671 ASAN
ActivePublic

Authored by Philipp Oeser (lichtwerk) on Tue, Dec 4, 10:32 AM.
=================================================================
==10367==ERROR: AddressSanitizer: heap-use-after-free on address 0x611000ac98a0 at pc 0x000001eaafa7 bp 0x7ffc0c869650 sp 0x7ffc0c869640
READ of size 4 at 0x611000ac98a0 thread T0
#0 0x1eaafa6 in track_channel_color /blender/source/blender/editors/space_clip/clip_dopesheet_draw.c:63
#1 0x1eadd0f in clip_draw_dopesheet_channels /blender/source/blender/editors/space_clip/clip_dopesheet_draw.c:337
#2 0x1e7e4d7 in clip_channels_region_draw /blender/source/blender/editors/space_clip/space_clip.c:1119
#3 0x29b45c0 in ED_region_do_draw /blender/source/blender/editors/screen/area.c:529
#4 0x1aae902 in wm_draw_window_offscreen /blender/source/blender/windowmanager/intern/wm_draw.c:580
#5 0x1aaf425 in wm_draw_window /blender/source/blender/windowmanager/intern/wm_draw.c:712
#6 0x1aafe66 in wm_draw_update /blender/source/blender/windowmanager/intern/wm_draw.c:866
#7 0x1aa807b in WM_main /blender/source/blender/windowmanager/intern/wm.c:433
#8 0x1a9d821 in main /blender/source/creator/creator.c:521
#9 0x7f88242f3412 in __libc_start_main (/lib64/libc.so.6+0x24412)
#10 0x1a9cc5d in _start (/build_28_ASAN/bin/blender+0x1a9cc5d)
0x611000ac98a0 is located 160 bytes inside of 216-byte region [0x611000ac9800,0x611000ac98d8)
freed by thread T0 here:
#0 0x7f882785b480 in free (/lib64/libasan.so.5+0xef480)
#1 0x50a6676 in MEM_lockfree_freeN /blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:164
#2 0x4aee38a in BLI_freelinkN /blender/source/blender/blenlib/intern/listbase.c:257
#3 0x1ed1414 in clip_delete_track /blender/source/blender/editors/space_clip/clip_utils.c:211
#4 0x1e81a0b in delete_track_exec /blender/source/blender/editors/space_clip/tracking_ops.c:253
#5 0x1ab8769 in wm_operator_invoke /blender/source/blender/windowmanager/intern/wm_event_system.c:1337
#6 0x1ab975c in wm_operator_call_internal /blender/source/blender/windowmanager/intern/wm_event_system.c:1534
#7 0x1ab99f5 in WM_operator_name_call_ptr /blender/source/blender/windowmanager/intern/wm_event_system.c:1582
#8 0x22c3dcc in ui_apply_but_funcs_after /blender/source/blender/editors/interface/interface_handlers.c:767
#9 0x230c272 in ui_popup_handler /blender/source/blender/editors/interface/interface_handlers.c:9910
#10 0x1ab2ea5 in wm_handler_ui_call /blender/source/blender/windowmanager/intern/wm_event_system.c:573
#11 0x1abe911 in wm_handlers_do_intern /blender/source/blender/windowmanager/intern/wm_event_system.c:2374
#12 0x1abfcad in wm_handlers_do /blender/source/blender/windowmanager/intern/wm_event_system.c:2607
#13 0x1ac2afd in wm_event_do_handlers /blender/source/blender/windowmanager/intern/wm_event_system.c:2997
#14 0x1aa8063 in WM_main /blender/source/blender/windowmanager/intern/wm.c:427
#15 0x1a9d821 in main /blender/source/creator/creator.c:521
#16 0x7f88242f3412 in __libc_start_main (/lib64/libc.so.6+0x24412)
previously allocated by thread T0 here:
#0 0x7f882785ba50 in __interceptor_calloc (/lib64/libasan.so.5+0xefa50)
#1 0x50a6afb in MEM_lockfree_callocN /blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:282
#2 0x43aa562 in BKE_tracking_track_add /blender/source/blender/blenkernel/intern/tracking.c:565
#3 0x1e80973 in add_marker /blender/source/blender/editors/space_clip/tracking_ops.c:83
#4 0x1e80c24 in add_marker_exec /blender/source/blender/editors/space_clip/tracking_ops.c:102
#5 0x1e80ee9 in add_marker_invoke /blender/source/blender/editors/space_clip/tracking_ops.c:129
#6 0x1af6b14 in wm_macro_invoke_internal /blender/source/blender/windowmanager/intern/wm_operator_type.c:362
#7 0x1af6dfd in wm_macro_invoke /blender/source/blender/windowmanager/intern/wm_operator_type.c:385
#8 0x1ab842d in wm_operator_invoke /blender/source/blender/windowmanager/intern/wm_event_system.c:1327
#9 0x1abc620 in wm_handler_operator_call /blender/source/blender/windowmanager/intern/wm_event_system.c:2045
#10 0x1abe1cb in wm_handlers_do_intern /blender/source/blender/windowmanager/intern/wm_event_system.c:2347
#11 0x1abfcad in wm_handlers_do /blender/source/blender/windowmanager/intern/wm_event_system.c:2607
#12 0x1ac315f in wm_event_do_handlers /blender/source/blender/windowmanager/intern/wm_event_system.c:3082
#13 0x1aa8063 in WM_main /blender/source/blender/windowmanager/intern/wm.c:427
#14 0x1a9d821 in main /blender/source/creator/creator.c:521
#15 0x7f88242f3412 in __libc_start_main (/lib64/libc.so.6+0x24412)
SUMMARY: AddressSanitizer: heap-use-after-free /blender/source/blender/editors/space_clip/clip_dopesheet_draw.c:63 in track_channel_color
Shadow bytes around the buggy address:
0x0c22801512c0: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa
0x0c22801512d0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c22801512e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c22801512f0: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2280151300: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c2280151310: fd fd fd fd[fd]fd fd fd fd fd fd fa fa fa fa fa
0x0c2280151320: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c2280151330: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2280151340: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2280151350: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2280151360: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==10367==ABORTING