-
-
Notifications
You must be signed in to change notification settings - Fork 957
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Crashes on start - malloc(): invalid next size (unsorted) #7496
Comments
This looks strange, as far as I can tell there is no way for stredup() to attempt a zero byte allocation, since it always adds 1 to the input string length. The only other possibility I can think of would be some kind of buffer overrun causing it to attempt a far too large allocation (say multiple gigabytes). There are multiple cases of stredup() in DetermineBasePaths(), do you think you can narrow it down? Lines 1053 to 1151 in b61ef7e
|
( |
The one in 1067 apparently
|
This sort of error suggests that heap corruption most likely took place before the point where the crash occurred.
|
@heirecka Have you been able to reproduce this? No one else has seen this particular crash since... |
Closing for lack of updates. Feel free to reopen if you experience this bug again or have more information. |
I seem to be having the same problem, with openttd 1.10.1 on Slackware Linux with glibc 2.30 and gcc 9.3.0. Default output: heiko@x220:~$ openttd Backtrace: (seems to point to a different point) (gdb) bt Output with address sanitizing: (points back to DetermineBasePaths) ==6870==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000006a78 at pc 0x7ff989ab881b bp 0x7ffe4b603c70 sp 0x7ffe4b603420 0x603000006a78 is located 0 bytes to the right of 24-byte region [0x603000006a60,0x603000006a78) SUMMARY: AddressSanitizer: heap-buffer-overflow (/usr/lib64/libasan.so.5+0x9881a) Hope this help, |
@newHeiko @heirecka Please check whether your distributions have this fix for the unmaintained libxdg-basedir: Possibly try compiling with |
Thanks, that did it (I'm actually the one maintaining libxdg-basedir for Slackware, so I'm doubly thankful for your note...) Heiko |
Version of OpenTTD
1.9.1, but it also happens with 1.9.0
Compiled on Linux with gcc 8.3.0 and glibc 2.29
Expected result
openttd starts fine
Actual result
malloc(): invalid next size (unsorted)
Crash encountered, generating crash log...
malloc(): invalid next size (unsorted)
zsh: abort (core dumped) openttd
Steps to reproduce
$ openttd
The text was updated successfully, but these errors were encountered: