image kommentoitu 3 vuotta sitten
```
==436==ERROR: AddressSanitizer: heap-use-after-free on address 0x61a019b08ee3 at pc 0x55555663027a bp 0x7fffd8685080 sp 0x7fffd8685078
READ of size 4 at 0x61a019b08ee3 thread T23
#0 0x555556630279 in PlayerItemList::GetItemFromUniqueID(unsigned int, bool, bool) ../WorldServer/Items/Items.cpp:3716
#1 0x555555f1df65 in Client::HandleSkillInfoRequest(EQApplicationPacket*) ../WorldServer/client.cpp:2610
#2 0x555555fa8968 in Client::HandlePacket(EQApplicationPacket*) ../WorldServer/client.cpp:1747
#3 0x555555fbf848 in Client::Process(bool) ../WorldServer/client.cpp:2994
#4 0x555555a05ea0 in ZoneServer::ClientProcess() ../WorldServer/zoneserver.cpp:3183
#5 0x555555a12723 in ZoneServer::Process() ../WorldServer/zoneserver.cpp:1387
#6 0x555555a1e9c3 in ZoneLoop(void*) ../WorldServer/zoneserver.cpp:6867
#7 0x7ffff6fbcfa2 in start_thread /build/glibc-vjB4T1/glibc-2.28/nptl/pthread_create.c:486
#8 0x7ffff68274ce in clone (/lib/x86_64-linux-gnu/libc.so.6+0xf94ce)
0x61a019b08ee3 is located 1123 bytes inside of 1184-byte region [0x61a019b08a80,0x61a019b08f20)
freed by thread T23 here:
#0 0x7ffff72e0128 in operator delete(void*, unsigned long) (/lib/x86_64-linux-gnu/libasan.so.5+0xec128)
#1 0x555555f83935 in Client::BuyBack(unsigned int, unsigned short) ../WorldServer/client.cpp:6730
#2 0x5555563cb125 in Commands::Process(unsigned int, EQ2_16BitString*, Client*, Spawn*) ../WorldServer/Commands/Commands.cpp:3899
#3 0x555555fa9bf0 in Client::HandlePacket(EQApplicationPacket*) ../WorldServer/client.cpp:1814
#4 0x555555fbf848 in Client::Process(bool) ../WorldServer/client.cpp:2994
#5 0x555555a05ea0 in ZoneServer::ClientProcess() ../WorldServer/zoneserver.cpp:3183
#6 0x555555a12723 in ZoneServer::Process() ../WorldServer/zoneserver.cpp:1387
#7 0x555555a1e9c3 in ZoneLoop(void*) ../WorldServer/zoneserver.cpp:6867
#8 0x7ffff6fbcfa2 in start_thread /build/glibc-vjB4T1/glibc-2.28/nptl/pthread_create.c:486
previously allocated by thread T23 here:
#0 0x7ffff72ded30 in operator new(unsigned long) (/lib/x86_64-linux-gnu/libasan.so.5+0xead30)
#1 0x555555f83570 in Client::BuyBack(unsigned int, unsigned short) ../WorldServer/client.cpp:6687
#2 0x5555563cb125 in Commands::Process(unsigned int, EQ2_16BitString*, Client*, Spawn*) ../WorldServer/Commands/Commands.cpp:3899
#3 0x555555fa9bf0 in Client::HandlePacket(EQApplicationPacket*) ../WorldServer/client.cpp:1814
#4 0x555555fbf848 in Client::Process(bool) ../WorldServer/client.cpp:2994
#5 0x555555a05ea0 in ZoneServer::ClientProcess() ../WorldServer/zoneserver.cpp:3183
#6 0x555555a12723 in ZoneServer::Process() ../WorldServer/zoneserver.cpp:1387
#7 0x555555a1e9c3 in ZoneLoop(void*) ../WorldServer/zoneserver.cpp:6867
#8 0x7ffff6fbcfa2 in start_thread /build/glibc-vjB4T1/glibc-2.28/nptl/pthread_create.c:486
Thread T23 created by T0 here:
#0 0x7ffff7244db0 in __interceptor_pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x50db0)
#1 0x5555559df01b in ZoneServer::Init() ../WorldServer/zoneserver.cpp:308
#2 0x555555de0eb0 in ZoneList::Get(unsigned int, bool) ../WorldServer/World.cpp:595
#3 0x555555f0c850 in Client::SetCurrentZone(unsigned int) ../WorldServer/client.cpp:3346
#4 0x5555561e66c1 in WorldDatabase::loadCharacter(char const*, unsigned int, Client*) ../WorldServer/WorldDatabase.cpp:1784
#5 0x555555f9a5b4 in Client::HandleNewLogin(unsigned int, unsigned int) ../WorldServer/client.cpp:9787
#6 0x555555f9f2a4 in Client::HandlePacket(EQApplicationPacket*) ../WorldServer/client.cpp:1059
#7 0x555555fbf848 in Client::Process(bool) ../WorldServer/client.cpp:2994
#8 0x555555fc244c in ClientList::Process() ../WorldServer/client.cpp:3278
#9 0x555555c691a6 in main ../WorldServer/net.cpp:458
#10 0x7ffff675209a in __libc_start_main ../csu/libc-start.c:308
SUMMARY: AddressSanitizer: heap-use-after-free ../WorldServer/Items/Items.cpp:3716 in PlayerItemList::GetItemFromUniqueID(unsigned int, bool, bool)
Shadow bytes around the buggy address:
0x0c3483359180: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c3483359190: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c34833591a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c34833591b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c34833591c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c34833591d0: fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd
0x0c34833591e0: fd fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa
0x0c34833591f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c3483359200: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c3483359210: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c3483359220: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==436==ABORTING
```