Spoiler:This happens with Square1 episode 2.Code: Select all
================================================================= ==28554==ERROR: AddressSanitizer: heap-use-after-free on address 0x6160008d8598 at pc 0x555556f2a223 bp 0x7fffffffc690 sp 0x7fffffffc680 READ of size 4 at 0x6160008d8598 thread T0 #0 0x555556f2a222 in FResourceLump::ReleaseCache() /home/edward-san/zdoom/gzdoom/trunk/src/resourcefiles/resourcefile.cpp:261 #1 0x555556f2d5ab in FLumpReader::~FLumpReader() /home/edward-san/zdoom/gzdoom/trunk/src/resourcefiles/resourcefile.cpp:65 #2 0x555556f2d5d3 in FLumpReader::~FLumpReader() /home/edward-san/zdoom/gzdoom/trunk/src/resourcefiles/resourcefile.cpp:66 #3 0x555555ddbd79 in FileReader::Close() /home/edward-san/zdoom/gzdoom/trunk/src/./files.h:161 #4 0x555555ddbcd1 in FileReader::~FileReader() /home/edward-san/zdoom/gzdoom/trunk/src/./files.h:151 #5 0x5555566f65dd in MapData::MapLump::~MapLump() /home/edward-san/zdoom/gzdoom/trunk/src/p_setup.h:39 #6 0x5555566f670d in MapData::~MapData() /home/edward-san/zdoom/gzdoom/trunk/src/p_setup.h:54 #7 0x555556b8ca8b in P_CheckMapData(char const*) /home/edward-san/zdoom/gzdoom/trunk/src/p_setup.cpp:499 #8 0x555556727521 in D_DoAdvanceDemo() /home/edward-san/zdoom/gzdoom/trunk/src/d_main.cpp:1262 #9 0x55555673dc01 in TryRunTics() /home/edward-san/zdoom/gzdoom/trunk/src/d_net.cpp:1942 #10 0x555556726659 in D_DoomLoop() /home/edward-san/zdoom/gzdoom/trunk/src/d_main.cpp:1027 #11 0x55555672ef67 in D_DoomMain() /home/edward-san/zdoom/gzdoom/trunk/src/d_main.cpp:2716 #12 0x555555c5405f in main /home/edward-san/zdoom/gzdoom/trunk/src/posix/sdl/i_main.cpp:258 #13 0x7ffff4d8782f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #14 0x555555c431a8 in _start (/home/edward-san/zdoom/gzdoom/trunk/debug-asan/gzdoom+0x6ef1a8) 0x6160008d8598 is located 280 bytes inside of 536-byte region [0x6160008d8480,0x6160008d8698) freed by thread T0 here: #0 0x7ffff6efcbf8 in operator delete[](void*, unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe1bf8) #1 0x555556f1b94f in FWadFile::~FWadFile() /home/edward-san/zdoom/gzdoom/trunk/src/resourcefiles/file_wad.cpp:137 #2 0x555556f1b97b in FWadFile::~FWadFile() /home/edward-san/zdoom/gzdoom/trunk/src/resourcefiles/file_wad.cpp:138 #3 0x5555566f669c in MapData::~MapData() /home/edward-san/zdoom/gzdoom/trunk/src/p_setup.h:55 #4 0x555556b8ca8b in P_CheckMapData(char const*) /home/edward-san/zdoom/gzdoom/trunk/src/p_setup.cpp:499 #5 0x555556727521 in D_DoAdvanceDemo() /home/edward-san/zdoom/gzdoom/trunk/src/d_main.cpp:1262 #6 0x55555673dc01 in TryRunTics() /home/edward-san/zdoom/gzdoom/trunk/src/d_net.cpp:1942 #7 0x555556726659 in D_DoomLoop() /home/edward-san/zdoom/gzdoom/trunk/src/d_main.cpp:1027 #8 0x55555672ef67 in D_DoomMain() /home/edward-san/zdoom/gzdoom/trunk/src/d_main.cpp:2716 #9 0x555555c5405f in main /home/edward-san/zdoom/gzdoom/trunk/src/posix/sdl/i_main.cpp:258 #10 0x7ffff4d8782f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) previously allocated by thread T0 here: #0 0x7ffff6efb658 in operator new[](unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe0658) #1 0x555556f1be87 in FWadFile::Open(bool) /home/edward-san/zdoom/gzdoom/trunk/src/resourcefiles/file_wad.cpp:176 #2 0x555556f1e37c in CheckWad(char const*, FileReader&, bool) /home/edward-san/zdoom/gzdoom/trunk/src/resourcefiles/file_wad.cpp:487 #3 0x555556f2a3e7 in FResourceFile::DoOpenResourceFile(char const*, FileReader&, bool, bool) /home/edward-san/zdoom/gzdoom/trunk/src/resourcefiles/resourcefile.cpp:295 #4 0x555556f2a439 in FResourceFile::OpenResourceFile(char const*, FileReader&, bool, bool) /home/edward-san/zdoom/gzdoom/trunk/src/resourcefiles/resourcefile.cpp:303 #5 0x555556b8ba33 in P_OpenMapData(char const*, bool) /home/edward-san/zdoom/gzdoom/trunk/src/p_setup.cpp:388 #6 0x555556b8ca68 in P_CheckMapData(char const*) /home/edward-san/zdoom/gzdoom/trunk/src/p_setup.cpp:497 #7 0x555556727521 in D_DoAdvanceDemo() /home/edward-san/zdoom/gzdoom/trunk/src/d_main.cpp:1262 #8 0x55555673dc01 in TryRunTics() /home/edward-san/zdoom/gzdoom/trunk/src/d_net.cpp:1942 #9 0x555556726659 in D_DoomLoop() /home/edward-san/zdoom/gzdoom/trunk/src/d_main.cpp:1027 #10 0x55555672ef67 in D_DoomMain() /home/edward-san/zdoom/gzdoom/trunk/src/d_main.cpp:2716 #11 0x555555c5405f in main /home/edward-san/zdoom/gzdoom/trunk/src/posix/sdl/i_main.cpp:258 #12 0x7ffff4d8782f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) SUMMARY: AddressSanitizer: heap-use-after-free /home/edward-san/zdoom/gzdoom/trunk/src/resourcefiles/resourcefile.cpp:261 in FResourceLump::ReleaseCache() Shadow bytes around the buggy address: 0x0c2c80113060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2c80113070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2c80113080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2c80113090: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2c801130a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x0c2c801130b0: fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2c801130c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2c801130d0: fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2c801130e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2c801130f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2c80113100: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==28554==ABORTING
Using 64 bit Ubuntu 16.04.