Possible issues picked up by address sanitizer

[drojf]

I'll use this thread to record some issues picked up by address sanitizer - but please note that not all of them will definitely cause crashes during normal gameplay.

Some of them might also be due to doing strange things in the script, so might not need to be fixed as normally they don't happen.

[drojf]

Access violation when text overflows bottom of the screen

When you draw too much text on the screen, once it overflows past the bottom of the screen. I don't think this causes a crash without asan though.

Test Case:
I only tested the Umineko Answer script in ADV mode. It's easier to overflow text here as there are only 5 lines of text before it passes the bottom of the screen.

langen:^"Example Text^@
langen:^"Example Text^@
langen:^"Example Text^@
langen:^"Example Text^@
langen:^"Example Text^@
langen:^"Example Text^@
langen:^"Example Text^@
langen:^"Example Text^@
langen:^"Example Text^@
langen:^"Example Text^@
langen:^"Example Text^@
langen:^"Example Text^@
langen:^"Example Text^@
langen:^"Example Text^@
langen:^"Example Text^@
langen:^"Example Text^@
langen:^"Example Text^@

asan otuput:

=================================================================
==17668==ERROR: AddressSanitizer: access-violation on unknown address 0x143f62d8 (pc 0x779288f3 bp 0x017db02c sp 0x017db024 T0)
==17668==The signal is caused by a WRITE memory access.
    #0 0x779288f2  (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2f88f2)
    #1 0x5963c3ff in __asan_wrap_memcpy (E:\Steam\steamapps\common\Umineko Chiru Modded\libclang_rt.asan_dynamic-i386.dll+0x1002c3ff)
    #2 0x3f355b in D3D_UpdateTextureRep /Users/slouken/release/SDL/SDL2-2.0.4-source/foo-x86/../src/render/direct3d/SDL_render_d3d.c:934
    #3 0x3f38c2 in D3D_UpdateTexture /Users/slouken/release/SDL/SDL2-2.0.4-source/foo-x86/../src/render/direct3d/SDL_render_d3d.c:1035
    #4 0x1c7bcd in _ZN16PonscripterLabel11flushDirectER8SDL_Rectib C:\drojf\large_projects\umineko\ponscripter-build-script\ponscripter-fork\src/PonscripterLabel.cpp:1491:8
    #5 0x2507ab in _ZN16PonscripterLabel8drawCharEPKcP8FontinfobbP11SDL_SurfaceP13AnimationInfoP8SDL_Rect C:\drojf\large_projects\umineko\ponscripter-build-script\ponscripter-fork\src/PonscripterLabel_text.cpp:180:11
    #6 0x25864a in _ZN16PonscripterLabel11processTextEv C:\drojf\large_projects\umineko\ponscripter-build-script\ponscripter-fork\src/PonscripterLabel_text.cpp:731:9
    #7 0x2549a1 in _ZN16PonscripterLabel11textCommandEv C:\drojf\large_projects\umineko\ponscripter-build-script\ponscripter-fork\src/PonscripterLabel_text.cpp:496:11
    #8 0x1ced69 in _ZN16PonscripterLabel9parseLineEv C:\drojf\large_projects\umineko\ponscripter-build-script\ponscripter-fork\src/PonscripterLabel.cpp:1835:11
    #9 0x1cc900 in _ZN16PonscripterLabel12executeLabelEv C:\drojf\large_projects\umineko\ponscripter-build-script\ponscripter-fork\src/PonscripterLabel.cpp:1682:45
    #10 0x27b7c7 in _ZN16PonscripterLabel10timerEventEv C:\drojf\large_projects\umineko\ponscripter-build-script\ponscripter-fork\src/PonscripterLabel_event.cpp:1182:13
    #11 0x27dda6 in _ZN16PonscripterLabel9eventLoopEv C:\drojf\large_projects\umineko\ponscripter-build-script\ponscripter-fork\src/PonscripterLabel_event.cpp:1403:25
    #12 0x111717 in SDL_main C:\drojf\large_projects\umineko\ponscripter-build-script\ponscripter-fork\src/Ponscripter.cpp:412:9
    #13 0x353021 in console_main C:\drojf\large_projects\umineko\ponscripter-build-script\ponscripter-fork\src/SDL_win32_main.c:234:14
    #14 0x35321f in WinMain C:\drojf\large_projects\umineko\ponscripter-build-script\ponscripter-fork\src/SDL_win32_main.c:387:5
    #15 0x35d2e6 in main C:/_/M/mingw-w64-crt-git/src/mingw-w64/mingw-w64-crt/crt/crt0_c.c:18:16
    #16 0x111388 in __tmainCRTStartup C:/_/M/mingw-w64-crt-git/src/mingw-w64/mingw-w64-crt/crt/crtexe.c:321:15
    #17 0x761ffa28  (C:\WINDOWS\System32\KERNEL32.DLL+0x6b81fa28)
    #18 0x77917a7d  (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2e7a7d)
    #19 0x77917a4d  (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2e7a4d)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: access-violation (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2f88f2) 
==17668==ABORTING

[drojf]

Access violation when skipping (clang .exe only?)

Note: if debugging this issue, may be worth doing some testing by modfying the script to see what circumstances when pressing CTRL cause crash - looks to be the _ld function from game log output.

Firstly, note that this exe links to SDL version 2.0.4 which is different from the one that comes with the game, SDL 2.0.3.

While I knew the game crashes more often when skipping using the CTRL key, it seems to be much worse on the clang builds.
I actually can't reproduce it on the normal .exe (the one that comes with the game that we've edited).

It seems to happen if you skip while the _ld operation is taking place (or just before/after).

Here's the asan output from the crash logs (full log below):

=================================================================
==6632==ERROR: AddressSanitizer: access-violation on unknown address 0x146ec000 (pc 0x77db88f3 bp 0x01d5aeec sp 0x01d5aee4 T0)
==6632==The signal is caused by a WRITE memory access.
    #0 0x77db88f2  (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2f88f2)
    #1 0x6009c3ff in __asan_wrap_memcpy (E:\Steam\steamapps\common\Umineko Chiru Modded\libclang_rt.asan_dynamic-i386.dll+0x1002c3ff)
    #2 0x6551db in D3D_UpdateTextureRep /Users/slouken/release/SDL/SDL2-2.0.4-source/foo-x86/../src/render/direct3d/SDL_render_d3d.c:934
    #3 0x655542 in D3D_UpdateTexture /Users/slouken/release/SDL/SDL2-2.0.4-source/foo-x86/../src/render/direct3d/SDL_render_d3d.c:1035
    #4 0x427bcd in _ZN16PonscripterLabel11flushDirectER8SDL_Rectib D:\a\ponscripter-fork\ponscripter-fork\src/PonscripterLabel.cpp:1491:8
    #5 0x4270d2 in _ZN16PonscripterLabel5flushEiP8SDL_Rectbb D:\a\ponscripter-fork\ponscripter-fork\src/PonscripterLabel.cpp:1470:17
    #6 0x4c2879 in _ZN16PonscripterLabel8doEffectERN12ScriptParser6EffectEb D:\a\ponscripter-fork\ponscripter-fork\src/PonscripterLabel_effect.cpp:413:13
    #7 0x46f198 in _ZN16PonscripterLabel9ldCommandERKN7Bstrlib8CBStringE D:\a\ponscripter-fork\ponscripter-fork\src/PonscripterLabel_command.cpp:2044:16
    #8 0x42e5af in _ZN16PonscripterLabel9parseLineEv D:\a\ponscripter-fork\ponscripter-fork\src/PonscripterLabel.cpp:1804:20
    #9 0x4db439 in _ZN16PonscripterLabel10timerEventEv D:\a\ponscripter-fork\ponscripter-fork\src/PonscripterLabel_event.cpp:1151:47
    #10 0x4ddda6 in _ZN16PonscripterLabel9eventLoopEv D:\a\ponscripter-fork\ponscripter-fork\src/PonscripterLabel_event.cpp:1403:25
    #11 0x371717 in SDL_main D:\a\ponscripter-fork\ponscripter-fork\src/Ponscripter.cpp:412:9
    #12 0x5b3021 in console_main D:\a\ponscripter-fork\ponscripter-fork\src/SDL_win32_main.c:234:14
    #13 0x5b321f in WinMain D:\a\ponscripter-fork\ponscripter-fork\src/SDL_win32_main.c:387:5
    #14 0x5bd2e6 in main C:/_/M/mingw-w64-crt-git/src/mingw-w64/mingw-w64-crt/crt/crt0_c.c:18:16
    #15 0x371388 in __tmainCRTStartup C:/_/M/mingw-w64-crt-git/src/mingw-w64/mingw-w64-crt/crt/crtexe.c:321:15
    #16 0x7637fa28  (C:\WINDOWS\System32\KERNEL32.DLL+0x6b81fa28)
    #17 0x77da7a7d  (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2e7a7d)
    #18 0x77da7a4d  (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2e7a4d)
    #19 0x78746340  (<unknown module>)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: access-violation (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2f88f2) 
==6632==ABORTING

=================================================================
==17528==ERROR: AddressSanitizer: access-violation on unknown address 0x146f0084 (pc 0x77db88f3 bp 0x01d5a7ec sp 0x01d5a7e4 T0)
==17528==The signal is caused by a WRITE memory access.
    #0 0x77db88f2  (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2f88f2)
    #1 0x6009c3ff in __asan_wrap_memcpy (E:\Steam\steamapps\common\Umineko Chiru Modded\libclang_rt.asan_dynamic-i386.dll+0x1002c3ff)
    #2 0x6551db in D3D_UpdateTextureRep /Users/slouken/release/SDL/SDL2-2.0.4-source/foo-x86/../src/render/direct3d/SDL_render_d3d.c:934
    #3 0x655542 in D3D_UpdateTexture /Users/slouken/release/SDL/SDL2-2.0.4-source/foo-x86/../src/render/direct3d/SDL_render_d3d.c:1035
    #4 0x427bcd in _ZN16PonscripterLabel11flushDirectER8SDL_Rectib D:\a\ponscripter-fork\ponscripter-fork\src/PonscripterLabel.cpp:1491:8
    #5 0x426fa6 in _ZN16PonscripterLabel5flushEiP8SDL_Rectbb D:\a\ponscripter-fork\ponscripter-fork\src/PonscripterLabel.cpp:1463:17
    #6 0x4c2879 in _ZN16PonscripterLabel8doEffectERN12ScriptParser6EffectEb D:\a\ponscripter-fork\ponscripter-fork\src/PonscripterLabel_effect.cpp:413:13
    #7 0x46f198 in _ZN16PonscripterLabel9ldCommandERKN7Bstrlib8CBStringE D:\a\ponscripter-fork\ponscripter-fork\src/PonscripterLabel_command.cpp:2044:16
    #8 0x42e5af in _ZN16PonscripterLabel9parseLineEv D:\a\ponscripter-fork\ponscripter-fork\src/PonscripterLabel.cpp:1804:20
    #9 0x4db439 in _ZN16PonscripterLabel10timerEventEv D:\a\ponscripter-fork\ponscripter-fork\src/PonscripterLabel_event.cpp:1151:47
    #10 0x4ddda6 in _ZN16PonscripterLabel9eventLoopEv D:\a\ponscripter-fork\ponscripter-fork\src/PonscripterLabel_event.cpp:1403:25
    #11 0x371717 in SDL_main D:\a\ponscripter-fork\ponscripter-fork\src/Ponscripter.cpp:412:9
    #12 0x5b3021 in console_main D:\a\ponscripter-fork\ponscripter-fork\src/SDL_win32_main.c:234:14
    #13 0x5b321f in WinMain D:\a\ponscripter-fork\ponscripter-fork\src/SDL_win32_main.c:387:5
    #14 0x5bd2e6 in main C:/_/M/mingw-w64-crt-git/src/mingw-w64/mingw-w64-crt/crt/crt0_c.c:18:16
    #15 0x371388 in __tmainCRTStartup C:/_/M/mingw-w64-crt-git/src/mingw-w64/mingw-w64-crt/crt/crtexe.c:321:15
    #16 0x7637fa28  (C:\WINDOWS\System32\KERNEL32.DLL+0x6b81fa28)
    #17 0x77da7a7d  (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2e7a7d)
    #18 0x77da7a4d  (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2e7a4d)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: access-violation (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2f88f2) 
==17528==ABORTING

The full stdout and sterr are here: stdout_20210309-215844.zip