xezon
commented
1 month ago SUMMARY: AddressSanitizer: heap-buffer-overflow D:\Projects\TheAssemblyArmada\Thyme\src\w3d\renderer\ddsfile.cpp:486 in DDSFileClass::Get_4x4_Block
Shadow bytes around the buggy address:
0x31205b70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x31205b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x31205b90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x31205ba0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa fa
0x31205bb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x31205bc0:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x31205bd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x31205be0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x31205bf0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x31205c00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x31205c10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Address Sanitizer Error: Heap buffer overflow case WW3D_FORMAT_DXT5: {
int offset = (src_x / 4) * 16 + ((src_y / 4) * (Get_Width(level) / 4));
unsigned dst_pixel = 0;
uint8_t *block_mem = &Get_Memory_Pointer(level)[16 * offset];
unsigned alpha0 = *(block_mem); // <--- heap-buffer-overflow here
unsigned alpha1 = *(block_mem + 1);
unsigned alphas[8];
Viewing on CBHANGAR01 objects in w3dview