AddressSanitizer + CHD cause hard crash when Cheevos are enabled

[negativeExponent]

First and foremost consider this:

• Only RetroArch bugs should be filed here. Not core bugs or game bugs
• This is not a forum or a help section, this is strictly developer oriented

Description

Cheevos enabled causes hard crash when RetroArch and related core is compiled with -fsanitizer when running CHD disks.

Expected behavior

no crash at least.

Actual behavior

as stated in the Descriptions, when cheevos is enabled this can cause crash. Disabling cheevos runs normally.

Steps to reproduce the bug

preparation:

• compile RetroArch with -fsanitize=address,undefined
• compile CHD-capable core with the same compiler flags (i tested with PCE/PCE Fast/SuperGrafx/PCSX_reARMed, with the same error log).

1. run RA
2. enable RetroAchievements
3. load CHD file using any core stated above that has been compiled with -fsanitze
4. this should crash.

log: https://hastebin.com/isohikudut.sql

Bisect Results

[Try to bisect and tell us when this started happening]

Version/Commit

You can find this information under Information/System Information

• RetroArch: [ 1.8.1 / a88e6f4e1f ]

Environment information

• OS: linux-arch
• Compiler: 9.2.0

[Jamiras]

As best as I can tell from the attached log, the problem is in libchdr, which just happens to be getting called via the cheevos code to identify the game:

There's a lot of alignment warnings, then a heap-use-after-free error.

The read stack is through line 241 of libchdr_lzma, the use stack is through line 242: https://github.com/libretro/RetroArch/blob/a88e6f4e1f7342af83bff3182f9b29ed0fb4b6ea/libretro-common/formats/libchdr/libchdr_lzma.c#L241-L242

Maybe swapping the order will fix the problem?

It looks like that error is causing the AddressSanitizer to abort, which appears as the crash.

[negativeExponent]

@Jamiras Thanks for that fast reply. Swapped both lzma_allocator_free && LzmaDec_Free as suggested fixed the abort problem.