TheZone/ScuffedMinecraft
1
0
Fork 0
Code Issues 7 Pull Requests 4 Actions Packages Projects Releases 5 Wiki Activity

Chunk Double Free #5

New Issue
Closed
opened 2024-10-05 01:57:56 +00:00 by FoxMoss · 0 comments
FoxMoss commented 2024-10-05 01:57:56 +00:00 (Migrated from github.com)
Copy Link

Consistent double free at Planet.cpp:158 it->second.~Chunk(); if you just fly for long enough.

Here's the backtrace:

#0  __pthread_kill_implementation (no_tid=0x0, signo=0x6, threadid=0x7ffff7826780) at ./nptl/pthread_kill.c:44
#1  __pthread_kill_internal (signo=0x6, threadid=0x7ffff7826780) at ./nptl/pthread_kill.c:78
#2  __GI___pthread_kill (threadid=0x7ffff7826780, signo=signo@entry=0x6) at ./nptl/pthread_kill.c:89
#3  0x00007ffff7a0c476 in __GI_raise (sig=sig@entry=0x6) at ../sysdeps/posix/raise.c:26
#4  0x00007ffff79f27f3 in __GI_abort () at ./stdlib/abort.c:79
#5  0x00007ffff7a53676 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff7ba5b77 "%s\n") at ../sysdeps/posix/libc_fatal.c:155
#6  0x00007ffff7a6acfc in malloc_printerr (str=str@entry=0x7ffff7ba8790 "double free or corruption (out)") at ./malloc/malloc.c:5664
#7  0x00007ffff7a6ce70 in _int_free (av=0x7ffff7be3c80 <main_arena>, p=0x7fffcc4093b0, have_lock=<optimized out>) at ./malloc/malloc.c:4588
#8  0x00007ffff7a6f453 in __GI___libc_free (mem=<optimized out>) at ./malloc/malloc.c:3391
#9  0x000055555557e961 in __gnu_cxx::new_allocator<unsigned int>::deallocate (this=0x555556454718, __p=0x7fffcc4093c0, __t=0x8000) at /usr/include/c++/11/ext/new_allocator.h:145
#10 0x000055555557d685 in std::allocator<unsigned int>::deallocate (__n=0x8000, __p=0x7fffcc4093c0, this=0x555556454718) at /usr/include/c++/11/bits/allocator.h:199
#11 std::allocator_traits<std::allocator<unsigned int> >::deallocate (__a=..., __p=0x7fffcc4093c0, __n=0x8000) at /usr/include/c++/11/bits/alloc_traits.h:496
#12 0x000055555557cdea in std::_Vector_base<unsigned int, std::allocator<unsigned int> >::_M_deallocate (this=0x555556454718, __p=0x7fffcc4093c0, __n=0x8000) at /usr/include/c++/11/bits/stl_vector.h:354
#13 0x000055555557c4c4 in std::_Vector_base<unsigned int, std::allocator<unsigned int> >::~_Vector_base (this=0x555556454718, __in_chrg=<optimized out>) at /usr/include/c++/11/bits/stl_vector.h:335
#14 0x000055555557c519 in std::vector<unsigned int, std::allocator<unsigned int> >::~vector (this=0x555556454718, __in_chrg=<optimized out>) at /usr/include/c++/11/bits/stl_vector.h:683
#15 0x0000555555578af3 in Chunk::~Chunk (this=0x555556454718, __in_chrg=<optimized out>) at /home/foxmoss/Projects/ScuffedMinecraft/ScuffedMinecraft/src/Chunk.cpp:32
#16 0x0000555555588998 in std::pair<std::tuple<int, int, int> const, Chunk>::~pair (this=0x555556454708, __in_chrg=<optimized out>) at /usr/include/c++/11/bits/stl_pair.h:211
#17 0x00005555555889b7 in std::destroy_at<std::pair<std::tuple<int, int, int> const, Chunk> > (__location=0x555556454708) at /usr/include/c++/11/bits/stl_construct.h:88
#18 0x0000555555587dc0 in std::allocator_traits<std::allocator<std::__detail::_Hash_node<std::pair<std::tuple<int, int, int> const, Chunk>, true> > >::destroy<std::pair<std::tuple<int, int, int> const, Chunk> > (__a=..., __p=0x555556454708) at /usr/include/c++/11/bits/alloc_traits.h:537
#19 0x0000555555586e51 in std::__detail::_Hashtable_alloc<std::allocator<std::__detail::_Hash_node<std::pair<std::tuple<int, int, int> const, Chunk>, true> > >::_M_deallocate_node (this=0x555556448048, __n=0x555556454700) at /usr/include/c++/11/bits/hashtable_policy.h:1894
#20 0x0000555555587d4f in std::_Hashtable<std::tuple<int, int, int>, std::pair<std::tuple<int, int, int> const, Chunk>, std::allocator<std::pair<std::tuple<int, int, int> const, Chunk> >, std::__detail::_Select1st, std::equal_to<std::tuple<int, int, int> >, std::hash<std::tuple<int, int, int> >, std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash, std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits<true, false, true> >::_M_erase (this=0x555556448048, __bkt=0x38, __prev_n=0x55555649e440, __n=0x555556454700) at /usr/include/c++/11/bits/hashtable.h:2183
#21 0x0000555555586dfa in std::_Hashtable<std::tuple<int, int, int>, std::pair<std::tuple<int, int, int> const, Chunk>, std::allocator<std::pair<std::tuple<int, int, int> const, Chunk> >, std::__detail::_Select1st, std::equal_to<std::tuple<int, int, int> >, std::hash<std::tuple<int, int, int> >, std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash, std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits<true, false, true> >::erase (this=0x555556448048, __it=...) at /usr/include/c++/11/bits/hashtable.h:2158
#22 0x00005555555862ad in std::_Hashtable<std::tuple<int, int, int>, std::pair<std::tuple<int, int, int> const, Chunk>, std::allocator<std::pair<std::tuple<int, int, int> const, Chunk> >, std::__detail::_Select1st, std::equal_to<std::tuple<int, int, int> >, std::hash<std::tuple<int, int, int> >, std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash, std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits<true, false, true> >::erase (this=0x555556448048, __it=...) at /usr/include/c++/11/bits/hashtable.h:934
#23 0x0000555555585a85 in std::unordered_map<std::tuple<int, int, int>, Chunk, std::hash<std::tuple<int, int, int> >, std::equal_to<std::tuple<int, int, int> >, std::allocator<std::pair<std::tuple<int, int, int> const, Chunk> > >::erase (this=0x555556448048, __position=...) at /usr/include/c++/11/bits/unordered_map.h:746
#24 0x0000555555584e89 in Planet::Update (this=0x555556448040, camX=-14.343749, camY=16.1805096, camZ=-96.017952, modelLoc=0x1) at /home/foxmoss/Projects/ScuffedMinecraft/ScuffedMinecraft/src/Planet.cpp:158
#25 0x0000555555576e51 in main () at /home/foxmoss/Projects/ScuffedMinecraft/ScuffedMinecraft/src/Application.cpp:184
Consistent double free at Planet.cpp:158 `it->second.~Chunk();` if you just fly for long enough. Here's the backtrace: ``` #0 __pthread_kill_implementation (no_tid=0x0, signo=0x6, threadid=0x7ffff7826780) at ./nptl/pthread_kill.c:44 #1 __pthread_kill_internal (signo=0x6, threadid=0x7ffff7826780) at ./nptl/pthread_kill.c:78 #2 __GI___pthread_kill (threadid=0x7ffff7826780, signo=signo@entry=0x6) at ./nptl/pthread_kill.c:89 #3 0x00007ffff7a0c476 in __GI_raise (sig=sig@entry=0x6) at ../sysdeps/posix/raise.c:26 #4 0x00007ffff79f27f3 in __GI_abort () at ./stdlib/abort.c:79 #5 0x00007ffff7a53676 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff7ba5b77 "%s\n") at ../sysdeps/posix/libc_fatal.c:155 #6 0x00007ffff7a6acfc in malloc_printerr (str=str@entry=0x7ffff7ba8790 "double free or corruption (out)") at ./malloc/malloc.c:5664 #7 0x00007ffff7a6ce70 in _int_free (av=0x7ffff7be3c80 <main_arena>, p=0x7fffcc4093b0, have_lock=<optimized out>) at ./malloc/malloc.c:4588 #8 0x00007ffff7a6f453 in __GI___libc_free (mem=<optimized out>) at ./malloc/malloc.c:3391 #9 0x000055555557e961 in __gnu_cxx::new_allocator<unsigned int>::deallocate (this=0x555556454718, __p=0x7fffcc4093c0, __t=0x8000) at /usr/include/c++/11/ext/new_allocator.h:145 #10 0x000055555557d685 in std::allocator<unsigned int>::deallocate (__n=0x8000, __p=0x7fffcc4093c0, this=0x555556454718) at /usr/include/c++/11/bits/allocator.h:199 #11 std::allocator_traits<std::allocator<unsigned int> >::deallocate (__a=..., __p=0x7fffcc4093c0, __n=0x8000) at /usr/include/c++/11/bits/alloc_traits.h:496 #12 0x000055555557cdea in std::_Vector_base<unsigned int, std::allocator<unsigned int> >::_M_deallocate (this=0x555556454718, __p=0x7fffcc4093c0, __n=0x8000) at /usr/include/c++/11/bits/stl_vector.h:354 #13 0x000055555557c4c4 in std::_Vector_base<unsigned int, std::allocator<unsigned int> >::~_Vector_base (this=0x555556454718, __in_chrg=<optimized out>) at /usr/include/c++/11/bits/stl_vector.h:335 #14 0x000055555557c519 in std::vector<unsigned int, std::allocator<unsigned int> >::~vector (this=0x555556454718, __in_chrg=<optimized out>) at /usr/include/c++/11/bits/stl_vector.h:683 #15 0x0000555555578af3 in Chunk::~Chunk (this=0x555556454718, __in_chrg=<optimized out>) at /home/foxmoss/Projects/ScuffedMinecraft/ScuffedMinecraft/src/Chunk.cpp:32 #16 0x0000555555588998 in std::pair<std::tuple<int, int, int> const, Chunk>::~pair (this=0x555556454708, __in_chrg=<optimized out>) at /usr/include/c++/11/bits/stl_pair.h:211 #17 0x00005555555889b7 in std::destroy_at<std::pair<std::tuple<int, int, int> const, Chunk> > (__location=0x555556454708) at /usr/include/c++/11/bits/stl_construct.h:88 #18 0x0000555555587dc0 in std::allocator_traits<std::allocator<std::__detail::_Hash_node<std::pair<std::tuple<int, int, int> const, Chunk>, true> > >::destroy<std::pair<std::tuple<int, int, int> const, Chunk> > (__a=..., __p=0x555556454708) at /usr/include/c++/11/bits/alloc_traits.h:537 #19 0x0000555555586e51 in std::__detail::_Hashtable_alloc<std::allocator<std::__detail::_Hash_node<std::pair<std::tuple<int, int, int> const, Chunk>, true> > >::_M_deallocate_node (this=0x555556448048, __n=0x555556454700) at /usr/include/c++/11/bits/hashtable_policy.h:1894 #20 0x0000555555587d4f in std::_Hashtable<std::tuple<int, int, int>, std::pair<std::tuple<int, int, int> const, Chunk>, std::allocator<std::pair<std::tuple<int, int, int> const, Chunk> >, std::__detail::_Select1st, std::equal_to<std::tuple<int, int, int> >, std::hash<std::tuple<int, int, int> >, std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash, std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits<true, false, true> >::_M_erase (this=0x555556448048, __bkt=0x38, __prev_n=0x55555649e440, __n=0x555556454700) at /usr/include/c++/11/bits/hashtable.h:2183 #21 0x0000555555586dfa in std::_Hashtable<std::tuple<int, int, int>, std::pair<std::tuple<int, int, int> const, Chunk>, std::allocator<std::pair<std::tuple<int, int, int> const, Chunk> >, std::__detail::_Select1st, std::equal_to<std::tuple<int, int, int> >, std::hash<std::tuple<int, int, int> >, std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash, std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits<true, false, true> >::erase (this=0x555556448048, __it=...) at /usr/include/c++/11/bits/hashtable.h:2158 #22 0x00005555555862ad in std::_Hashtable<std::tuple<int, int, int>, std::pair<std::tuple<int, int, int> const, Chunk>, std::allocator<std::pair<std::tuple<int, int, int> const, Chunk> >, std::__detail::_Select1st, std::equal_to<std::tuple<int, int, int> >, std::hash<std::tuple<int, int, int> >, std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash, std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits<true, false, true> >::erase (this=0x555556448048, __it=...) at /usr/include/c++/11/bits/hashtable.h:934 #23 0x0000555555585a85 in std::unordered_map<std::tuple<int, int, int>, Chunk, std::hash<std::tuple<int, int, int> >, std::equal_to<std::tuple<int, int, int> >, std::allocator<std::pair<std::tuple<int, int, int> const, Chunk> > >::erase (this=0x555556448048, __position=...) at /usr/include/c++/11/bits/unordered_map.h:746 #24 0x0000555555584e89 in Planet::Update (this=0x555556448040, camX=-14.343749, camY=16.1805096, camZ=-96.017952, modelLoc=0x1) at /home/foxmoss/Projects/ScuffedMinecraft/ScuffedMinecraft/src/Planet.cpp:158 #25 0x0000555555576e51 in main () at /home/foxmoss/Projects/ScuffedMinecraft/ScuffedMinecraft/src/Application.cpp:184 ```
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels   
bug

Something isn't working

  
documentation

Improvements or additions to documentation

  
duplicate

This issue or pull request already exists

  
enhancement

New feature or request

  
good first issue

Good for newcomers

  
help wanted

Extra attention is needed

  
invalid

This doesn't seem right

  
question

Further information is requested

  
wontfix

This will not be worked on

No Label
bug
documentation
duplicate
enhancement
good first issue
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: TheZone/ScuffedMinecraft#5
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?