Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Heap overflow in windows icon code #71697

Closed
jordo opened this issue Jan 19, 2023 · 1 comment
Closed

Heap overflow in windows icon code #71697

jordo opened this issue Jan 19, 2023 · 1 comment
Labels
bug platform:windows topic:porting
Milestone
3.6

Comments

@jordo
Copy link
Contributor

jordo commented Jan 19, 2023
edited
Loading

Godot version

3.X

System information

windows

Issue description

Exception thrown at 0x00007FF6FB951270 in godot.windows.opt.tools.64.s.exe: 0xE0736171: Access violation reading location 0x00000443B8510000.
=================================================================
==30072==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x11fd0fc43576 at pc 0x7ff6fb95d51c bp 0x0080bbff9dc0 sp 0x0080bbff9540
WRITE of size 16 at 0x11fd0fc43576 thread T0
    #0 0x7ff6fb95d549 in __asan_wrap_memmove D:\a\_work\1\s\src\vctools\asan\llvm\compiler-rt\lib\sanitizer_common\sanitizer_common_interceptors.inc:794
    #1 0x7ff700155dd7 in _fread_nolock_s minkernel\crts\ucrt\src\appcrt\stdio\fread.cpp:131
    #2 0x7ff700155fc8 in fread_s minkernel\crts\ucrt\src\appcrt\stdio\fread.cpp:56
    #3 0x7ff700155f2b in fread minkernel\crts\ucrt\src\appcrt\stdio\fread.cpp:239
    #4 0x7ff6fce2a167 in FileAccessWindows::get_buffer C:\Users\jordan\WINTERPIXEL\PROJECTS\upguys\godot\drivers\windows\file_access_windows.cpp:261
    #5 0x7ff6fb9236ed in OS_Windows::set_native_icon C:\Users\jordan\WINTERPIXEL\PROJECTS\upguys\godot\platform\windows\os_windows.cpp:3061
    #6 0x7ff6fb9906a4 in Main::start C:\Users\jordan\WINTERPIXEL\PROJECTS\upguys\godot\main\main.cpp:2121
    #7 0x7ff6fb8f9b17 in widechar_main C:\Users\jordan\WINTERPIXEL\PROJECTS\upguys\godot\platform\windows\godot_windows.cpp:174
    #8 0x7ff6fb8f982b in _main C:\Users\jordan\WINTERPIXEL\PROJECTS\upguys\godot\platform\windows\godot_windows.cpp:198
    #9 0x7ff6fb8f9c88 in main C:\Users\jordan\WINTERPIXEL\PROJECTS\upguys\godot\platform\windows\godot_windows.cpp:210
    #10 0x7ff70012cc53 in __scrt_common_main_seh D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288
    #11 0x7ff9f8837613 in BaseThreadInitThunk+0x13 (C:\Windows\System32\KERNEL32.DLL+0x180017613)
    #12 0x7ff9fa7026a0 in RtlUserThreadStart+0x20 (C:\Windows\SYSTEM32\ntdll.dll+0x1800526a0)

0x11fd0fc43576 is located 0 bytes to the right of 38-byte region [0x11fd0fc43550,0x11fd0fc43576)
allocated by thread T0 here:
    #0 0x7ff6fb959617 in realloc D:\a\_work\1\s\src\vctools\asan\llvm\compiler-rt\lib\asan\asan_malloc_win.cpp:144
    #1 0x7ff6ff928697 in Memory::realloc_static C:\Users\jordan\WINTERPIXEL\PROJECTS\upguys\godot\core\os\memory.cpp:149
    #2 0x7ff6fb9236a8 in OS_Windows::set_native_icon C:\Users\jordan\WINTERPIXEL\PROJECTS\upguys\godot\platform\windows\os_windows.cpp:3060
    #3 0x7ff6fb9906a4 in Main::start C:\Users\jordan\WINTERPIXEL\PROJECTS\upguys\godot\main\main.cpp:2121
    #4 0x7ff6fb8f9b17 in widechar_main C:\Users\jordan\WINTERPIXEL\PROJECTS\upguys\godot\platform\windows\godot_windows.cpp:174
    #5 0x7ff6fb8f982b in _main C:\Users\jordan\WINTERPIXEL\PROJECTS\upguys\godot\platform\windows\godot_windows.cpp:198
    #6 0x7ff6fb8f9c88 in main C:\Users\jordan\WINTERPIXEL\PROJECTS\upguys\godot\platform\windows\godot_windows.cpp:210
    #7 0x7ff70012cc53 in __scrt_common_main_seh D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288
    #8 0x7ff9f8837613 in BaseThreadInitThunk+0x13 (C:\Windows\System32\KERNEL32.DLL+0x180017613)
    #9 0x7ff9fa7026a0 in RtlUserThreadStart+0x20 (C:\Windows\SYSTEM32\ntdll.dll+0x1800526a0)

Steps to reproduce

Run godot with asan, and launch a scene from a 'tools' build without the editor argument -e.

Minimal reproduction project

Will submit a fix shortly...
@akien-mga akien-mga added this to the 3.6 milestone Jan 19, 2023
@jordo jordo mentioned this issue Jan 19, 2023
Merged
jordo added a commit to winterpixelgames/godot that referenced this issue Jan 23, 2023
@jordo
Windows: Fix heap overflow setting native icon
86945ff 
Fixes godotengine#71697.
@akien-mga
Copy link
Member

Fixed by #71699.

akien-mga pushed a commit to akien-mga/godot that referenced this issue Mar 6, 2023
@jordo @akien-mga
Windows: Fix heap overflow setting native icon
dc0f725 
Fixes godotengine#71697.

(cherry picked from commit 86945ff)
Stary2001 pushed a commit to Stary2001/godot that referenced this issue Apr 7, 2023
@jordo @Stary2001
Windows: Fix heap overflow setting native icon
8dadab4 
Fixes godotengine#71697.

(cherry picked from commit 86945ff)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug platform:windows topic:porting
Projects
None yet
Milestone
3.6
Development

No branches or pull requests
2 participants
@jordo @akien-mga