DrinkyBird was slashed by an imp. ================================================================= ==29129==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x619000333fc8 at pc 0x555555fc63b1 bp 0x7fffffffba90 sp 0x7fffffffba80 WRITE of size 4 at 0x619000333fc8 thread T0 [New Thread 0x7ffff1ffe700 (LWP 33137)] #0 0x555555fc63b0 in APlayerPawn::Die(AActor*, AActor*, int) /home/sean/zan/zandronum-stable/src/p_user.cpp:2017 #1 0x555555e50fd0 in P_DamageMobj(AActor*, AActor*, AActor*, int, FName, int) /home/sean/zan/zandronum-stable/src/p_interaction.cpp:1767 #2 0x5555561fd61c in AF_A_TroopAttack(AActor*, AActor*, FState*, int, StateCallData*) /home/sean/zan/zandronum-stable/src/g_doom/a_doomimp.cpp:28 #3 0x555555f082c7 in FState::CallAction(AActor*, AActor*, StateCallData*) /home/sean/zan/zandronum-stable/src/./info.h:144 #4 0x555555ecc2f6 in AActor::SetState(FState*, bool) /home/sean/zan/zandronum-stable/src/p_mobj.cpp:582 #5 0x555555eeb447 in AActor::Tick() /home/sean/zan/zandronum-stable/src/p_mobj.cpp:4541 #6 0x555555bd20d8 in DThinker::TickThinkers(FThinkerList*, FThinkerList*) /home/sean/zan/zandronum-stable/src/dthinker.cpp:472 #7 0x555555bd1d7a in DThinker::RunThinkers() /home/sean/zan/zandronum-stable/src/dthinker.cpp:419 #8 0x555555f93257 in P_Ticker() /home/sean/zan/zandronum-stable/src/p_tick.cpp:415 #9 0x555555bf056b in G_Ticker() /home/sean/zan/zandronum-stable/src/g_game.cpp:1770 #10 0x55555613cb64 in SERVER_Tick() /home/sean/zan/zandronum-stable/src/sv_main.cpp:701 #11 0x555555b85c3d in D_DoomLoop() /home/sean/zan/zandronum-stable/src/d_main.cpp:1345 #12 0x555555b8e86d in D_DoomMain() /home/sean/zan/zandronum-stable/src/d_main.cpp:3287 #13 0x555555a3866c in main /home/sean/zan/zandronum-stable/src/sdl/i_main.cpp:380 #14 0x7ffff6c050b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2) #15 0x555555a2ba0d in _start (/home/sean/zan/zandronum-stable-build/zandronum-server+0x4d7a0d) 0x619000333fc8 is located 0 bytes to the right of 1096-byte region [0x619000333b80,0x619000333fc8) allocated by thread T0 here: #0 0x7ffff7687bc8 in malloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8) #1 0x555555c6d108 in M_Malloc_Dbg(unsigned long, char const*, int) /home/sean/zan/zandronum-stable/src/m_alloc.cpp:135 #2 0x555555bc7c5b in PClass::CreateNew() const /home/sean/zan/zandronum-stable/src/dobjtype.cpp:258 #3 0x555555eed02e in AActor::StaticSpawn(PClass const*, int, int, int, replace_t, bool) /home/sean/zan/zandronum-stable/src/p_mobj.cpp:4867 #4 0x555555a6aa34 in Spawn(PClass const*, int, int, int, replace_t) /home/sean/zan/zandronum-stable/src/./actor.h:1321 #5 0x555555e24155 in P_DropItem(AActor*, PClass const*, int, int) /home/sean/zan/zandronum-stable/src/p_enemy.cpp:3481 #6 0x555555fc629b in APlayerPawn::Die(AActor*, AActor*, int) /home/sean/zan/zandronum-stable/src/p_user.cpp:2012 #7 0x555555e50fd0 in P_DamageMobj(AActor*, AActor*, AActor*, int, FName, int) /home/sean/zan/zandronum-stable/src/p_interaction.cpp:1767 #8 0x5555561fd61c in AF_A_TroopAttack(AActor*, AActor*, FState*, int, StateCallData*) /home/sean/zan/zandronum-stable/src/g_doom/a_doomimp.cpp:28 #9 0x555555f082c7 in FState::CallAction(AActor*, AActor*, StateCallData*) /home/sean/zan/zandronum-stable/src/./info.h:144 #10 0x555555ecc2f6 in AActor::SetState(FState*, bool) /home/sean/zan/zandronum-stable/src/p_mobj.cpp:582 #11 0x555555eeb447 in AActor::Tick() /home/sean/zan/zandronum-stable/src/p_mobj.cpp:4541 #12 0x555555bd20d8 in DThinker::TickThinkers(FThinkerList*, FThinkerList*) /home/sean/zan/zandronum-stable/src/dthinker.cpp:472 #13 0x555555bd1d7a in DThinker::RunThinkers() /home/sean/zan/zandronum-stable/src/dthinker.cpp:419 #14 0x555555f93257 in P_Ticker() /home/sean/zan/zandronum-stable/src/p_tick.cpp:415 #15 0x555555bf056b in G_Ticker() /home/sean/zan/zandronum-stable/src/g_game.cpp:1770 #16 0x55555613cb64 in SERVER_Tick() /home/sean/zan/zandronum-stable/src/sv_main.cpp:701 #17 0x555555b85c3d in D_DoomLoop() /home/sean/zan/zandronum-stable/src/d_main.cpp:1345 #18 0x555555b8e86d in D_DoomMain() /home/sean/zan/zandronum-stable/src/d_main.cpp:3287 #19 0x555555a3866c in main /home/sean/zan/zandronum-stable/src/sdl/i_main.cpp:380 #20 0x7ffff6c050b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2) SUMMARY: AddressSanitizer: heap-buffer-overflow /home/sean/zan/zandronum-stable/src/p_user.cpp:2017 in APlayerPawn::Die(AActor*, AActor*, int) Shadow bytes around the buggy address: 0x0c328005e7a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c328005e7b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c328005e7c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c328005e7d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c328005e7e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c328005e7f0: 00 00 00 00 00 00 00 00 00[fa]fa fa fa fa fa fa 0x0c328005e800: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c328005e810: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c328005e820: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c328005e830: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c328005e840: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc [Thread 0x7ffff1ffe700 (LWP 33137) exited] [New Thread 0x7ffff17fd700 (LWP 33138)] [Thread 0x7ffff17fd700 (LWP 33138) exited] ==29129==ABORTING [Thread 0x7ffff302b840 (LWP 29134) exited] [Thread 0x7ffff27ff700 (LWP 29133) exited] --Type for more, q to quit, c to continue without paging--c [Inferior 1 (process 29129) exited with code 01]