Crash on corrupted esp
$ ./esmtool dump -p -C ../out_esp/main/crashes/id\:000000\,sig\:11\,src\:000347\,time\:2449180359\,execs\:193686974\,op\:havoc\,rep\:4
Using default (English) font encoding.
Loading TES4 file: "../out_esp/main/crashes/id:000000,sig:11,src:000347,time:2449180359,execs:193686974,op:havoc,rep:4"
Author:
Description:
File format version: 32612
AddressSanitizer:DEADLYSIGNAL
=================================================================
==725767==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x55c8e6cf2547 bp 0x7ffda2902ed0 sp 0x7ffda2902da0 T0)
==725767==The signal is caused by a WRITE memory access.
==725767==Hint: address points to the zero page.
#0 0x55c8e6cf2547 in std::char_traits<char>::assign(char&, char const&) /usr/lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/char_traits.h:354:7
#1 0x55c8e6cf2547 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_set_length(unsigned long) /usr/lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/basic_string.h:268:2
#2 0x55c8e6cf2547 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::clear() /usr/lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/basic_string.h:1175:9
#3 0x55c8e6cf2547 in ESM4::Reader::getStringImpl(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&, unsigned long, std::istream&, bool) /home/jvoisin/dev/openmw/components/esm4/reader.cpp:846:13
#4 0x55c8e6c99f9e in ESM4::Race::load(ESM4::Reader&) /home/jvoisin/dev/openmw/components/esm4/reader.hpp
#5 0x55c8e69e4431 in void EsmTool::(anonymous namespace)::readTypedRecord<ESM4::Race>(EsmTool::(anonymous namespace)::Params const&, ESM4::Reader&) /home/jvoisin/dev/openmw/apps/esmtool/tes4.cpp:112:19
#6 0x55c8e69e4431 in EsmTool::(anonymous namespace)::readRecord(EsmTool::(anonymous namespace)::Params const&, ESM4::Reader&) /home/jvoisin/dev/openmw/apps/esmtool/tes4.cpp:422:21
#7 0x55c8e69e4431 in EsmTool::loadTes4(EsmTool::Arguments const&, std::unique_ptr<std::basic_ifstream<char, std::char_traits<char> >, std::default_delete<std::basic_ifstream<char, std::char_traits<char> > > >&&)::$_1::operator()(ESM4::Reader&) const /home/jvoisin/dev/openmw/apps/esmtool/tes4.cpp:546:72
#8 0x55c8e69de297 in void ESM4::ReaderUtils::readRecord<EsmTool::loadTes4(EsmTool::Arguments const&, std::unique_ptr<std::basic_ifstream<char, std::char_traits<char> >, std::default_delete<std::basic_ifstream<char, std::char_traits<char> > > >&&)::$_1&>(ESM4::Reader&, EsmTool::loadTes4(EsmTool::Arguments const&, std::unique_ptr<std::basic_ifstream<char, std::char_traits<char> >, std::default_delete<std::basic_ifstream<char, std::char_traits<char> > > >&&)::$_1&) /home/jvoisin/dev/openmw/./components/esm4/readerutils.hpp:31:18
#9 0x55c8e69de297 in bool ESM4::ReaderUtils::readItem<EsmTool::loadTes4(EsmTool::Arguments const&, std::unique_ptr<std::basic_ifstream<char, std::char_traits<char> >, std::default_delete<std::basic_ifstream<char, std::char_traits<char> > > >&&)::$_1&, EsmTool::loadTes4(EsmTool::Arguments const&, std::unique_ptr<std::basic_ifstream<char, std::char_traits<char> >, std::default_delete<std::basic_ifstream<char, std::char_traits<char> > > >&&)::$_2&>(ESM4::Reader&, EsmTool::loadTes4(EsmTool::Arguments const&, std::unique_ptr<std::basic_ifstream<char, std::char_traits<char> >, std::default_delete<std::basic_ifstream<char, std::char_traits<char> > > >&&)::$_1&, EsmTool::loadTes4(EsmTool::Arguments const&, std::unique_ptr<std::basic_ifstream<char, std::char_traits<char> >, std::default_delete<std::basic_ifstream<char, std::char_traits<char> > > >&&)::$_2&) /home/jvoisin/dev/openmw/./components/esm4/readerutils.hpp:80:13
#10 0x55c8e69db535 in void ESM4::ReaderUtils::readAll<EsmTool::loadTes4(EsmTool::Arguments const&, std::unique_ptr<std::basic_ifstream<char, std::char_traits<char> >, std::default_delete<std::basic_ifstream<char, std::char_traits<char> > > >&&)::$_1&, EsmTool::loadTes4(EsmTool::Arguments const&, std::unique_ptr<std::basic_ifstream<char, std::char_traits<char> >, std::default_delete<std::basic_ifstream<char, std::char_traits<char> > > >&&)::$_2&>(ESM4::Reader&, EsmTool::loadTes4(EsmTool::Arguments const&, std::unique_ptr<std::basic_ifstream<char, std::char_traits<char> >, std::default_delete<std::basic_ifstream<char, std::char_traits<char> > > >&&)::$_1&, EsmTool::loadTes4(EsmTool::Arguments const&, std::unique_ptr<std::basic_ifstream<char, std::char_traits<char> >, std::default_delete<std::basic_ifstream<char, std::char_traits<char> > > >&&)::$_2&) /home/jvoisin/dev/openmw/./components/esm4/readerutils.hpp:23:22
#11 0x55c8e69db535 in EsmTool::loadTes4(EsmTool::Arguments const&, std::unique_ptr<std::basic_ifstream<char, std::char_traits<char> >, std::default_delete<std::basic_ifstream<char, std::char_traits<char> > > >&&) /home/jvoisin/dev/openmw/apps/esmtool/tes4.cpp:554:13
#12 0x55c8e689f8ef in (anonymous namespace)::load(EsmTool::Arguments const&, (anonymous namespace)::ESMData*) /home/jvoisin/dev/openmw/apps/esmtool/esmtool.cpp:460:24
#13 0x55c8e687c5a2 in main /home/jvoisin/dev/openmw/apps/esmtool/esmtool.cpp:202:20
#14 0x7f64c9e46189 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#15 0x7f64c9e46244 in __libc_start_main csu/../csu/libc-start.c:381:3
#16 0x55c8e6798ad0 in _start (/home/jvoisin/dev/openmw/build/esmtool+0x137ad0) (BuildId: bc95e3ff5d619594)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /usr/lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/char_traits.h:354:7 in std::char_traits<char>::assign(char&, char const&)
==725767==ABORTING
$
$ cat ../out_esp/main/crashes/id\:000000\,sig\:11\,src\:000347\,time\:2449180359\,execs\:193686974\,op\:havoc\,rep\:4 | base64
VEVTNAAAAAAwMDAwMDAwMDAwMDAwMDAwUkFDRTAwMDAwMDAwMDAwMDAwMDAwMDAwREFUQSQAbTBN
MEUwgTBTMDAwaTAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwTkFNMDAwTkFNMDAwREFUQSQAYTAwMDAi
gTBTMP8waTAwMDAwMDAwMERBVEEwMDAwMDAwMDAwTU9ETDMAMDAwMDAwMDAwMDAwMDAwMDAwMDAw
MDAwMDAwLzBNT0QwMDAw
$
Looks like a null-ptr-dereference