Deleting last save game for character leads to UB
Happens on 5f92d520:
Menu script to reproduce with example suite:
local menu = require('openmw.menu')
local state = 'init'
return {
engineHandlers = {
onFrame = function()
if state == 'init' then
menu.newGame()
state = 'saveGame'
return
end
if state == 'saveGame' then
state = 'done'
menu.saveGame('delete_game')
menu.deleteGame(' - 1', 'delete_game.omwsave')
menu.quit()
return
end
end,
},
}Integration test failure: https://gitlab.com/elsid/openmw/-/jobs/9348851461.
Address sanitizer report
==29165==ERROR: AddressSanitizer: heap-use-after-free on address 0x5070001905c8 at pc 0x6256befab4e5 bp 0x7ffeba85af50 sp 0x7ffeba85af40
READ of size 8 at 0x5070001905c8 thread T0
#0 0x6256befab4e4 in __gnu_cxx::__normal_iterator<MWState::Slot const*, std::vector<MWState::Slot, std::allocator<MWState::Slot> > >::__normal_iterator(MWState::Slot const* const&) /usr/include/c++/14.2.1/bits/stl_iterator.h:1068
#1 0x6256befab4e4 in std::vector<MWState::Slot, std::allocator<MWState::Slot> >::begin() const /usr/include/c++/14.2.1/bits/stl_vector.h:884
#2 0x6256befab4e4 in std::vector<MWState::Slot, std::allocator<MWState::Slot> >::rend() const /usr/include/c++/14.2.1/bits/stl_vector.h:944
#3 0x6256befab4e4 in MWState::Character::end() const /home/elsid/dev/openmw/apps/openmw/mwstate/character.cpp:178
#4 0x6256bef7b4ec in MWState::StateManager::deleteGame(MWState::Character const*, MWState::Slot const*) /home/elsid/dev/openmw/apps/openmw/mwstate/statemanagerimp.cpp:712
#5 0x6256bc049341 in operator() /home/elsid/dev/openmw/apps/openmw/mwlua/menuscripts.cpp:61
#6 0x6256bc049341 in _FUN /home/elsid/dev/openmw/apps/openmw/mwlua/menuscripts.cpp:62
#7 0x6256bc05b95c in decltype(auto) sol::wrapper<void (*)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >), void>::call<std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> > >(void (*&)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >), std::basic_string_view<char, std::char_traits<char> >&&, std::basic_string_view<char, std::char_traits<char> >&&) /home/elsid/dev/openmw/extern/sol3/sol/wrapper.hpp:70
#8 0x6256bc05b95c in decltype(auto) sol::wrapper<void (*)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >), void>::caller::operator()<std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> > >(void (*&)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >), std::basic_string_view<char, std::char_traits<char> >&&, std::basic_string_view<char, std::char_traits<char> >&&) const /home/elsid/dev/openmw/extern/sol3/sol/wrapper.hpp:76
#9 0x6256bc05b95c in eval<true, sol::argument_handler<sol::types<void, std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> > > >&, sol::wrapper<void (*)(std::basic_string_view<char>, std::basic_string_view<char>), void>::caller, void (*&)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >), std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> > > /home/elsid/dev/openmw/extern/sol3/sol/stack.hpp:146
#10 0x6256bc05b95c in eval<true, std::basic_string_view<char>, 1, sol::argument_handler<sol::types<void, std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> > > >&, sol::wrapper<void (*)(std::basic_string_view<char>, std::basic_string_view<char>), void>::caller, void (*&)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >), std::basic_string_view<char, std::char_traits<char> > > /home/elsid/dev/openmw/extern/sol3/sol/stack.hpp:169
#11 0x6256bc05b95c in eval<true, std::basic_string_view<char>, std::basic_string_view<char, std::char_traits<char> >, 0, 1, sol::argument_handler<sol::types<void, std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> > > >&, sol::wrapper<void (*)(std::basic_string_view<char>, std::basic_string_view<char>), void>::caller, void (*&)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >)> /home/elsid/dev/openmw/extern/sol3/sol/stack.hpp:169
#12 0x6256bc05b95c in decltype(auto) sol::stack::stack_detail::call<true, 0ul, 1ul, void, std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >, sol::wrapper<void (*)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >), void>::caller, void (*&)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >)>(sol::types<void>, sol::types<std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> > >, std::integer_sequence<unsigned long, 0ul, 1ul>, lua_State*, int, sol::wrapper<void (*)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >), void>::caller&&, void (*&)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >)) /home/elsid/dev/openmw/extern/sol3/sol/stack.hpp:195
#13 0x6256bc05b95c in decltype(auto) sol::stack::call<true, void, std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >, sol::wrapper<void (*)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >), void>::caller, void (*&)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >)>(sol::types<void>, sol::types<std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> > >, lua_State*, int, sol::wrapper<void (*)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >), void>::caller&&, void (*&)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >)) /home/elsid/dev/openmw/extern/sol3/sol/stack.hpp:215
#14 0x6256bc05b95c in int sol::stack::call_into_lua<true, true, void, , std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >, sol::wrapper<void (*)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >), void>::caller, void (*&)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >)>(sol::types<void>, sol::types<std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> > >, lua_State*, int, sol::wrapper<void (*)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >), void>::caller&&, void (*&)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >)) /home/elsid/dev/openmw/extern/sol3/sol/stack.hpp:257
#15 0x6256bc05b95c in int sol::call_detail::agnostic_lua_call_wrapper<void (*)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >), true, false, true, 0, true, void>::call<void (*&)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >)>(lua_State*, void (*&)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >)) /home/elsid/dev/openmw/extern/sol3/sol/call.hpp:378
#16 0x6256bc05b95c in int sol::call_detail::lua_call_wrapper<void, void (*)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >), true, false, true, 0, true, void>::call<void (*&)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >)>(lua_State*, void (*&)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >)) /home/elsid/dev/openmw/extern/sol3/sol/call.hpp:599
#17 0x6256bc05b95c in int sol::call_detail::call_wrapped<void, true, false, 0, true, true, void (*&)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >)>(lua_State*, void (*&)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >)) /home/elsid/dev/openmw/extern/sol3/sol/call.hpp:907
#18 0x6256bc05b95c in sol::function_detail::upvalue_free_function<void (*)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >)>::real_call(lua_State*) /home/elsid/dev/openmw/extern/sol3/sol/function_types_stateless.hpp:46
#19 0x6256bc058bea in sol::detail::lua_cfunction_trampoline(lua_State*, int (*)(lua_State*)) /home/elsid/dev/openmw/extern/sol3/sol/trampoline.hpp:108
#20 0x6256bc058bea in int sol::detail::static_trampoline<&sol::function_detail::upvalue_free_function<void (*)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >)>::real_call>(lua_State*) /home/elsid/dev/openmw/extern/sol3/sol/trampoline.hpp:133
#21 0x6256bc059121 in int sol::detail::typed_static_trampoline<int (*)(lua_State*), &sol::function_detail::upvalue_free_function<void (*)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >)>::real_call>(lua_State*) /home/elsid/dev/openmw/extern/sol3/sol/trampoline.hpp:200
#22 0x6256bc059121 in int sol::function_detail::upvalue_free_function<void (*)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >)>::call<false, false>(lua_State*) /home/elsid/dev/openmw/extern/sol3/sol/function_types_stateless.hpp:56
#23 0x6256bf0cfe49 in int sol::detail::trampoline<int (*&)(lua_State*)>(lua_State*, int (*&)(lua_State*)) /home/elsid/dev/openmw/extern/sol3/sol/trampoline.hpp:158
#24 0x6256bf0d03e0 in sol::detail::c_trampoline(lua_State*, int (*)(lua_State*)) /home/elsid/dev/openmw/extern/sol3/sol/trampoline.hpp:183
#25 0x72e686e8113a (/home/elsid/dev/LuaJIT/build/gcc/asan/install/lib/libluajit-5.1.so.2+0x3613a) (BuildId: 1249151684379d19b11900f406fea9704a6375cb)
#26 0x72e686eb3b23 in lua_pcall (/home/elsid/dev/LuaJIT/build/gcc/asan/install/lib/libluajit-5.1.so.2+0x68b23) (BuildId: 1249151684379d19b11900f406fea9704a6375cb)
#27 0x6256bbfdd069 in sol::call_status sol::basic_protected_function<sol::basic_reference<false>, false, sol::basic_reference<false> >::luacall<true>(long, long, sol::detail::protected_handler<true, sol::basic_reference<false> >&) const /home/elsid/dev/openmw/extern/sol3/sol/protected_function.hpp:315
#28 0x6256bbfdd069 in sol::protected_function_result sol::basic_protected_function<sol::basic_reference<false>, false, sol::basic_reference<false> >::invoke<true>(sol::types<>, std::integer_sequence<unsigned long>, long, sol::detail::protected_handler<true, sol::basic_reference<false> >&) const /home/elsid/dev/openmw/extern/sol3/sol/protected_function.hpp:346
#29 0x6256bbfe25cc in decltype(auto) sol::basic_protected_function<sol::basic_reference<false>, false, sol::basic_reference<false> >::call<, float const&>(float const&) const /home/elsid/dev/openmw/extern/sol3/sol/protected_function.hpp:229
#30 0x6256bbfe25cc in sol::protected_function_result sol::basic_protected_function<sol::basic_reference<false>, false, sol::basic_reference<false> >::operator()<float const&>(float const&) const /home/elsid/dev/openmw/extern/sol3/sol/protected_function.hpp:213
#31 0x6256bbfe25cc in sol::protected_function_result LuaUtil::call<float const&>(LuaUtil::ScriptId, sol::basic_protected_function<sol::basic_reference<false>, false, sol::basic_reference<false> > const&, float const&) /home/elsid/dev/openmw/components/lua/luastate.hpp:276
#32 0x6256bbfe34c4 in void LuaUtil::ScriptsContainer::callEngineHandlers<float>(LuaUtil::ScriptsContainer::EngineHandlerList&, float const&) /home/elsid/dev/openmw/components/lua/scriptscontainer.hpp:195
#33 0x6256bbfbe806 in MWLua::MenuScripts::onFrame(float) /home/elsid/dev/openmw/apps/openmw/mwlua/menuscripts.hpp:35
#34 0x6256bbfbe806 in MWLua::LuaManager::synchronizedUpdateUnsafe() /home/elsid/dev/openmw/apps/openmw/mwlua/luamanagerimp.cpp:277
#35 0x6256bbfc01f3 in operator() /home/elsid/dev/openmw/apps/openmw/mwlua/luamanagerimp.cpp:244
#36 0x6256bbfc01f3 in operator() /home/elsid/dev/openmw/components/lua/luastate.hpp:96
#37 0x6256bbfc01f3 in _FUN /home/elsid/dev/openmw/components/lua/luastate.hpp:96
#38 0x6256bf0cfe49 in int sol::detail::trampoline<int (*&)(lua_State*)>(lua_State*, int (*&)(lua_State*)) /home/elsid/dev/openmw/extern/sol3/sol/trampoline.hpp:158
#39 0x6256bf0d03e0 in sol::detail::c_trampoline(lua_State*, int (*)(lua_State*)) /home/elsid/dev/openmw/extern/sol3/sol/trampoline.hpp:183
#40 0x72e686e8113a (/home/elsid/dev/LuaJIT/build/gcc/asan/install/lib/libluajit-5.1.so.2+0x3613a) (BuildId: 1249151684379d19b11900f406fea9704a6375cb)
#41 0x72e686eb3b23 in lua_pcall (/home/elsid/dev/LuaJIT/build/gcc/asan/install/lib/libluajit-5.1.so.2+0x68b23) (BuildId: 1249151684379d19b11900f406fea9704a6375cb)
#42 0x6256bbf8dc83 in invokeProtectedCall<MWLua::LuaManager::synchronizedUpdate()::<lambda(LuaUtil::LuaView&)> > /home/elsid/dev/openmw/components/lua/luastate.hpp:103
#43 0x6256bbf8dc83 in protectedCall<MWLua::LuaManager::synchronizedUpdate()::<lambda(LuaUtil::LuaView&)> > /home/elsid/dev/openmw/components/lua/luastate.hpp:109
#44 0x6256bbf8dc83 in MWLua::LuaManager::synchronizedUpdate() /home/elsid/dev/openmw/apps/openmw/mwlua/luamanagerimp.cpp:244
#45 0x6256befe215b in OMW::Engine::frame(unsigned int, float) /home/elsid/dev/openmw/apps/openmw/engine.cpp:232
#46 0x6256beff59f3 in OMW::Engine::go() /home/elsid/dev/openmw/apps/openmw/engine.cpp:1032
#47 0x6256bb0e6627 in runApplication(int, char**) /home/elsid/dev/openmw/apps/openmw/main.cpp:228
#48 0x6256c012b085 in Debug::wrapApplication(int (*)(int, char**), int, char**, std::basic_string_view<char, std::char_traits<char> >) /home/elsid/dev/openmw/components/debug/debugging.cpp:457
#49 0x6256bb0dc915 in main /home/elsid/dev/openmw/apps/openmw/main.cpp:240
#50 0x72e685035487 (/usr/lib/libc.so.6+0x27487) (BuildId: 0b707b217b15b106c25fe51df3724b25848310c0)
#51 0x72e68503554b in __libc_start_main (/usr/lib/libc.so.6+0x2754b) (BuildId: 0b707b217b15b106c25fe51df3724b25848310c0)
#52 0x6256bb0dc6e4 in _start (/home/elsid/dev/openmw/build/gcc/asan/openmw+0x10e86e4) (BuildId: b7832a49c4b925e87996aa68f9fd058fb082db71)
0x5070001905c8 is located 56 bytes inside of 80-byte region [0x507000190590,0x5070001905e0)
freed by thread T0 here:
#0 0x72e68b2ff4f2 in operator delete(void*, unsigned long) /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_new_delete.cpp:164
#1 0x6256befa6de2 in std::__new_allocator<std::_List_node<MWState::Character> >::deallocate(std::_List_node<MWState::Character>*, unsigned long) /usr/include/c++/14.2.1/bits/new_allocator.h:172
#2 0x6256befa6de2 in std::allocator<std::_List_node<MWState::Character> >::deallocate(std::_List_node<MWState::Character>*, unsigned long) /usr/include/c++/14.2.1/bits/allocator.h:208
#3 0x6256befa6de2 in std::allocator_traits<std::allocator<std::_List_node<MWState::Character> > >::deallocate(std::allocator<std::_List_node<MWState::Character> >&, std::_List_node<MWState::Character>*, unsigned long) /usr/include/c++/14.2.1/bits/alloc_traits.h:550
#4 0x6256befa6de2 in std::__cxx11::_List_base<MWState::Character, std::allocator<MWState::Character> >::_M_put_node(std::_List_node<MWState::Character>*) /usr/include/c++/14.2.1/bits/stl_list.h:522
#5 0x6256befa6de2 in std::__cxx11::list<MWState::Character, std::allocator<MWState::Character> >::_M_erase(std::_List_iterator<MWState::Character>) /usr/include/c++/14.2.1/bits/stl_list.h:2023
#6 0x6256befa6de2 in std::__cxx11::list<MWState::Character, std::allocator<MWState::Character> >::erase(std::_List_const_iterator<MWState::Character>) /usr/include/c++/14.2.1/bits/list.tcc:158
#7 0x6256befa026c in MWState::CharacterManager::deleteSlot(MWState::Character const*, MWState::Slot const*) /home/elsid/dev/openmw/apps/openmw/mwstate/charactermanager.cpp:53
#8 0x6256bef7b4b4 in MWState::StateManager::deleteGame(MWState::Character const*, MWState::Slot const*) /home/elsid/dev/openmw/apps/openmw/mwstate/statemanagerimp.cpp:709
#9 0x6256bc049341 in operator() /home/elsid/dev/openmw/apps/openmw/mwlua/menuscripts.cpp:61
#10 0x6256bc049341 in _FUN /home/elsid/dev/openmw/apps/openmw/mwlua/menuscripts.cpp:62
#11 0x6256bc05b95c in decltype(auto) sol::wrapper<void (*)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >), void>::call<std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> > >(void (*&)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >), std::basic_string_view<char, std::char_traits<char> >&&, std::basic_string_view<char, std::char_traits<char> >&&) /home/elsid/dev/openmw/extern/sol3/sol/wrapper.hpp:70
#12 0x6256bc05b95c in decltype(auto) sol::wrapper<void (*)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >), void>::caller::operator()<std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> > >(void (*&)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >), std::basic_string_view<char, std::char_traits<char> >&&, std::basic_string_view<char, std::char_traits<char> >&&) const /home/elsid/dev/openmw/extern/sol3/sol/wrapper.hpp:76
#13 0x6256bc05b95c in eval<true, sol::argument_handler<sol::types<void, std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> > > >&, sol::wrapper<void (*)(std::basic_string_view<char>, std::basic_string_view<char>), void>::caller, void (*&)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >), std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> > > /home/elsid/dev/openmw/extern/sol3/sol/stack.hpp:146
#14 0x6256bc05b95c in eval<true, std::basic_string_view<char>, 1, sol::argument_handler<sol::types<void, std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> > > >&, sol::wrapper<void (*)(std::basic_string_view<char>, std::basic_string_view<char>), void>::caller, void (*&)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >), std::basic_string_view<char, std::char_traits<char> > > /home/elsid/dev/openmw/extern/sol3/sol/stack.hpp:169
#15 0x6256bc05b95c in eval<true, std::basic_string_view<char>, std::basic_string_view<char, std::char_traits<char> >, 0, 1, sol::argument_handler<sol::types<void, std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> > > >&, sol::wrapper<void (*)(std::basic_string_view<char>, std::basic_string_view<char>), void>::caller, void (*&)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >)> /home/elsid/dev/openmw/extern/sol3/sol/stack.hpp:169
#16 0x6256bc05b95c in decltype(auto) sol::stack::stack_detail::call<true, 0ul, 1ul, void, std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >, sol::wrapper<void (*)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >), void>::caller, void (*&)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >)>(sol::types<void>, sol::types<std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> > >, std::integer_sequence<unsigned long, 0ul, 1ul>, lua_State*, int, sol::wrapper<void (*)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >), void>::caller&&, void (*&)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >)) /home/elsid/dev/openmw/extern/sol3/sol/stack.hpp:195
#17 0x6256bc05b95c in decltype(auto) sol::stack::call<true, void, std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >, sol::wrapper<void (*)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >), void>::caller, void (*&)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >)>(sol::types<void>, sol::types<std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> > >, lua_State*, int, sol::wrapper<void (*)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >), void>::caller&&, void (*&)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >)) /home/elsid/dev/openmw/extern/sol3/sol/stack.hpp:215
#18 0x6256bc05b95c in int sol::stack::call_into_lua<true, true, void, , std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >, sol::wrapper<void (*)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >), void>::caller, void (*&)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >)>(sol::types<void>, sol::types<std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> > >, lua_State*, int, sol::wrapper<void (*)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >), void>::caller&&, void (*&)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >)) /home/elsid/dev/openmw/extern/sol3/sol/stack.hpp:257
#19 0x6256bc05b95c in int sol::call_detail::agnostic_lua_call_wrapper<void (*)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >), true, false, true, 0, true, void>::call<void (*&)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >)>(lua_State*, void (*&)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >)) /home/elsid/dev/openmw/extern/sol3/sol/call.hpp:378
#20 0x6256bc05b95c in int sol::call_detail::lua_call_wrapper<void, void (*)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >), true, false, true, 0, true, void>::call<void (*&)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >)>(lua_State*, void (*&)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >)) /home/elsid/dev/openmw/extern/sol3/sol/call.hpp:599
#21 0x6256bc05b95c in int sol::call_detail::call_wrapped<void, true, false, 0, true, true, void (*&)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >)>(lua_State*, void (*&)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >)) /home/elsid/dev/openmw/extern/sol3/sol/call.hpp:907
#22 0x6256bc05b95c in sol::function_detail::upvalue_free_function<void (*)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >)>::real_call(lua_State*) /home/elsid/dev/openmw/extern/sol3/sol/function_types_stateless.hpp:46
#23 0x6256bc058bea in sol::detail::lua_cfunction_trampoline(lua_State*, int (*)(lua_State*)) /home/elsid/dev/openmw/extern/sol3/sol/trampoline.hpp:108
#24 0x6256bc058bea in int sol::detail::static_trampoline<&sol::function_detail::upvalue_free_function<void (*)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >)>::real_call>(lua_State*) /home/elsid/dev/openmw/extern/sol3/sol/trampoline.hpp:133
#25 0x6256bc059121 in int sol::detail::typed_static_trampoline<int (*)(lua_State*), &sol::function_detail::upvalue_free_function<void (*)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >)>::real_call>(lua_State*) /home/elsid/dev/openmw/extern/sol3/sol/trampoline.hpp:200
#26 0x6256bc059121 in int sol::function_detail::upvalue_free_function<void (*)(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >)>::call<false, false>(lua_State*) /home/elsid/dev/openmw/extern/sol3/sol/function_types_stateless.hpp:56
#27 0x6256bf0cfe49 in int sol::detail::trampoline<int (*&)(lua_State*)>(lua_State*, int (*&)(lua_State*)) /home/elsid/dev/openmw/extern/sol3/sol/trampoline.hpp:158
#28 0x6256bf0d03e0 in sol::detail::c_trampoline(lua_State*, int (*)(lua_State*)) /home/elsid/dev/openmw/extern/sol3/sol/trampoline.hpp:183
#29 0x72e686e8113a (/home/elsid/dev/LuaJIT/build/gcc/asan/install/lib/libluajit-5.1.so.2+0x3613a) (BuildId: 1249151684379d19b11900f406fea9704a6375cb)
previously allocated by thread T0 here:
#0 0x72e68b2fe392 in operator new(unsigned long) /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_new_delete.cpp:95
#1 0x6256befa3c9d in std::__new_allocator<std::_List_node<MWState::Character> >::allocate(unsigned long, void const*) /usr/include/c++/14.2.1/bits/new_allocator.h:151
#2 0x6256befa3c9d in std::allocator<std::_List_node<MWState::Character> >::allocate(unsigned long) /usr/include/c++/14.2.1/bits/allocator.h:196
#3 0x6256befa3c9d in std::allocator_traits<std::allocator<std::_List_node<MWState::Character> > >::allocate(std::allocator<std::_List_node<MWState::Character> >&, unsigned long) /usr/include/c++/14.2.1/bits/alloc_traits.h:515
#4 0x6256befa3c9d in std::__cxx11::_List_base<MWState::Character, std::allocator<MWState::Character> >::_M_get_node() /usr/include/c++/14.2.1/bits/stl_list.h:518
#5 0x6256befa3c9d in std::_List_node<MWState::Character>* std::__cxx11::list<MWState::Character, std::allocator<MWState::Character> >::_M_create_node<std::filesystem::__cxx11::path&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&>(std::filesystem::__cxx11::path&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) /usr/include/c++/14.2.1/bits/stl_list.h:710
#6 0x6256befa3c9d in void std::__cxx11::list<MWState::Character, std::allocator<MWState::Character> >::_M_insert<std::filesystem::__cxx11::path&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&>(std::_List_iterator<MWState::Character>, std::filesystem::__cxx11::path&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) /usr/include/c++/14.2.1/bits/stl_list.h:2004
#7 0x6256befa3c9d in MWState::Character& std::__cxx11::list<MWState::Character, std::allocator<MWState::Character> >::emplace_back<std::filesystem::__cxx11::path&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&>(std::filesystem::__cxx11::path&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) /usr/include/c++/14.2.1/bits/stl_list.h:1321
#8 0x6256befa3c9d in MWState::CharacterManager::createCharacter(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/elsid/dev/openmw/apps/openmw/mwstate/charactermanager.cpp:84
#9 0x6256bef8325c in MWState::StateManager::saveGame(std::basic_string_view<char, std::char_traits<char> >, MWState::Slot const*) /home/elsid/dev/openmw/apps/openmw/mwstate/statemanagerimp.cpp:231
#10 0x6256bc047438 in operator() /home/elsid/dev/openmw/apps/openmw/mwlua/menuscripts.cpp:79
#11 0x6256bc047438 in _FUN /home/elsid/dev/openmw/apps/openmw/mwlua/menuscripts.cpp:80
#12 0x6256bc05d474 in decltype(auto) sol::wrapper<void (*)(std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > >), void>::call<std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > > >(void (*&)(std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > >), std::basic_string_view<char, std::char_traits<char> >&&, sol::optional<std::basic_string_view<char, std::char_traits<char> > >&&) /home/elsid/dev/openmw/extern/sol3/sol/wrapper.hpp:70
#13 0x6256bc05d474 in decltype(auto) sol::wrapper<void (*)(std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > >), void>::caller::operator()<std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > > >(void (*&)(std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > >), std::basic_string_view<char, std::char_traits<char> >&&, sol::optional<std::basic_string_view<char, std::char_traits<char> > >&&) const /home/elsid/dev/openmw/extern/sol3/sol/wrapper.hpp:76
#14 0x6256bc05d474 in eval<true, sol::argument_handler<sol::types<void, std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > > > >&, sol::wrapper<void (*)(std::basic_string_view<char>, sol::optional<std::basic_string_view<char> >), void>::caller, void (*&)(std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > >), std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > > > /home/elsid/dev/openmw/extern/sol3/sol/stack.hpp:146
#15 0x6256bc05d474 in eval<true, sol::optional<std::basic_string_view<char> >, 1, sol::argument_handler<sol::types<void, std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > > > >&, sol::wrapper<void (*)(std::basic_string_view<char>, sol::optional<std::basic_string_view<char> >), void>::caller, void (*&)(std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > >), std::basic_string_view<char, std::char_traits<char> > > /home/elsid/dev/openmw/extern/sol3/sol/stack.hpp:169
#16 0x6256bc05d474 in eval<true, std::basic_string_view<char>, sol::optional<std::basic_string_view<char, std::char_traits<char> > >, 0, 1, sol::argument_handler<sol::types<void, std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > > > >&, sol::wrapper<void (*)(std::basic_string_view<char>, sol::optional<std::basic_string_view<char> >), void>::caller, void (*&)(std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > >)> /home/elsid/dev/openmw/extern/sol3/sol/stack.hpp:169
#17 0x6256bc05d474 in decltype(auto) sol::stack::stack_detail::call<true, 0ul, 1ul, void, std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > >, sol::wrapper<void (*)(std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > >), void>::caller, void (*&)(std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > >)>(sol::types<void>, sol::types<std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > > >, std::integer_sequence<unsigned long, 0ul, 1ul>, lua_State*, int, sol::wrapper<void (*)(std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > >), void>::caller&&, void (*&)(std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > >)) /home/elsid/dev/openmw/extern/sol3/sol/stack.hpp:195
#18 0x6256bc05d474 in decltype(auto) sol::stack::call<true, void, std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > >, sol::wrapper<void (*)(std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > >), void>::caller, void (*&)(std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > >)>(sol::types<void>, sol::types<std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > > >, lua_State*, int, sol::wrapper<void (*)(std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > >), void>::caller&&, void (*&)(std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > >)) /home/elsid/dev/openmw/extern/sol3/sol/stack.hpp:215
#19 0x6256bc05d474 in int sol::stack::call_into_lua<true, true, void, , std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > >, sol::wrapper<void (*)(std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > >), void>::caller, void (*&)(std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > >)>(sol::types<void>, sol::types<std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > > >, lua_State*, int, sol::wrapper<void (*)(std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > >), void>::caller&&, void (*&)(std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > >)) /home/elsid/dev/openmw/extern/sol3/sol/stack.hpp:257
#20 0x6256bc05d474 in int sol::call_detail::agnostic_lua_call_wrapper<void (*)(std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > >), true, false, true, 0, true, void>::call<void (*&)(std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > >)>(lua_State*, void (*&)(std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > >)) /home/elsid/dev/openmw/extern/sol3/sol/call.hpp:378
#21 0x6256bc05d474 in int sol::call_detail::lua_call_wrapper<void, void (*)(std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > >), true, false, true, 0, true, void>::call<void (*&)(std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > >)>(lua_State*, void (*&)(std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > >)) /home/elsid/dev/openmw/extern/sol3/sol/call.hpp:599
#22 0x6256bc05d474 in int sol::call_detail::call_wrapped<void, true, false, 0, true, true, void (*&)(std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > >)>(lua_State*, void (*&)(std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > >)) /home/elsid/dev/openmw/extern/sol3/sol/call.hpp:907
#23 0x6256bc05d474 in sol::function_detail::upvalue_free_function<void (*)(std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > >)>::real_call(lua_State*) /home/elsid/dev/openmw/extern/sol3/sol/function_types_stateless.hpp:46
#24 0x6256bc0597d0 in sol::detail::lua_cfunction_trampoline(lua_State*, int (*)(lua_State*)) /home/elsid/dev/openmw/extern/sol3/sol/trampoline.hpp:108
#25 0x6256bc0597d0 in int sol::detail::static_trampoline<&sol::function_detail::upvalue_free_function<void (*)(std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > >)>::real_call>(lua_State*) /home/elsid/dev/openmw/extern/sol3/sol/trampoline.hpp:133
#26 0x6256bc059d07 in int sol::detail::typed_static_trampoline<int (*)(lua_State*), &sol::function_detail::upvalue_free_function<void (*)(std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > >)>::real_call>(lua_State*) /home/elsid/dev/openmw/extern/sol3/sol/trampoline.hpp:200
#27 0x6256bc059d07 in int sol::function_detail::upvalue_free_function<void (*)(std::basic_string_view<char, std::char_traits<char> >, sol::optional<std::basic_string_view<char, std::char_traits<char> > >)>::call<false, false>(lua_State*) /home/elsid/dev/openmw/extern/sol3/sol/function_types_stateless.hpp:56
#28 0x6256bf0cfe49 in int sol::detail::trampoline<int (*&)(lua_State*)>(lua_State*, int (*&)(lua_State*)) /home/elsid/dev/openmw/extern/sol3/sol/trampoline.hpp:158
#29 0x6256bf0d03e0 in sol::detail::c_trampoline(lua_State*, int (*)(lua_State*)) /home/elsid/dev/openmw/extern/sol3/sol/trampoline.hpp:183
#30 0x72e686e8113a (/home/elsid/dev/LuaJIT/build/gcc/asan/install/lib/libluajit-5.1.so.2+0x3613a) (BuildId: 1249151684379d19b11900f406fea9704a6375cb)
SUMMARY: AddressSanitizer: heap-use-after-free /usr/include/c++/14.2.1/bits/stl_iterator.h:1068 in __gnu_cxx::__normal_iterator<MWState::Slot const*, std::vector<MWState::Slot, std::allocator<MWState::Slot> > >::__normal_iterator(MWState::Slot const* const&)
Shadow bytes around the buggy address:
0x507000190300: 00 00 00 00 00 00 00 00 fa fa fa fa fd fd fd fd
0x507000190380: fd fd fd fd fd fd fa fa fa fa 00 00 00 00 00 00
0x507000190400: 00 00 00 00 fa fa fa fa fd fd fd fd fd fd fd fd
0x507000190480: fd fd fa fa fa fa fd fd fd fd fd fd fd fd fd fd
0x507000190500: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fa fa
=>0x507000190580: fa fa fd fd fd fd fd fd fd[fd]fd fd fa fa fa fa
0x507000190600: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fd fd
0x507000190680: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd
0x507000190700: fd fd fd fd fd fd fa fa fa fa 00 00 00 00 00 00
0x507000190780: 00 00 00 fa fa fa fa fa fd fd fd fd fd fd fd fd
0x507000190800: fd fd fa fa fa fa fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==29165==ABORTINGEdited by elsid