AddressSanitizer: heap-use-after-free on address 0x7d8fc9e35298 at pc 0x7fffe41f7fa8 bp 0x7ffffffdb710 sp 0x7ffffffdb700
READ of size 4 at 0x7d8fc9e35298 thread T0
#0 0x7fffe41f7fa7 in luabind::detail::access_member_ptr<_vector3<float>, float, float>::operator()(_vector3<float> const&) const /mnt/data/dev/xray-16/Externals/luabind/src/../luabind/detail/property.hpp:20
#1 0x7fffe41f8097 in luabind::detail::invoke_struct<luabind::meta::type_list<>, luabind::meta::type_list<float, _vector3<float> const&>, luabind::detail::access_member_ptr<_vector3<float>, float, float> >::call_struct<false, false, luabind::meta::index_list<0u> >::call(lua_State*, luabind::detail::access_member_ptr<_vector3<float>, float, float>&, std::tuple<luabind::default_converter<_vector3<float> const&, void> >&) /mnt/data/dev/xray-16/Externals/luabind/src/../luabind/detail/call.hpp:218
#2 0x7fffe41f8907 in int luabind::detail::invoke_struct<luabind::meta::type_list<>, luabind::meta::type_list<float, _vector3<float> const&>, luabind::detail::access_member_ptr<_vector3<float>, float, float> >::call_fun<std::tuple<luabind::default_converter<_vector3<float> const&, void> > >(lua_State*, luabind::detail::invoke_context&, luabind::detail::access_member_ptr<_vector3<float>, float, float>&, int, std::tuple<luabind::default_converter<_vector3<float> const&, void> >&) /mnt/data/dev/xray-16/Externals/luabind/src/../luabind/detail/call.hpp:317
#3 0x7fffe41f8907 in luabind::detail::invoke_struct<luabind::meta::type_list<>, luabind::meta::type_list<float, _vector3<float> const&>, luabind::detail::access_member_ptr<_vector3<float>, float, float> >::invoke(lua_State*, luabind::detail::function_object const&, luabind::detail::invoke_context&, luabind::detail::access_member_ptr<_vector3<float>, float, float>&) /mnt/data/dev/xray-16/Externals/luabind/src/../luabind/detail/call.hpp:374
#4 0x7fffe41f89b7 in int luabind::detail::invoke<luabind::meta::type_list<>, luabind::meta::type_list<float, _vector3<float> const&>, luabind::detail::access_member_ptr<_vector3<float>, float, float> >(lua_State*, luabind::detail::function_object const&, luabind::detail::invoke_context&, luabind::detail::access_member_ptr<_vector3<float>, float, float>&) /mnt/data/dev/xray-16/Externals/luabind/src/../luabind/detail/call.hpp:392
#5 0x7fffe41f89b7 in luabind::detail::function_object_impl<luabind::detail::access_member_ptr<_vector3<float>, float, float>, luabind::meta::type_list<float, _vector3<float> const&>, luabind::meta::type_list<> >::invoke_defer(lua_State*, luabind::detail::function_object_impl<luabind::detail::access_member_ptr<_vector3<float>, float, float>, luabind::meta::type_list<float, _vector3<float> const&>, luabind::meta::type_list<> >*, luabind::detail::invoke_context&, int&) /mnt/data/dev/xray-16/Externals/luabind/src/../luabind/make_function.hpp:51
#6 0x7fffe41f8b7e in luabind::detail::function_object_impl<luabind::detail::access_member_ptr<_vector3<float>, float, float>, luabind::meta::type_list<float, _vector3<float> const&>, luabind::meta::type_list<> >::entry_point(lua_State*) /mnt/data/dev/xray-16/Externals/luabind/src/../luabind/make_function.hpp:73
#7 0x7fffd096ba14 in lj_BC_FUNCC /mnt/data/dev/xray-16/bin/buildvm_x86.dasc:849
#8 0x7fffcec1e95d in get_instance_value /mnt/data/dev/xray-16/Externals/luabind/src/object_rep.cpp:163
#9 0x7fffd096ba14 in lj_BC_FUNCC /mnt/data/dev/xray-16/bin/buildvm_x86.dasc:849
#10 0x7fffd0984685 in lua_pcall /mnt/data/dev/xray-16/Externals/LuaJIT/src/lj_api.c:1218
#11 0x7fffcec20213 in luabind::detail::pcall(lua_State*, int, int) /mnt/data/dev/xray-16/Externals/luabind/src/pcall.cpp:43
#12 0x7fffe0a701bb in void luabind::detail::call_member_impl<void, luabind::meta::type_list<>, 1u, NET_Packet*>(lua_State*, std::integral_constant<bool, true>, luabind::meta::index_list<1u>, NET_Packet*&&) /mnt/data/dev/xray-16/Externals/luabind/src/../luabind/detail/call_member.hpp:54
#13 0x7fffe0a70382 in void luabind::wrap_base::call<void, NET_Packet*>(char const*, NET_Packet*&&) const /mnt/data/dev/xray-16/Externals/luabind/src/../luabind/wrapper_base.hpp:92
#14 0x7fffe4c2943e in CWrapperAbstractZone<CSE_ALifeSmartZone>::STATE_Write(NET_Packet&) /mnt/data/dev/xray-16/src/xrServerEntities/xrServer_script_macroses.h:183
#15 0x7fffe4457043 in CSE_Abstract::Spawn_Write(NET_Packet&, int) /mnt/data/dev/xray-16/src/xrServerEntities/xrServer_Object_Base.cpp:207
#16 0x7fffe081cd5f in CALifeObjectRegistry::save(IWriter&, CSE_ALifeDynamicObject*, unsigned int&) /mnt/data/dev/xray-16/src/xrGame/alife_object_registry.cpp:33
#17 0x7fffe081da04 in CALifeObjectRegistry::save(IWriter&) /mnt/data/dev/xray-16/src/xrGame/alife_object_registry.cpp:81
#18 0x7fffe09724cd in CALifeStorageManager::save(char const*, bool) /mnt/data/dev/xray-16/src/xrGame/alife_storage_manager.cpp:72
#19 0x7fffe09734db in CALifeStorageManager::save(NET_Packet&) /mnt/data/dev/xray-16/src/xrGame/alife_storage_manager.cpp:240
#20 0x7fffe1563fb5 in game_sv_Single::save_game(NET_Packet&, ClientID) /mnt/data/dev/xray-16/src/xrGame/game_sv_single.cpp:237
#21 0x7fffe2feb42e in xrServer::OnMessage(NET_Packet&, ClientID) /mnt/data/dev/xray-16/src/xrGame/xrServer.cpp:553
#22 0x7fffe19bfd39 in CLevel::Send(NET_Packet&, unsigned int, unsigned int) /mnt/data/dev/xray-16/src/xrGame/Level_network.cpp:298
#23 0x7fffe0cb3837 in CCC_ALifeSave::Execute(char const*) /mnt/data/dev/xray-16/src/xrGame/console_commands.cpp:683
#24 0x7fffd146fa7a in CConsole::ExecuteCommand(char const*, bool) /mnt/data/dev/xray-16/src/xrEngine/XR_IOConsole.cpp:478
#25 0x7fffd1473f38 in CConsole::OnFrame() /mnt/data/dev/xray-16/src/xrEngine/XR_IOConsole.cpp:248
#26 0x7fffd16df9ac in pureFrame::OnPure(pureFrame*) /mnt/data/dev/xray-16/src/xrEngine/pure.h:18
#27 0x7fffd16df9ac in MessageRegistry<pureFrame>::Process() /mnt/data/dev/xray-16/src/xrEngine/pure.h:101
#28 0x7fffd16cecd7 in CRenderDevice::FrameMove() /mnt/data/dev/xray-16/src/xrEngine/device.cpp:484
#29 0x7fffd16cf36b in CRenderDevice::ProcessFrame() /mnt/data/dev/xray-16/src/xrEngine/device.cpp:270
#30 0x7fffd168472e in CApplication::Run() /mnt/data/dev/xray-16/src/xrEngine/x_ray.cpp:433
#31 0x55555555b4d5 in entry_point(char const*) /mnt/data/dev/xray-16/src/xr_3da/entry_point.cpp:53
#32 0x55555555b8ed in main /mnt/data/dev/xray-16/src/xr_3da/entry_point.cpp:104
#33 0x7fffcf027b8a (/usr/lib/libc.so.6+0x27b8a) (BuildId: 3fb5bf3586fec17ba65a16ec9a3132455897d306)
#34 0x7fffcf027c4a in __libc_start_main (/usr/lib/libc.so.6+0x27c4a) (BuildId: 3fb5bf3586fec17ba65a16ec9a3132455897d306)
#35 0x55555555b304 in _start (/mnt/data/dev/xray-16/bin/x86_64/Debug/xr_3da+0x7304) (BuildId: a42307e2056b24dd7d40950015579916511720c5)
0x7d8fc9e35298 is located 280 bytes inside of 928-byte region [0x7d8fc9e35180,0x7d8fc9e35520)
freed by thread T0 here:
#0 0x7ffff795103d in free /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:51
#1 0x7fffd048b395 in xrMemory::mem_free(void*) /mnt/data/dev/xray-16/src/xrCore/xrMemory.cpp:260
#2 0x7ffff52d427d in void xr_free<xray::render::render_gl::R_dsgraph::_NormalItem>(xray::render::render_gl::R_dsgraph::_NormalItem*&) /mnt/data/dev/xray-16/src/xrCore/xrMemory.h:105
#3 0x7ffff52d43a4 in xalloc<xray::render::render_gl::R_dsgraph::_NormalItem>::deallocate(xray::render::render_gl::R_dsgraph::_NormalItem*, unsigned long) /mnt/data/dev/xray-16/src/xrCore/Memory/xalloc.h:41
#4 0x7ffff52d43a4 in std::allocator_traits<xalloc<xray::render::render_gl::R_dsgraph::_NormalItem> >::deallocate(xalloc<xray::render::render_gl::R_dsgraph::_NormalItem>&, xray::render::render_gl::R_dsgraph::_NormalItem*, unsigned long) /usr/include/c++/15.2.1/bits/alloc_traits.h:417
#5 0x7ffff52d43a4 in std::_Vector_base<xray::render::render_gl::R_dsgraph::_NormalItem, xalloc<xray::render::render_gl::R_dsgraph::_NormalItem> >::_M_deallocate(xray::render::render_gl::R_dsgraph::_NormalItem*, unsigned long) /usr/include/c++/15.2.1/bits/stl_vector.h:396
#6 0x7ffff52d43a4 in std::_Vector_base<xray::render::render_gl::R_dsgraph::_NormalItem, xalloc<xray::render::render_gl::R_dsgraph::_NormalItem> >::~_Vector_base() /usr/include/c++/15.2.1/bits/stl_vector.h:375
#7 0x7ffff52d44b9 in std::vector<xray::render::render_gl::R_dsgraph::_NormalItem, xalloc<xray::render::render_gl::R_dsgraph::_NormalItem> >::~vector() /usr/include/c++/15.2.1/bits/stl_vector.h:805
#8 0x7ffff52d4575 in xray::render::render_gl::R_dsgraph::mapNormalItems::~mapNormalItems() /mnt/data/dev/xray-16/src/Layers/xrRender/r__dsgraph_types.h:48
#9 0x7ffff52d4575 in xr_fixed_map_node<xray::render::render_gl::SPass*, xray::render::render_gl::R_dsgraph::mapNormalItems>::~xr_fixed_map_node() /mnt/data/dev/xray-16/src/xrCore/Containers/FixedMap.h:28
#10 0x7ffff52d46d7 in xr_fixed_map<xray::render::render_gl::SPass*, xray::render::render_gl::R_dsgraph::mapNormalItems, 2ul, xalloc<xr_fixed_map_node<xray::render::render_gl::SPass*, xray::render::render_gl::R_dsgraph::mapNormalItems> > >::destroy() /mnt/data/dev/xray-16/src/xrCore/Containers/FixedMap.h:233
#11 0x7ffff52d5365 in xray::render::render_gl::R_dsgraph_structure::reset() /mnt/data/dev/xray-16/src/Layers/xrRender/r__dsgraph_structure.h:134
#12 0x7ffff543ce7b in xray::render::render_gl::D3DXRenderBase::cleanup_contexts() /mnt/data/dev/xray-16/src/Layers/xrRender/D3DXRenderBase.h:125
#13 0x7ffff543ce7b in xray::render::render_gl::D3DXRenderBase::End() /mnt/data/dev/xray-16/src/Layers/xrRender/D3DXRenderBase.cpp:311
#14 0x7fffd16cc4a6 in CRenderDevice::RenderEnd() /mnt/data/dev/xray-16/src/xrEngine/device.cpp:98
#15 0x7fffd16ce414 in CRenderDevice::DoRender() /mnt/data/dev/xray-16/src/xrEngine/device.cpp:250
#16 0x7fffd16cf4a1 in CRenderDevice::ProcessFrame() /mnt/data/dev/xray-16/src/xrEngine/device.cpp:283
#17 0x7fffd168472e in CApplication::Run() /mnt/data/dev/xray-16/src/xrEngine/x_ray.cpp:433
#18 0x55555555b4d5 in entry_point(char const*) /mnt/data/dev/xray-16/src/xr_3da/entry_point.cpp:53
#19 0x55555555b8ed in main /mnt/data/dev/xray-16/src/xr_3da/entry_point.cpp:104
#20 0x7fffcf027b8a (/usr/lib/libc.so.6+0x27b8a) (BuildId: 3fb5bf3586fec17ba65a16ec9a3132455897d306)
#21 0x7fffffffd5a8 ([stack]+0x785a8)
previously allocated by thread T0 here:
#0 0x7ffff7952345 in malloc /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:67
#1 0x7fffd048b31d in xrMemory::mem_alloc(unsigned long) /mnt/data/dev/xray-16/src/xrCore/xrMemory.cpp:202
#2 0x7ffff56f9b3a in xray::render::render_gl::R_dsgraph::_NormalItem* xr_alloc<xray::render::render_gl::R_dsgraph::_NormalItem>(unsigned long) /mnt/data/dev/xray-16/src/xrCore/xrMemory.h:97
#3 0x7ffff56fce4b in xalloc<xray::render::render_gl::R_dsgraph::_NormalItem>::allocate(unsigned long, void const*) /mnt/data/dev/xray-16/src/xrCore/Memory/xalloc.h:40
#4 0x7ffff56fce4b in std::allocator_traits<xalloc<xray::render::render_gl::R_dsgraph::_NormalItem> >::allocate(xalloc<xray::render::render_gl::R_dsgraph::_NormalItem>&, unsigned long) /usr/include/c++/15.2.1/bits/alloc_traits.h:385
#5 0x7ffff56fce4b in std::_Vector_base<xray::render::render_gl::R_dsgraph::_NormalItem, xalloc<xray::render::render_gl::R_dsgraph::_NormalItem> >::_M_allocate(unsigned long) /usr/include/c++/15.2.1/bits/stl_vector.h:387
#6 0x7ffff56fce4b in void std::vector<xray::render::render_gl::R_dsgraph::_NormalItem, xalloc<xray::render::render_gl::R_dsgraph::_NormalItem> >::_M_realloc_append<xray::render::render_gl::R_dsgraph::_NormalItem>(xray::render::render_gl::R_dsgraph::_NormalItem&&) /usr/include/c++/15.2.1/bits/vector.tcc:572
#7 0x7ffff56fd356 in xray::render::render_gl::R_dsgraph::_NormalItem& std::vector<xray::render::render_gl::R_dsgraph::_NormalItem, xalloc<xray::render::render_gl::R_dsgraph::_NormalItem> >::emplace_back<xray::render::render_gl::R_dsgraph::_NormalItem>(xray::render::render_gl::R_dsgraph::_NormalItem&&) /usr/include/c++/15.2.1/bits/vector.tcc:123
#8 0x7ffff56e9864 in xray::render::render_gl::R_dsgraph_structure::insert_static(xray::render::render_gl::dxRender_Visual*) /mnt/data/dev/xray-16/src/Layers/xrRender/r__dsgraph_build.cpp:236
#9 0x7ffff56ea571 in xray::render::render_gl::R_dsgraph_structure::add_leafs_static(xray::render::render_gl::dxRender_Visual*) /mnt/data/dev/xray-16/src/Layers/xrRender/r__dsgraph_build.cpp:431
#10 0x7ffff56ea51d in xray::render::render_gl::R_dsgraph_structure::add_leafs_static(xray::render::render_gl::dxRender_Visual*) /mnt/data/dev/xray-16/src/Layers/xrRender/r__dsgraph_build.cpp:422
#11 0x7ffff56eace2 in xray::render::render_gl::R_dsgraph_structure::add_static(xray::render::render_gl::dxRender_Visual*, CFrustum const&, unsigned int) /mnt/data/dev/xray-16/src/Layers/xrRender/r__dsgraph_build.cpp:607
#12 0x7ffff56eabe3 in xray::render::render_gl::R_dsgraph_structure::add_static(xray::render::render_gl::dxRender_Visual*, CFrustum const&, unsigned int) /mnt/data/dev/xray-16/src/Layers/xrRender/r__dsgraph_build.cpp:602
#13 0x7ffff56eabe3 in xray::render::render_gl::R_dsgraph_structure::add_static(xray::render::render_gl::dxRender_Visual*, CFrustum const&, unsigned int) /mnt/data/dev/xray-16/src/Layers/xrRender/r__dsgraph_build.cpp:602
#14 0x7ffff56eabe3 in xray::render::render_gl::R_dsgraph_structure::add_static(xray::render::render_gl::dxRender_Visual*, CFrustum const&, unsigned int) /mnt/data/dev/xray-16/src/Layers/xrRender/r__dsgraph_build.cpp:602
#15 0x7ffff56eabe3 in xray::render::render_gl::R_dsgraph_structure::add_static(xray::render::render_gl::dxRender_Visual*, CFrustum const&, unsigned int) /mnt/data/dev/xray-16/src/Layers/xrRender/r__dsgraph_build.cpp:602
#16 0x7ffff56eabe3 in xray::render::render_gl::R_dsgraph_structure::add_static(xray::render::render_gl::dxRender_Visual*, CFrustum const&, unsigned int) /mnt/data/dev/xray-16/src/Layers/xrRender/r__dsgraph_build.cpp:602
#17 0x7ffff56eabe3 in xray::render::render_gl::R_dsgraph_structure::add_static(xray::render::render_gl::dxRender_Visual*, CFrustum const&, unsigned int) /mnt/data/dev/xray-16/src/Layers/xrRender/r__dsgraph_build.cpp:602
#18 0x7ffff56ec2d8 in xray::render::render_gl::R_dsgraph_structure::build_subspace() /mnt/data/dev/xray-16/src/Layers/xrRender/r__dsgraph_build.cpp:783
#19 0x7ffff59236f8 in xray::render::render_gl::render_main::calculate() /mnt/data/dev/xray-16/src/Layers/xrRender_R2/r2_R_calculate.cpp:56
#20 0x7ffff592875e in xray::render::render_gl::i_render_phase::run()::{lambda()#1}::operator()() const /mnt/data/dev/xray-16/src/Layers/xrRender_R2/r2.h:51
#21 0x7ffff5928b36 in Task::Dispatcher<xray::render::render_gl::i_render_phase::run()::{lambda()#1}, false, void>::Call(Task&) /mnt/data/dev/xray-16/src/xrCore/Threading/Task.hpp:94
#22 0x7fffd04aed14 in Task::operator()() /mnt/data/dev/xray-16/src/xrCore/Threading/Task.hpp:200
#23 0x7fffd04acb42 in TaskManager::ExecuteTask(Task&) /mnt/data/dev/xray-16/src/xrCore/Threading/TaskManager.cpp:307
#24 0x7fffd04acb8c in TaskManager::RunTask(Task&) /mnt/data/dev/xray-16/src/xrCore/Threading/TaskManager.cpp:313
#25 0x7ffff5926516 in xray::render::render_gl::i_render_phase::run() /mnt/data/dev/xray-16/src/Layers/xrRender_R2/r2.h:68
#26 0x7ffff5926516 in xray::render::render_gl::CRender::Calculate() /mnt/data/dev/xray-16/src/Layers/xrRender_R2/r2_R_calculate.cpp:144
#27 0x7fffd15ea70f in IGame_Level::OnRender() /mnt/data/dev/xray-16/src/xrEngine/IGame_Level.cpp:177
#28 0x7fffe191d15f in CLevel::OnRender() /mnt/data/dev/xray-16/src/xrGame/Level.cpp:639
#29 0x7fffd16df632 in pureRender::OnPure(pureRender*) /mnt/data/dev/xray-16/src/xrEngine/pure.h:20
#30 0x7fffd16df632 in MessageRegistry<pureRender>::Process() /mnt/data/dev/xray-16/src/xrEngine/pure.h:101
#31 0x7fffd16ce315 in CRenderDevice::DoRender() /mnt/data/dev/xray-16/src/xrEngine/device.cpp:240
#32 0x7fffd16cf4a1 in CRenderDevice::ProcessFrame() /mnt/data/dev/xray-16/src/xrEngine/device.cpp:283
#33 0x7fffd168472e in CApplication::Run() /mnt/data/dev/xray-16/src/xrEngine/x_ray.cpp:433
#34 0x55555555b4d5 in entry_point(char const*) /mnt/data/dev/xray-16/src/xr_3da/entry_point.cpp:53
SUMMARY: AddressSanitizer: heap-use-after-free /mnt/data/dev/xray-16/Externals/luabind/src/../luabind/detail/property.hpp:20 in luabind::detail::access_member_ptr<_vector3<float>, float, float>::operator()(_vector3<float> const&) const
Shadow bytes around the buggy address:
0x7d8fc9e35000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7d8fc9e35080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x7d8fc9e35100: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x7d8fc9e35180: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x7d8fc9e35200: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x7d8fc9e35280: fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd
0x7d8fc9e35300: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x7d8fc9e35380: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x7d8fc9e35400: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x7d8fc9e35480: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x7d8fc9e35500: fd fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
