heap-buffer-overflow when loading monk graphics

[AJenbo]

==41537==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62c00018761d at pc 0x7f996c2b15ce bp 0x7fff9d7635f0 sp 0x7fff9d762d98
WRITE of size 1556 at 0x62c00018761d thread T0
    #0 0x7f996c2b15cd in __interceptor_memcpy (/usr/lib/x86_64-linux-gnu/libasan.so.6+0x3a5cd)
    #1 0x56076a2e4fc1 in ReadMpqFileSectorFile /home/ajenbo/code/diablo/devilutionX/3rdParty/StormLib/src/SFileReadFile.cpp:568
    #2 0x56076a2e52f1 in SFileReadFile /home/ajenbo/code/diablo/devilutionX/3rdParty/StormLib/src/SFileReadFile.cpp:743
    #3 0x560769ce872f in dvl::LoadFileWithMem(char const*, unsigned char*) /home/ajenbo/code/diablo/devilutionX/Source/engine.cpp:748
    #4 0x56076a147a2b in LoadPlrGFX /home/ajenbo/code/diablo/devilutionX/Source/player.cpp:345
    #5 0x56076a147f06 in InitPlayerGFX /home/ajenbo/code/diablo/devilutionX/Source/player.cpp:361
    #6 0x560769bce832 in LoadGameLevel /home/ajenbo/code/diablo/devilutionX/Source/diablo.cpp:1827
    #7 0x560769d0cbc8 in ShowProgress /home/ajenbo/code/diablo/devilutionX/Source/interfac.cpp:257
    #8 0x560769bcc1e5 in GM_Game /home/ajenbo/code/diablo/devilutionX/Source/diablo.cpp:1601
    #9 0x5607699d367d in dvl::PushMessage(dvl::tagMSG const*) /home/ajenbo/code/diablo/devilutionX/SourceX/miniwin/misc_msg.cpp:721
    #10 0x560769bbefc7 in run_game_loop /home/ajenbo/code/diablo/devilutionX/Source/diablo.cpp:328
    #11 0x560769bbf43a in StartGame /home/ajenbo/code/diablo/devilutionX/Source/diablo.cpp:392
    #12 0x560769e358bf in mainmenu_init_menu /home/ajenbo/code/diablo/devilutionX/Source/mainmenu.cpp:46
    #13 0x560769e35b87 in mainmenu_single_player /home/ajenbo/code/diablo/devilutionX/Source/mainmenu.cpp:62
    #14 0x560769e36430 in mainmenu_loop /home/ajenbo/code/diablo/devilutionX/Source/mainmenu.cpp:153
    #15 0x560769bc1921 in DiabloMain /home/ajenbo/code/diablo/devilutionX/Source/diablo.cpp:637
    #16 0x560769ad1fc3 in main /home/ajenbo/code/diablo/devilutionX/SourceX/main.cpp:34
    #17 0x7f996b1e5cb1 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x28cb1)
    #18 0x56076998322d in _start (/home/ajenbo/code/diablo/devilutionX/build/devilutionx+0xe4422d)

0x62c00018761d is located 0 bytes to the right of 29725-byte region [0x62c000180200,0x62c00018761d)
allocated by thread T0 here:
    #0 0x7f996c327517 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.6+0xb0517)
    #1 0x5607699dfc03 in SMemAlloc /home/ajenbo/code/diablo/devilutionX/SourceX/storm/storm.cpp:257
    #2 0x560769ce8268 in dvl::DiabloAllocPtr(unsigned int) /home/ajenbo/code/diablo/devilutionX/Source/engine.cpp:671
    #3 0x56076a1499fc in InitPlrGFXMem /home/ajenbo/code/diablo/devilutionX/Source/player.cpp:471
    #4 0x560769bce120 in LoadGameLevel /home/ajenbo/code/diablo/devilutionX/Source/diablo.cpp:1775
    #5 0x560769d0c845 in ShowProgress /home/ajenbo/code/diablo/devilutionX/Source/interfac.cpp:241
    #6 0x560769bbec45 in start_game /home/ajenbo/code/diablo/devilutionX/Source/diablo.cpp:237
    #7 0x560769bbeea3 in run_game_loop /home/ajenbo/code/diablo/devilutionX/Source/diablo.cpp:304
    #8 0x560769bbf43a in StartGame /home/ajenbo/code/diablo/devilutionX/Source/diablo.cpp:392
    #9 0x560769e358bf in mainmenu_init_menu /home/ajenbo/code/diablo/devilutionX/Source/mainmenu.cpp:46
    #10 0x560769e35b87 in mainmenu_single_player /home/ajenbo/code/diablo/devilutionX/Source/mainmenu.cpp:62
    #11 0x560769e36430 in mainmenu_loop /home/ajenbo/code/diablo/devilutionX/Source/mainmenu.cpp:153
    #12 0x560769bc1921 in DiabloMain /home/ajenbo/code/diablo/devilutionX/Source/diablo.cpp:637
    #13 0x560769ad1fc3 in main /home/ajenbo/code/diablo/devilutionX/SourceX/main.cpp:34
    #14 0x7f996b1e5cb1 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x28cb1)

[glebm]

How can this be reproduced? Simply loading a Monk save or creating a new Monk game does not.

[AJenbo]

go to the dungeon as a monk

[AJenbo]

Can't replicate this 🤷