Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ToxAV use-after-free bug #278

Closed
iphydf opened this issue Nov 15, 2016 · 4 comments
Closed

ToxAV use-after-free bug #278

iphydf opened this issue Nov 15, 2016 · 4 comments
Assignees
@mannol
Labels
bug Bug fix for the user, not a fix to a build script P1 High priority toxav Audio/video
Milestone
v0.1.2

Comments

@iphydf
Copy link
Member

iphydf commented Nov 15, 2016

This happens regularly in our Travis test runs. It doesn't happen always due to threading non-determinism. Example of an error: https://travis-ci.org/TokTok/c-toxcore/jobs/175571271#L1620.
@iphydf iphydf added this to the v0.1.1 milestone Nov 15, 2016
@iphydf iphydf added bug Bug fix for the user, not a fix to a build script toxav Audio/video P1 High priority labels Nov 15, 2016
@pchk pchk mentioned this issue Dec 9, 2016
Merged
@iphydf
Copy link
Member Author

iphydf commented Dec 14, 2016

Fixed in #309.

@iphydf iphydf closed this as completed Dec 14, 2016
@iphydf iphydf reopened this Dec 15, 2016
@iphydf
Copy link
Member Author

iphydf commented Dec 15, 2016

https://travis-ci.org/TokTok/c-toxcore/jobs/184226203#L1677 it seems to still be an issue.

@iphydf iphydf modified the milestones: v0.2.0, v0.1.1 Dec 17, 2016
@iphydf
Copy link
Member Author

iphydf commented Dec 17, 2016

It is indeed still an issue in recent builds. CC: @pchk.

@iphydf iphydf modified the milestones: v0.1.3, v0.2.0 Dec 19, 2016
@iphydf
Copy link
Member Author

iphydf commented Dec 20, 2016
edited
Loading 

==9774==ERROR: AddressSanitizer: heap-use-after-free on address 0x604000007fe8 at pc 0x2b838b98fe91 bp 0x7ffe1f17c1a0 sp 0x7ffe1f17c198
WRITE of size 8 at 0x604000007fe8 thread T0
    #0 0x2b838b98fe90 in call_remove /home/travis/build/TokTok/c-toxcore/toxav/toxav.c:1135
    #1 0x2b838b98f5c4 in toxav_kill /home/travis/build/TokTok/c-toxcore/toxav/toxav.c:191
    #2 0x485a2e in test_AV_three_calls /home/travis/build/TokTok/c-toxcore/auto_tests/toxav_many_test.c:324
    #3 0x488f10 in srunner_run_all (/home/travis/build/TokTok/c-toxcore/_build/auto_toxav_many_test+0x488f10)
    #4 0x484870 in main /home/travis/build/TokTok/c-toxcore/auto_tests/toxav_many_test.c:361
    #5 0x2b838ddb07ec (/lib/x86_64-linux-gnu/libc.so.6+0x217ec)
    #6 0x48438c in _start (/home/travis/build/TokTok/c-toxcore/_build/auto_toxav_many_test+0x48438c)

0x604000007fe8 is located 24 bytes inside of 48-byte region [0x604000007fd0,0x604000008000)
freed by thread T0 here:
    #0 0x46e129 in free /home/users/aadgrand/LLVM/releases/ubuntu/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:64
    #1 0x2b838b984060 in kill_call /home/travis/build/TokTok/c-toxcore/toxav/msi.c:607
    #2 0x2b838b98f3c2 in toxav_kill /home/travis/build/TokTok/c-toxcore/toxav/toxav.c:180

previously allocated by thread T0 here:
    #0 0x46e379 in calloc /home/users/aadgrand/LLVM/releases/ubuntu/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:90
    #1 0x2b838b984904 in new_call /home/travis/build/TokTok/c-toxcore/toxav/msi.c:522

@iphydf iphydf mentioned this issue Dec 20, 2016
Merged
@iphydf iphydf modified the milestones: v0.1.2, v0.1.3 Dec 20, 2016
@iphydf iphydf closed this as completed in 7122d2e Dec 20, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mannol mannol

Labels
bug Bug fix for the user, not a fix to a build script P1 High priority toxav Audio/video
Projects
None yet
Milestone
v0.1.2
Development

No branches or pull requests
2 participants
@iphydf @mannol