Created
July 28, 2020 08:30
-
-
Save 648540858/1ba450d65c00e6fa56dba941713f192f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
================================================================= | |
==2482==ERROR: AddressSanitizer: heap-use-after-free on address 0x6140000101dc at pc 0x7fec981d8257 bp 0x7fec94835340 sp 0x7fec94835330 | |
READ of size 4 at 0x6140000101dc thread T30 (hloop 647491036) | |
[Tue Jul 28 16:27:08 2020] Destroying session 1186094878160002; 0x607000007480 | |
[Tue Jul 28 16:27:08 2020] Detaching handle from JANUS VideoCall plugin; 0x61200005c140 0x604000006050 0x61200005c140 0x614000010640 | |
[Tue Jul 28 16:27:08 2020] [ERR] [janus.c:janus_process_incoming_request:1089] Couldn't find any session 1186094878160002... | |
[Tue Jul 28 16:27:08 2020] [ERR] [janus.c:janus_process_incoming_request:1089] Couldn't find any session 1186094878160002... | |
[Tue Jul 28 16:27:08 2020] [WSS-0x617000080380] Destroying WebSocket client | |
#0 0x7fec981d8256 in janus_videocall_incoming_rtp plugins/janus_videocall.c:756 | |
#1 0x558e42387149 in janus_ice_cb_nice_recv /home/zc/janus/janus-gateway/ice.c:2588 | |
#2 0x7feca8af0e92 in nice_component_emit_io_callback /home/zc/janus/libnice-0.1.16/agent/component.c:928 | |
#3 0x7feca8afb7a3 in component_io_cb /home/zc/janus/libnice-0.1.16/agent/agent.c:5385 | |
#4 0x7feca89a8f5a (/lib/x86_64-linux-gnu/libgio-2.0.so.0+0xa1f5a) | |
#5 0x7feca87d378d in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x5178d) | |
#6 0x7feca87d3b3f (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x51b3f) | |
#7 0x7feca87d3e32 in g_main_loop_run (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x51e32) | |
#8 0x558e4236ae24 in janus_ice_handle_thread /home/zc/janus/janus-gateway/ice.c:1165 | |
#9 0x7feca87fd180 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x7b180) | |
#10 0x7feca8253668 in start_thread /build/glibc-5mDdLG/glibc-2.30/nptl/pthread_create.c:479 | |
#11 0x7feca817b2b2 in clone (/lib/x86_64-linux-gnu/libc.so.6+0x1222b2) | |
0x6140000101dc is located 412 bytes inside of 432-byte region [0x614000010040,0x6140000101f0) | |
freed by thread T28 (hloop 882417939) here: | |
#0 0x7feca8e4c6ef in __interceptor_free (/lib/x86_64-linux-gnu/libasan.so.5+0x10d6ef) | |
#1 0x7fec981cf155 in janus_videocall_session_free plugins/janus_videocall.c:414 | |
#2 0x7fec981cf3cd in janus_videocall_session_destroy plugins/janus_videocall.c:401 | |
#3 0x7feca87c0ec3 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x3eec3) | |
previously allocated by thread T9 here: | |
#0 0x7feca8e4cce6 in calloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dce6) | |
#1 0x7feca87d95b0 in g_malloc0 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x575b0) | |
#2 0x558e42365af1 in janus_ice_handle_attach_plugin /home/zc/janus/janus-gateway/ice.c:1227 | |
#3 0x558e423b59d3 in janus_process_incoming_request /home/zc/janus/janus-gateway/janus.c:1158 | |
#4 0x558e423c966e in janus_transport_requests /home/zc/janus/janus-gateway/janus.c:3229 | |
#5 0x7feca87fd180 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x7b180) | |
Thread T30 (hloop 647491036) created by T9 here: | |
#0 0x7feca8d79805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805) | |
#1 0x7feca881fa16 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x9da16) | |
Thread T9 created by T0 here: | |
#0 0x7feca8d79805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805) | |
#1 0x7feca881fa16 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x9da16) | |
Thread T28 (hloop 882417939) created by T9 here: | |
#0 0x7feca8d79805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805) | |
#1 0x7feca881fa16 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x9da16) | |
SUMMARY: AddressSanitizer: heap-use-after-free plugins/janus_videocall.c:756 in janus_videocall_incoming_rtp | |
Shadow bytes around the buggy address: | |
0x0c287fff9fe0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa | |
0x0c287fff9ff0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa | |
0x0c287fffa000: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd | |
0x0c287fffa010: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
0x0c287fffa020: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
=>0x0c287fffa030: fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd fa fa | |
0x0c287fffa040: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 | |
0x0c287fffa050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
0x0c287fffa060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
0x0c287fffa070: 00 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa | |
0x0c287fffa080: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 | |
Shadow byte legend (one shadow byte represents 8 application bytes): | |
Addressable: 00 | |
Partially addressable: 01 02 03 04 05 06 07 | |
Heap left redzone: fa | |
Freed heap region: fd | |
Stack left redzone: f1 | |
Stack mid redzone: f2 | |
Stack right redzone: f3 | |
Stack after return: f5 | |
Stack use after scope: f8 | |
Global redzone: f9 | |
Global init order: f6 | |
Poisoned by user: f7 | |
Container overflow: fc | |
Array cookie: ac | |
Intra object redzone: bb | |
ASan internal: fe | |
Left alloca redzone: ca | |
Right alloca redzone: cb | |
Shadow gap: cc | |
==2482==ABORTING |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment