Created
August 4, 2020 13:38
-
-
Save 648540858/d5b7360d612680bcc1c6d0ed1647bf8c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ================================================================= | |
| ==8==ERROR: AddressSanitizer: heap-use-after-free on address 0x6140000109e4 at pc 0x7f4c12f7a27c bp 0x7f4c0e4f0340 sp 0x7f4c0e4f0330 | |
| READ of size 4 at 0x6140000109e4 thread T30 (hloop 584885877) | |
| [Tue Aug 4 21:18:30 2020] [WSS-0x617000080700] Destroying WebSocket client | |
| #0 0x7f4c12f7a27b in janus_videocall_incoming_rtp plugins/janus_videocall.c:760 | |
| #1 0x7f4c23529f6f in janus_ice_cb_nice_recv /home/janus/janus-gateway/ice.c:2584 | |
| #2 0x7f4c22796e92 in nice_component_emit_io_callback /home/janus/libnice-0.1.16/agent/component.c:928 | |
| #3 0x7f4c227a17a3 in component_io_cb /home/janus/libnice-0.1.16/agent/agent.c:5385 | |
| #4 0x7f4c2264ef5a (/lib/x86_64-linux-gnu/libgio-2.0.so.0+0xa1f5a) | |
| #5 0x7f4c2247978d in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x5178d) | |
| #6 0x7f4c22479b3f (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x51b3f) | |
| #7 0x7f4c22479e32 in g_main_loop_run (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x51e32) | |
| #8 0x7f4c2350dbfd in janus_ice_handle_thread /home/janus/janus-gateway/ice.c:1165 | |
| #9 0x7f4c224a3180 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x7b180) | |
| #10 0x7f4c21ef9668 in start_thread /build/glibc-5mDdLG/glibc-2.30/nptl/pthread_create.c:479 | |
| #11 0x7f4c21e212b2 in clone (/lib/x86_64-linux-gnu/libc.so.6+0x1222b2) | |
| 0x6140000109e4 is located 420 bytes inside of 440-byte region [0x614000010840,0x6140000109f8) | |
| freed by thread T31 (hloop 882126763) here: | |
| #0 0x7f4c22af26ef in __interceptor_free (/lib/x86_64-linux-gnu/libasan.so.5+0x10d6ef) | |
| #1 0x7f4c12f71155 in janus_videocall_session_free plugins/janus_videocall.c:417 | |
| #2 0x7f4c12f713cd in janus_videocall_session_destroy plugins/janus_videocall.c:404 | |
| #3 0x7f4c22466ec3 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x3eec3) | |
| previously allocated by thread T9 here: | |
| #0 0x7f4c22af2ce6 in calloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dce6) | |
| #1 0x7f4c2247f5b0 in g_malloc0 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x575b0) | |
| #2 0x7f4c235088ca in janus_ice_handle_attach_plugin /home/janus/janus-gateway/ice.c:1227 | |
| #3 0x7f4c2355869d in janus_process_incoming_request /home/janus/janus-gateway/janus.c:1131 | |
| #4 0x7f4c2356c338 in janus_transport_requests /home/janus/janus-gateway/janus.c:3202 | |
| #5 0x7f4c224a3180 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x7b180) | |
| Thread T30 (hloop 584885877) created by T9 here: | |
| #0 0x7f4c22a1f805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805) | |
| #1 0x7f4c224c5a16 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x9da16) | |
| Thread T9 created by T0 here: | |
| #0 0x7f4c22a1f805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805) | |
| #1 0x7f4c224c5a16 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x9da16) | |
| Thread T31 (hloop 882126763) created by T9 here: | |
| #0 0x7f4c22a1f805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805) | |
| #1 0x7f4c224c5a16 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x9da16) | |
| SUMMARY: AddressSanitizer: heap-use-after-free plugins/janus_videocall.c:760 in janus_videocall_incoming_rtp | |
| Shadow bytes around the buggy address: | |
| 0x0c287fffa0e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
| 0x0c287fffa0f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa | |
| 0x0c287fffa100: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd | |
| 0x0c287fffa110: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| 0x0c287fffa120: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| =>0x0c287fffa130: fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd fa | |
| 0x0c287fffa140: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 | |
| 0x0c287fffa150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
| 0x0c287fffa160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
| 0x0c287fffa170: 00 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa | |
| 0x0c287fffa180: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 | |
| Shadow byte legend (one shadow byte represents 8 application bytes): | |
| Addressable: 00 | |
| Partially addressable: 01 02 03 04 05 06 07 | |
| Heap left redzone: fa | |
| Freed heap region: fd | |
| Stack left redzone: f1 | |
| Stack mid redzone: f2 | |
| Stack right redzone: f3 | |
| Stack after return: f5 | |
| Stack use after scope: f8 | |
| Global redzone: f9 | |
| Global init order: f6 | |
| Poisoned by user: f7 | |
| Container overflow: fc | |
| Array cookie: ac | |
| Intra object redzone: bb | |
| ASan internal: fe | |
| Left alloca redzone: ca | |
| Right alloca redzone: cb | |
| Shadow gap: cc | |
| ==8==ABORTING |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment