stefantalpalaru/transmission-use-after-free.txt Secret

## transmission-use-after-free.txt
=================================================================
==14678==ERROR: AddressSanitizer: heap-use-after-free on address 0x6030021787f0 at pc 0x7f95f4873309 bp 0x7f95e97c5590 sp 0x7f95e97c4d38
READ of size 3 at 0x6030021787f0 thread T21
    #0 0x7f95f4873308 in strdup (/usr/lib/gcc/x86_64-pc-linux-gnu/12/libasan.so.8+0x73308)
    #1 0x7f95f4f3974e in Curl_ssl_addsessionid /var/tmp/portage/net-misc/curl-7.87.0/work/curl-7.87.0/lib/vtls/vtls.c:517
    #2 0x7f95f4f327af in ossl_new_session_cb /var/tmp/portage/net-misc/curl-7.87.0/work/curl-7.87.0/lib/vtls/openssl.c:3009
    #3 0x7f95f4fa1166 in ssl_update_cache ssl/ssl_lib.c:3566
    #4 0x7f95f4fbb2c3 in tls_process_new_session_ticket ssl/statem/statem_clnt.c:2748
    #5 0x7f95f4fb6438 in read_state_machine ssl/statem/statem.c:636
    #6 0x7f95f4fb6438 in state_machine ssl/statem/statem.c:434
    #7 0x7f95f4f8906a in ssl3_read_bytes ssl/record/rec_layer_s3.c:1670
    #8 0x7f95f4f91c2f in ssl3_read_internal ssl/s3_lib.c:4477
    #9 0x7f95f4f91c2f in ssl3_read ssl/s3_lib.c:4500
    #10 0x7f95f4f9ed62 in SSL_read ssl/ssl_lib.c:1799
    #11 0x7f95f4f33359 in ossl_recv /var/tmp/portage/net-misc/curl-7.87.0/work/curl-7.87.0/lib/vtls/openssl.c:4624
    #12 0x7f95f4f38287 in ssl_cf_recv /var/tmp/portage/net-misc/curl-7.87.0/work/curl-7.87.0/lib/vtls/vtls.c:1575
    #13 0x7f95f4ef0a65 in http2_recv /var/tmp/portage/net-misc/curl-7.87.0/work/curl-7.87.0/lib/http2.c:1785
    #14 0x7f95f4f0f7a8 in Curl_read /var/tmp/portage/net-misc/curl-7.87.0/work/curl-7.87.0/lib/sendf.c:743
    #15 0x7f95f4f1f7e5 in readwrite_data /var/tmp/portage/net-misc/curl-7.87.0/work/curl-7.87.0/lib/transfer.c:488
    #16 0x7f95f4f1f7e5 in Curl_readwrite /var/tmp/portage/net-misc/curl-7.87.0/work/curl-7.87.0/lib/transfer.c:1141
    #17 0x7f95f4f05393 in multi_runsingle /var/tmp/portage/net-misc/curl-7.87.0/work/curl-7.87.0/lib/multi.c:2412
    #18 0x7f95f4f06e2b in curl_multi_perform /var/tmp/portage/net-misc/curl-7.87.0/work/curl-7.87.0/lib/multi.c:2690
    #19 0x5653e94c4944 in tr_web::Impl::curlThreadFunc() /src/77_DLD/CODE/00_github/transmission/libtransmission/web.cc:684
    #20 0x7f95f2cd82de  (/usr/lib/gcc/x86_64-pc-linux-gnu/12/libstdc++.so.6+0xd82de)
    #21 0x7f95f29c89a2 in start_thread /var/tmp/portage/sys-libs/glibc-2.36-r6/work/glibc-2.36/nptl/pthread_create.c:442
    #22 0x7f95f2a4b48b in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

0x6030021787f0 is located 0 bytes inside of 23-byte region [0x6030021787f0,0x603002178807)
freed by thread T21 here:
    #0 0x7f95f48bec68  (/usr/lib/gcc/x86_64-pc-linux-gnu/12/libasan.so.8+0xbec68)
    #1 0x7f95f4f26024 in reuse_conn /var/tmp/portage/net-misc/curl-7.87.0/work/curl-7.87.0/lib/url.c:3387
    #2 0x7f95f4f26024 in create_conn /var/tmp/portage/net-misc/curl-7.87.0/work/curl-7.87.0/lib/url.c:3747
    #3 0x7f95f4f26024 in Curl_connect /var/tmp/portage/net-misc/curl-7.87.0/work/curl-7.87.0/lib/url.c:3946
    #4 0x7f95f4f05850 in multi_runsingle /var/tmp/portage/net-misc/curl-7.87.0/work/curl-7.87.0/lib/multi.c:1934

previously allocated by thread T21 here:
    #0 0x7f95f4873348 in strdup (/usr/lib/gcc/x86_64-pc-linux-gnu/12/libasan.so.8+0x73348)
    #1 0x7f95f4f24226 in parseurlandfillconn /var/tmp/portage/net-misc/curl-7.87.0/work/curl-7.87.0/lib/url.c:1868
    #2 0x7f95f4f24226 in create_conn /var/tmp/portage/net-misc/curl-7.87.0/work/curl-7.87.0/lib/url.c:3472
    #3 0x7f95f4f24226 in Curl_connect /var/tmp/portage/net-misc/curl-7.87.0/work/curl-7.87.0/lib/url.c:3946
    #4 0x7f95f4f05850 in multi_runsingle /var/tmp/portage/net-misc/curl-7.87.0/work/curl-7.87.0/lib/multi.c:1934

Thread T21 created by T0 here:
    #0 0x7f95f484a741 in __interceptor_pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/12/libasan.so.8+0x4a741)
    #1 0x7f95f2cd83a4 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) (/usr/lib/gcc/x86_64-pc-linux-gnu/12/libstdc++.so.6+0xd83a4)
    #2 0x5653e94b53d4 in std::__detail::_MakeUniq<tr_web::Impl>::__single_object std::make_unique<tr_web::Impl, tr_web::Mediator&>(tr_web::Mediator&) /usr/lib/gcc/x86_64-pc-linux-gnu/12/include/g++-v12/bits/unique_ptr.h:1065
    #3 0x5653e94b53d4 in tr_web::tr_web(tr_web::Mediator&) /src/77_DLD/CODE/00_github/transmission/libtransmission/web.cc:765
    #4 0x5653e94b53d4 in tr_web::create(tr_web::Mediator&) /src/77_DLD/CODE/00_github/transmission/libtransmission/web.cc:776

SUMMARY: AddressSanitizer: heap-use-after-free (/usr/lib/gcc/x86_64-pc-linux-gnu/12/libasan.so.8+0x73308) in strdup
Shadow bytes around the buggy address:
  0x0c06804270a0: fa fa fa fa fd fd fd fd fa fa fa fa fa fa fa fa
  0x0c06804270b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c06804270c0: fa fa fd fd fd fa fa fa fd fd fd fd fa fa fa fa
  0x0c06804270d0: fa fa fa fa fd fd fd fd fa fa fa fa fa fa fa fa
  0x0c06804270e0: fa fa fa fa fa fa fa fa fa fa fa fa fd fd fd fd
=>0x0c06804270f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa[fd]fd
  0x0c0680427100: fd fa fa fa 00 00 00 00 fa fa fa fa fa fa fa fa
  0x0c0680427110: fa fa fa fa fa fa fa fa fa fa fa fa 00 00 00 00
  0x0c0680427120: fa fa 00 00 00 00 fa fa fd fd fd fd fa fa fa fa
  0x0c0680427130: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0680427140: fa fa fa fa fa fa fd fd fd fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==14678==ABORTING
	=================================================================
	==14678==ERROR: AddressSanitizer: heap-use-after-free on address 0x6030021787f0 at pc 0x7f95f4873309 bp 0x7f95e97c5590 sp 0x7f95e97c4d38
	READ of size 3 at 0x6030021787f0 thread T21
	#0 0x7f95f4873308 in strdup (/usr/lib/gcc/x86_64-pc-linux-gnu/12/libasan.so.8+0x73308)
	#1 0x7f95f4f3974e in Curl_ssl_addsessionid /var/tmp/portage/net-misc/curl-7.87.0/work/curl-7.87.0/lib/vtls/vtls.c:517
	#2 0x7f95f4f327af in ossl_new_session_cb /var/tmp/portage/net-misc/curl-7.87.0/work/curl-7.87.0/lib/vtls/openssl.c:3009
	#3 0x7f95f4fa1166 in ssl_update_cache ssl/ssl_lib.c:3566
	#4 0x7f95f4fbb2c3 in tls_process_new_session_ticket ssl/statem/statem_clnt.c:2748
	#5 0x7f95f4fb6438 in read_state_machine ssl/statem/statem.c:636
	#6 0x7f95f4fb6438 in state_machine ssl/statem/statem.c:434
	#7 0x7f95f4f8906a in ssl3_read_bytes ssl/record/rec_layer_s3.c:1670
	#8 0x7f95f4f91c2f in ssl3_read_internal ssl/s3_lib.c:4477
	#9 0x7f95f4f91c2f in ssl3_read ssl/s3_lib.c:4500
	#10 0x7f95f4f9ed62 in SSL_read ssl/ssl_lib.c:1799
	#11 0x7f95f4f33359 in ossl_recv /var/tmp/portage/net-misc/curl-7.87.0/work/curl-7.87.0/lib/vtls/openssl.c:4624
	#12 0x7f95f4f38287 in ssl_cf_recv /var/tmp/portage/net-misc/curl-7.87.0/work/curl-7.87.0/lib/vtls/vtls.c:1575
	#13 0x7f95f4ef0a65 in http2_recv /var/tmp/portage/net-misc/curl-7.87.0/work/curl-7.87.0/lib/http2.c:1785
	#14 0x7f95f4f0f7a8 in Curl_read /var/tmp/portage/net-misc/curl-7.87.0/work/curl-7.87.0/lib/sendf.c:743
	#15 0x7f95f4f1f7e5 in readwrite_data /var/tmp/portage/net-misc/curl-7.87.0/work/curl-7.87.0/lib/transfer.c:488
	#16 0x7f95f4f1f7e5 in Curl_readwrite /var/tmp/portage/net-misc/curl-7.87.0/work/curl-7.87.0/lib/transfer.c:1141
	#17 0x7f95f4f05393 in multi_runsingle /var/tmp/portage/net-misc/curl-7.87.0/work/curl-7.87.0/lib/multi.c:2412
	#18 0x7f95f4f06e2b in curl_multi_perform /var/tmp/portage/net-misc/curl-7.87.0/work/curl-7.87.0/lib/multi.c:2690
	#19 0x5653e94c4944 in tr_web::Impl::curlThreadFunc() /src/77_DLD/CODE/00_github/transmission/libtransmission/web.cc:684
	#20 0x7f95f2cd82de (/usr/lib/gcc/x86_64-pc-linux-gnu/12/libstdc++.so.6+0xd82de)
	#21 0x7f95f29c89a2 in start_thread /var/tmp/portage/sys-libs/glibc-2.36-r6/work/glibc-2.36/nptl/pthread_create.c:442
	#22 0x7f95f2a4b48b in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

	0x6030021787f0 is located 0 bytes inside of 23-byte region [0x6030021787f0,0x603002178807)
	freed by thread T21 here:
	#0 0x7f95f48bec68 (/usr/lib/gcc/x86_64-pc-linux-gnu/12/libasan.so.8+0xbec68)
	#1 0x7f95f4f26024 in reuse_conn /var/tmp/portage/net-misc/curl-7.87.0/work/curl-7.87.0/lib/url.c:3387
	#2 0x7f95f4f26024 in create_conn /var/tmp/portage/net-misc/curl-7.87.0/work/curl-7.87.0/lib/url.c:3747
	#3 0x7f95f4f26024 in Curl_connect /var/tmp/portage/net-misc/curl-7.87.0/work/curl-7.87.0/lib/url.c:3946
	#4 0x7f95f4f05850 in multi_runsingle /var/tmp/portage/net-misc/curl-7.87.0/work/curl-7.87.0/lib/multi.c:1934

	previously allocated by thread T21 here:
	#0 0x7f95f4873348 in strdup (/usr/lib/gcc/x86_64-pc-linux-gnu/12/libasan.so.8+0x73348)
	#1 0x7f95f4f24226 in parseurlandfillconn /var/tmp/portage/net-misc/curl-7.87.0/work/curl-7.87.0/lib/url.c:1868
	#2 0x7f95f4f24226 in create_conn /var/tmp/portage/net-misc/curl-7.87.0/work/curl-7.87.0/lib/url.c:3472
	#3 0x7f95f4f24226 in Curl_connect /var/tmp/portage/net-misc/curl-7.87.0/work/curl-7.87.0/lib/url.c:3946
	#4 0x7f95f4f05850 in multi_runsingle /var/tmp/portage/net-misc/curl-7.87.0/work/curl-7.87.0/lib/multi.c:1934

	Thread T21 created by T0 here:
	#0 0x7f95f484a741 in __interceptor_pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/12/libasan.so.8+0x4a741)
	#1 0x7f95f2cd83a4 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) (/usr/lib/gcc/x86_64-pc-linux-gnu/12/libstdc++.so.6+0xd83a4)
	#2 0x5653e94b53d4 in std::__detail::_MakeUniq<tr_web::Impl>::__single_object std::make_unique<tr_web::Impl, tr_web::Mediator&>(tr_web::Mediator&) /usr/lib/gcc/x86_64-pc-linux-gnu/12/include/g++-v12/bits/unique_ptr.h:1065
	#3 0x5653e94b53d4 in tr_web::tr_web(tr_web::Mediator&) /src/77_DLD/CODE/00_github/transmission/libtransmission/web.cc:765
	#4 0x5653e94b53d4 in tr_web::create(tr_web::Mediator&) /src/77_DLD/CODE/00_github/transmission/libtransmission/web.cc:776

	SUMMARY: AddressSanitizer: heap-use-after-free (/usr/lib/gcc/x86_64-pc-linux-gnu/12/libasan.so.8+0x73308) in strdup
	Shadow bytes around the buggy address:
	0x0c06804270a0: fa fa fa fa fd fd fd fd fa fa fa fa fa fa fa fa
	0x0c06804270b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
	0x0c06804270c0: fa fa fd fd fd fa fa fa fd fd fd fd fa fa fa fa
	0x0c06804270d0: fa fa fa fa fd fd fd fd fa fa fa fa fa fa fa fa
	0x0c06804270e0: fa fa fa fa fa fa fa fa fa fa fa fa fd fd fd fd
	=>0x0c06804270f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa[fd]fd
	0x0c0680427100: fd fa fa fa 00 00 00 00 fa fa fa fa fa fa fa fa
	0x0c0680427110: fa fa fa fa fa fa fa fa fa fa fa fa 00 00 00 00
	0x0c0680427120: fa fa 00 00 00 00 fa fa fd fd fd fd fa fa fa fa
	0x0c0680427130: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
	0x0c0680427140: fa fa fa fa fa fa fd fd fd fa fa fa fa fa fa fa
	Shadow byte legend (one shadow byte represents 8 application bytes):
	Addressable: 00
	Partially addressable: 01 02 03 04 05 06 07
	Heap left redzone: fa
	Freed heap region: fd
	Stack left redzone: f1
	Stack mid redzone: f2
	Stack right redzone: f3
	Stack after return: f5
	Stack use after scope: f8
	Global redzone: f9
	Global init order: f6
	Poisoned by user: f7
	Container overflow: fc
	Array cookie: ac
	Intra object redzone: bb
	ASan internal: fe
	Left alloca redzone: ca
	Right alloca redzone: cb
	==14678==ABORTING