Update window name after PR 14496 #1
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
thanks, merged 👍 |
DaVukovic
added a commit
that referenced
this pull request
Oct 4, 2018
Update window name after PR 14496
DaVukovic
added a commit
that referenced
this pull request
Oct 4, 2018
Update window name after PR 14496
DaVukovic
added a commit
that referenced
this pull request
Oct 4, 2018
Update window name after PR 14496 Merge pull request #1 from garbear/documentation Update window name after PR 14496
DaVukovic
added a commit
that referenced
this pull request
Oct 4, 2018
Update window name after PR 14496 Merge pull request #1 from garbear/documentation Update window name after PR 14496
DaVukovic
added a commit
that referenced
this pull request
Oct 5, 2018
Update window name after PR 14496 Merge pull request #1 from garbear/documentation Update window name after PR 14496
DaVukovic
pushed a commit
that referenced
this pull request
Aug 28, 2020
Before was about externalproject_add and related values quotation marks used.
This breaks since cmake 3.18.0 his use (3.17.4 ok about).
There it reports this by project related "PATCH_COMMAND ${PATCH_COMMAND}"
as there a "" behind and seems to take this instead of patch path.
Produced error message:
```
patching file ''
Hunk #1 FAILED at 16.
1 out of 1 hunk FAILED -- saving rejects to file .rej
/usr/bin/patch: **** Can't reopen file '' : No such file or directory
```
This 2 values has used the quotation marks:
INSTALL_COMMAND
EXTERNALPROJECT_SETUP
This remove them to have working again and fix e.g. Azure build system where
takes this new version.
DaVukovic
pushed a commit
that referenced
this pull request
Sep 24, 2020
Previously, if the language addon was deleted for any reason, Kodi crashed on startup. This adds a check that the add-on is actually there. Here the backtrace about crash before: ``` \#0 CLangInfo::SetLanguage (this=0x55555ad37eb0, language="resource.language.de_de", reloadServices=false) at /home/alwin/Development/Kodi/kodi-Matrix/xbmc/LangInfo.cpp:670 \#1 0x0000555557ad51eb in CApplication::LoadLanguage (this=0x55555ad34c20, reload=false) at /home/alwin/Development/Kodi/kodi-Matrix/xbmc/Application.cpp:4915 \#2 0x0000555557abdbd0 in CApplication::Initialize (this=0x55555ad34c20) at /home/alwin/Development/Kodi/kodi-Matrix/xbmc/Application.cpp:737 \xbmc#3 0x0000555557635500 in XBMC_Run (renderGUI=true, params=...) at /home/alwin/Development/Kodi/kodi-Matrix/xbmc/platform/xbmc.cpp:46 \xbmc#4 0x0000555556e0b08c in main (argc=1, argv=0x7fffffffdf38) at /home/alwin/Development/Kodi/kodi-Matrix/xbmc/platform/posix/main.cpp:77 ```
DaVukovic
pushed a commit
that referenced
this pull request
Oct 6, 2020
Building Kodi with asan+lsan+ubsan breaks with the following error:
=================================================================
==241706==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 69370335 byte(s) in 661 object(s) allocated from:
#0 0x7fb290a737a7 in operator new[](unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.6+0xab7a7)
#1 0x563e2bed8b09 in PNGDecoder::LoadFile(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, DecodedFrames&) (/build/kodi-18.8+dfsg1/kodi_build_x11/build/texturepacker/TexturePacker+0x17cb09)
#2 0x563e2be71392 in DecoderManager::LoadFile(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, DecodedFrames&) (/build/kodi-18.8+dfsg1/kodi_build_x11/build/texturepacker/TexturePacker+0x115392)
xbmc#3 0x563e2be7d1bf in createBundle(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, double, unsigned int, bool) (/build/kodi-18.8+dfsg1/kodi_build_x11/build/texturepacker/TexturePacker+0x1211bf)
xbmc#4 0x563e2be69990 in main (/build/kodi-18.8+dfsg1/kodi_build_x11/build/texturepacker/TexturePacker+0x10d990)
xbmc#5 0x7fb28fbc7cc9 in __libc_start_main ../csu/libc-start.c:308
SUMMARY: AddressSanitizer: 69370335 byte(s) leaked in 661 allocation(s).
The root cause of the leak is decoder's FreeDecodedFrames never called.
This commit fixes the leak by refactoring the following aspects:
* Introducing the pointer to decoder object in the decoded frame,
* Changing IDecoder::FreeDecodedFrames to IDecoder::FreeDecodedFrame
cleaning single frame at a time
* Moving iteration over frames to DecoderManager::FreeDecodedFrames
* Removing unnecessary DecodedFrames.user
Signed-off-by: Vasyl Gello <vasek.gello@gmail.com>
DaVukovic
pushed a commit
that referenced
this pull request
Jan 14, 2022
Before was about externalproject_add and related values quotation marks used.
This breaks since cmake 3.18.0 his use (3.17.4 ok about).
There it reports this by project related "PATCH_COMMAND ${PATCH_COMMAND}"
as there a "" behind and seems to take this instead of patch path.
Produced error message:
```
patching file ''
Hunk #1 FAILED at 16.
1 out of 1 hunk FAILED -- saving rejects to file .rej
/usr/bin/patch: **** Can't reopen file '' : No such file or directory
```
This 2 values has used the quotation marks:
INSTALL_COMMAND
EXTERNALPROJECT_SETUP
This remove them to have working again and fix e.g. Azure build system where
takes this new version.
DaVukovic
pushed a commit
that referenced
this pull request
Jan 14, 2022
Building Kodi with asan+lsan+ubsan breaks with the following error:
=================================================================
==241706==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 69370335 byte(s) in 661 object(s) allocated from:
#0 0x7fb290a737a7 in operator new[](unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.6+0xab7a7)
#1 0x563e2bed8b09 in PNGDecoder::LoadFile(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, DecodedFrames&) (/build/kodi-18.8+dfsg1/kodi_build_x11/build/texturepacker/TexturePacker+0x17cb09)
#2 0x563e2be71392 in DecoderManager::LoadFile(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, DecodedFrames&) (/build/kodi-18.8+dfsg1/kodi_build_x11/build/texturepacker/TexturePacker+0x115392)
xbmc#3 0x563e2be7d1bf in createBundle(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, double, unsigned int, bool) (/build/kodi-18.8+dfsg1/kodi_build_x11/build/texturepacker/TexturePacker+0x1211bf)
xbmc#4 0x563e2be69990 in main (/build/kodi-18.8+dfsg1/kodi_build_x11/build/texturepacker/TexturePacker+0x10d990)
xbmc#5 0x7fb28fbc7cc9 in __libc_start_main ../csu/libc-start.c:308
SUMMARY: AddressSanitizer: 69370335 byte(s) leaked in 661 allocation(s).
The root cause of the leak is decoder's FreeDecodedFrames never called.
This commit fixes the leak by refactoring the following aspects:
* Introducing the pointer to decoder object in the decoded frame,
* Changing IDecoder::FreeDecodedFrames to IDecoder::FreeDecodedFrame
cleaning single frame at a time
* Moving iteration over frames to DecoderManager::FreeDecodedFrames
* Removing unnecessary DecodedFrames.user
Signed-off-by: Vasyl Gello <vasek.gello@gmail.com>
DaVukovic
pushed a commit
that referenced
this pull request
Dec 17, 2022
There was tried to open local add-on with value "m_localAddon" where at repo content not set!
This has created the following crash:
```gdb
Thread 1 "kodi.bin" received signal SIGSEGV, Segmentation fault.
0x0000555557be400e in CGUIDialogAddonInfo::UpdateControls (this=0x55555bdf8a30, performButtonFocus=PerformButtonFocus::CHOICE_YES) at /home/alwin/Dev/kodi/kodi/xbmc/addons/gui/GUIDialogAddonInfo.cpp:263
263 const bool hasSettings = m_localAddon->CanHaveAddonOrInstanceSettings();
(gdb)
(gdb) bt
#0 0x0000555557be400e in CGUIDialogAddonInfo::UpdateControls(PerformButtonFocus) (this=0x55555bdf8a30, performButtonFocus=PerformButtonFocus::CHOICE_YES)
at /home/alwin/Dev/kodi/kodi/xbmc/addons/gui/GUIDialogAddonInfo.cpp:263
#1 0x0000555557be2d95 in CGUIDialogAddonInfo::OnInitWindow() (this=0x55555bdf8a30) at /home/alwin/Dev/kodi/kodi/xbmc/addons/gui/GUIDialogAddonInfo.cpp:169
#2 0x0000555557a62565 in CGUIWindow::OnMessage(CGUIMessage&) (this=0x55555bdf8a30, message=...) at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIWindow.cpp:588
xbmc#3 0x00005555579d4bef in CGUIDialog::OnMessage(CGUIMessage&) (this=0x55555bdf8a30, message=...) at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIDialog.cpp:92
xbmc#4 0x0000555557be2bfc in CGUIDialogAddonInfo::OnMessage(CGUIMessage&) (this=0x55555bdf8a30, message=...) at /home/alwin/Dev/kodi/kodi/xbmc/addons/gui/GUIDialogAddonInfo.cpp:152
xbmc#5 0x00005555579d5092 in CGUIDialog::Open_Internal(bool, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)
(this=0x55555bdf8a30, bProcessRenderLoop=true, param="") at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIDialog.cpp:169
xbmc#6 0x00005555579d52a2 in CGUIDialog::Open(bool, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (this=0x55555bdf8a30, bProcessRenderLoop=true, param="")
at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIDialog.cpp:201
xbmc#7 0x00005555579d5182 in CGUIDialog::Open(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (this=0x55555bdf8a30, param="")
at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIDialog.cpp:187
xbmc#8 0x0000555557be99df in CGUIDialogAddonInfo::ShowForItem(std::shared_ptr<CFileItem> const&) (item=std::shared_ptr<CFileItem> (use count 6, weak count 0) = {...})
at /home/alwin/Dev/kodi/kodi/xbmc/addons/gui/GUIDialogAddonInfo.cpp:806
xbmc#9 0x0000555557bf7e4c in CGUIWindowAddonBrowser::OnClick(int, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (this=0x55555bdcdbb0, iItem=1, player="")
at /home/alwin/Dev/kodi/kodi/xbmc/addons/gui/GUIWindowAddonBrowser.cpp:256
xbmc#10 0x00005555576ae097 in CGUIMediaWindow::OnSelect(int) (this=0x55555bdcdbb0, item=1) at /home/alwin/Dev/kodi/kodi/xbmc/windows/GUIMediaWindow.cpp:1186
xbmc#11 0x00005555576a759d in CGUIMediaWindow::OnMessage(CGUIMessage&) (this=0x55555bdcdbb0, message=...) at /home/alwin/Dev/kodi/kodi/xbmc/windows/GUIMediaWindow.cpp:309
xbmc#12 0x0000555557bf6f1d in CGUIWindowAddonBrowser::OnMessage(CGUIMessage&) (this=0x55555bdcdbb0, message=...) at /home/alwin/Dev/kodi/kodi/xbmc/addons/gui/GUIWindowAddonBrowser.cpp:150
xbmc#13 0x00005555579b1b42 in CGUIControl::SendWindowMessage(CGUIMessage&) const (this=0x55555cdfee90, message=...) at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIControl.cpp:313
xbmc#14 0x000055555799edb2 in CGUIBaseContainer::OnClick(int) (this=0x55555cdfee90, actionID=7) at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIBaseContainer.cpp:873
xbmc#15 0x000055555799c917 in CGUIBaseContainer::OnAction(CAction const&) (this=0x55555cdfee90, action=...) at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIBaseContainer.cpp:450
xbmc#16 0x00005555579df9ab in CGUIFixedListContainer::OnAction(CAction const&) (this=0x55555cdfee90, action=...) at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIFixedListContainer.cpp:70
xbmc#17 0x0000555557a6197b in CGUIWindow::OnAction(CAction const&) (this=0x55555bdcdbb0, action=...) at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIWindow.cpp:425
xbmc#18 0x00005555576a6938 in CGUIMediaWindow::OnAction(CAction const&) (this=0x55555bdcdbb0, action=...) at /home/alwin/Dev/kodi/kodi/xbmc/windows/GUIMediaWindow.cpp:188
xbmc#19 0x0000555557a6f570 in CGUIWindowManager::HandleAction(CAction const&) const (this=0x55555b404e80, action=...) at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIWindowManager.cpp:1173
xbmc#20 0x0000555557a6f2d3 in CGUIWindowManager::OnAction(CAction const&) const (this=0x55555b404e80, action=...) at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIWindowManager.cpp:1118
xbmc#21 0x0000555557d216ad in CApplication::OnAction(CAction const&) (this=0x55555affd9f0, action=...) at /home/alwin/Dev/kodi/kodi/xbmc/Application.cpp:968
xbmc#22 0x0000555557939465 in CInputManager::ExecuteInputAction(CAction const&) (this=0x55555b12cc30, action=...) at /home/alwin/Dev/kodi/kodi/xbmc/input/InputManager.cpp:718
xbmc#23 0x0000555557938d05 in CInputManager::HandleKey(CKey const&) (this=0x55555b12cc30, key=...) at /home/alwin/Dev/kodi/kodi/xbmc/input/InputManager.cpp:653
xbmc#24 0x0000555557939047 in CInputManager::OnKeyUp(CKey const&) (this=0x55555b12cc30, key=...) at /home/alwin/Dev/kodi/kodi/xbmc/input/InputManager.cpp:666
xbmc#25 0x0000555557937484 in CInputManager::OnEvent(XBMC_Event&) (this=0x55555b12cc30, newEvent=...) at /home/alwin/Dev/kodi/kodi/xbmc/input/InputManager.cpp:345
xbmc#26 0x0000555557d1d0db in CApplication::HandlePortEvents() (this=0x55555affd9f0) at /home/alwin/Dev/kodi/kodi/xbmc/Application.cpp:317
xbmc#27 0x0000555557d257d3 in CApplication::FrameMove(bool, bool) (this=0x55555affd9f0, processEvents=true, processGUI=true) at /home/alwin/Dev/kodi/kodi/xbmc/Application.cpp:1752
xbmc#28 0x0000555557d25e29 in CApplication::Run() (this=0x55555affd9f0) at /home/alwin/Dev/kodi/kodi/xbmc/Application.cpp:1855
xbmc#29 0x000055555787b5e8 in XBMC_Run(bool, std::shared_ptr<CAppParams> const&) (renderGUI=true, params=std::shared_ptr<CAppParams> (use count 3, weak count 0) = {...})
at /home/alwin/Dev/kodi/kodi/xbmc/platform/xbmc.cpp:64
xbmc#30 0x0000555557025f89 in main(int, char**) (argc=1, argv=0x7fffffffdb28) at /home/alwin/Dev/kodi/kodi/xbmc/platform/posix/main.cpp:69
```
DaVukovic
pushed a commit
that referenced
this pull request
Sep 26, 2023
UBSAN error:
xbmc/network/websocket/WebSocket.cpp:107:14: runtime error: load of misaligned address 0x63100021c802 for type 'const uint32_t' (aka 'const unsigned int'), which requires 4 byte alignment
0x63100021c802: note: pointer points here
00 00 88 82 cf d3 5c c3 cc 3a 00 be be be be be be be be be be be be be be be be be be be be be
^
#0 0x56360048bf64 in CWebSocketFrame::CWebSocketFrame(char const*, unsigned long) xbmc/network/websocket/WebSocket.cpp:107:14
#1 0x5636004a6905 in CWebSocketV8::GetFrame(char const*, unsigned long) xbmc/network/websocket/WebSocketV8.cpp:145:14
#2 0x563600491ec9 in CWebSocket::Handle(char const*&, unsigned long&, bool&) xbmc/network/websocket/WebSocket.cpp:298:34
xbmc#3 0x5636005b05dd in JSONRPC::CTCPServer::CWebSocketClient::PushBuffer(JSONRPC::CTCPServer*, char const*, int) xbmc/network/TCPServer.cpp:716:29
xbmc#4 0x5636005a3760 in JSONRPC::CTCPServer::Process() xbmc/network/TCPServer.cpp:171:33
xbmc#5 0x5636005a6858 in non-virtual thunk to JSONRPC::CTCPServer::Process() xbmc/network/TCPServer.cpp
xbmc#6 0x5635fca1fe32 in CThread::Action() xbmc/threads/Thread.cpp:283:5
xbmc#7 0x5635fca225f6 in CThread::Create(bool)::$_0::operator()(CThread*, std::promise<bool>) const xbmc/threads/Thread.cpp:152:18
xbmc#8 0x5635fca212d6 in void std::__invoke_impl<void, CThread::Create(bool)::$_0, CThread*, std::promise<bool>>(std::__invoke_other, CThread::Create(bool)::$_0&&, CThread*&&, std::promise<bool>&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/invoke.h:61:14
xbmc#9 0x5635fca20f06 in std::__invoke_result<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>::type std::__invoke<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>(CThread::Create(bool)::$_0&&, CThread*&&, std::promise<bool>&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/invoke.h:96:14
xbmc#10 0x5635fca20e3f in void std::thread::_Invoker<std::tuple<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>>::_M_invoke<0ul, 1ul, 2ul>(std::_Index_tuple<0ul, 1ul, 2ul>) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/std_thread.h:292:13
xbmc#11 0x5635fca20cb8 in std::thread::_Invoker<std::tuple<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>>::operator()() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/std_thread.h:299:11
xbmc#12 0x5635fca20888 in std::thread::_State_impl<std::thread::_Invoker<std::tuple<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>>>::_M_run() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/std_thread.h:244:13
xbmc#13 0x7f03890e1942 in execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:104:18
xbmc#14 0x7f038a88c9ea (/usr/lib/libc.so.6+0x8c9ea) (BuildId: 316d0d3666387f0e8fb98773f51aa1801027c5ab)
xbmc#15 0x7f038a910dfb (/usr/lib/libc.so.6+0x110dfb) (BuildId: 316d0d3666387f0e8fb98773f51aa1801027c5ab)
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior xbmc/network/websocket/WebSocket.cpp:107:14 in
DaVukovic
pushed a commit
that referenced
this pull request
Sep 26, 2023
…erateDevicesEx
* Heap-use-after-free [1] happens when EnumerateDevicesEx calls `GetName`
on the registry instance. The string view containing `m_name` in
CPipewireGlobal has been already freed by the pipewire library in
`connection_ensure_size` function [2].
* In order to mitigate the issue copy the strings returned from pipewire.
[1]:
=================================================================
==14082==ERROR: AddressSanitizer: heap-use-after-free on address 0x633000010e60 at pc 0x7effc8461003 bp 0x7effa7bb1e50 sp 0x7effa7bb15f8
READ of size 55 at 0x633000010e60 thread T19
#0 0x7effc8461002 in __interceptor_memcpy /usr/src/debug/gcc/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:899
#1 0x7effc6f11222 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_mutate(unsigned long, unsigned long, char const*, unsigned long) (/usr/lib/libtinyxml.so.0+0xf222) (BuildId: 2f5d236264d4d695dbe432f41e1eb46c7bc2d5d4)
#2 0x7effc575a8eb in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_replace(unsigned long, unsigned long, char const*, unsigned long) /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/bits/basic_string.tcc:543
xbmc#3 0x55921037c9e7 in std::enable_if<std::__and_<std::is_convertible<std::basic_string_view<char, std::char_traits<char> > const&, std::basic_string_view<char, std::char_traits<char> > >, std::__not_<std::is_convertible<std::basic_string_view<char, std::char_traits<char> > const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const*> >, std::__not_<std::is_convertible<std::basic_string_view<char, std::char_traits<char> > const&, char const*> > >::value, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&>::type std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::assign<std::basic_string_view<char, std::char_traits<char> > >(std::basic_string_view<char, std::char_traits<char> > const&) /usr/include/c++/13.2.1/bits/basic_string.h:1733
xbmc#4 0x55921037b622 in std::enable_if<std::__and_<std::is_convertible<std::basic_string_view<char, std::char_traits<char> > const&, std::basic_string_view<char, std::char_traits<char> > >, std::__not_<std::is_convertible<std::basic_string_view<char, std::char_traits<char> > const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const*> >, std::__not_<std::is_convertible<std::basic_string_view<char, std::char_traits<char> > const&, char const*> > >::value, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&>::type std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::operator=<std::basic_string_view<char, std::char_traits<char> > >(std::basic_string_view<char, std::char_traits<char> > const&) /usr/include/c++/13.2.1/bits/basic_string.h:925
xbmc#5 0x559213183577 in AE::SINK::CAESinkPipewire::EnumerateDevicesEx(std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool) /home/dobo/kodi/xbmc/xbmc/cores/AudioEngine/Sinks/pipewire/AESinkPipewire.cpp:310
xbmc#6 0x55921316198a in void std::__invoke_impl<void, void (*&)(std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool), std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool>(std::__invoke_other, void (*&)(std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool), std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool&&) (/usr/lib/kodi/kodi.bin+0x623998a) (BuildId: a994426076ec43899fd3927b99c3ccdf5393f60f)
xbmc#7 0x55921316015a in std::enable_if<is_invocable_r_v<void, void (*&)(std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool), std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool>, void>::type std::__invoke_r<void, void (*&)(std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool), std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool>(void (*&)(std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool), std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool&&) /usr/include/c++/13.2.1/bits/invoke.h:111
xbmc#8 0x55921315befe in std::_Function_handler<void (std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool), void (*)(std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool)>::_M_invoke(std::_Any_data const&, std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool&&) /usr/include/c++/13.2.1/bits/std_function.h:290
xbmc#9 0x5592130a86bf in std::function<void (std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool)>::operator()(std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool) const /usr/include/c++/13.2.1/bits/std_function.h:591
xbmc#10 0x5592130a6e5a in AE::CAESinkFactory::EnumerateEx(std::vector<AE::AESinkInfo, std::allocator<AE::AESinkInfo> >&, bool, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/dobo/kodi/xbmc/xbmc/cores/AudioEngine/AESinkFactory.cpp:101
xbmc#11 0x559213110f45 in ActiveAE::CActiveAESink::EnumerateSinkList(bool, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >) /home/dobo/kodi/xbmc/xbmc/cores/AudioEngine/Engines/ActiveAE/ActiveAESink.cpp:702
xbmc#12 0x5592130bdfc2 in ActiveAE::CActiveAE::StateMachine(int, Actor::Protocol*, Actor::Message*) /home/dobo/kodi/xbmc/xbmc/cores/AudioEngine/Engines/ActiveAE/ActiveAE.cpp:517
xbmc#13 0x5592130c2baa in ActiveAE::CActiveAE::Process() /home/dobo/kodi/xbmc/xbmc/cores/AudioEngine/Engines/ActiveAE/ActiveAE.cpp:1070
xbmc#14 0x55921106f9e2 in CThread::Action() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:283
xbmc#15 0x55921106e300 in operator() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:152
xbmc#16 0x559211070410 in __invoke_impl<void, CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/13.2.1/bits/invoke.h:61
xbmc#17 0x5592110702c9 in __invoke<CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/13.2.1/bits/invoke.h:96
xbmc#18 0x5592110701fc in _M_invoke<0, 1, 2> /usr/include/c++/13.2.1/bits/std_thread.h:292
xbmc#19 0x559211070199 in operator() /usr/include/c++/13.2.1/bits/std_thread.h:299
xbmc#20 0x55921107017d in _M_run /usr/include/c++/13.2.1/bits/std_thread.h:244
xbmc#21 0x7effc56e1942 in execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:104
xbmc#22 0x7effc628c9ea (/usr/lib/libc.so.6+0x8c9ea) (BuildId: 316d0d3666387f0e8fb98773f51aa1801027c5ab)
xbmc#23 0x7effc6310dfb (/usr/lib/libc.so.6+0x110dfb) (BuildId: 316d0d3666387f0e8fb98773f51aa1801027c5ab)
0x633000010e60 is located 67168 bytes inside of 98304-byte region [0x633000000800,0x633000018800)
freed by thread T3 here:
#0 0x7effc84e007a in __interceptor_realloc /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:85
#1 0x7effbee91c2f in connection_ensure_size ../pipewire/src/modules/module-protocol-native/connection.c:143
previously allocated by thread T3 here:
#0 0x7effc84e007a in __interceptor_realloc /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:85
#1 0x7effbee91c2f in connection_ensure_size ../pipewire/src/modules/module-protocol-native/connection.c:143
Thread T19 created by T0 here:
#0 0x7effc844a497 in __interceptor_pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:208
#1 0x7effc56e1a29 in __gthread_create /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:663
#2 0x7effc56e1a29 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:172
xbmc#3 0x55921106ee30 in CThread::Create(bool) /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:175
xbmc#4 0x5592130d96cd in ActiveAE::CActiveAE::Start() /home/dobo/kodi/xbmc/xbmc/cores/AudioEngine/Engines/ActiveAE/ActiveAE.cpp:2675
xbmc#5 0x5592117bc377 in CApplication::Initialize() /home/dobo/kodi/xbmc/xbmc/application/Application.cpp:610
xbmc#6 0x559211124646 in XBMC_Run /home/dobo/kodi/xbmc/xbmc/platform/xbmc.cpp:43
xbmc#7 0x55920fd30a70 in main /home/dobo/kodi/xbmc/xbmc/platform/posix/main.cpp:77
xbmc#8 0x7effc6227ccf (/usr/lib/libc.so.6+0x27ccf) (BuildId: 316d0d3666387f0e8fb98773f51aa1801027c5ab)
Thread T3 created by T0 here:
#0 0x7effc844a497 in __interceptor_pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:208
#1 0x7effc7e73e5f in impl_create ../pipewire/src/pipewire/thread.c:68
SUMMARY: AddressSanitizer: heap-use-after-free /usr/src/debug/gcc/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:899 in __interceptor_memcpy
Shadow bytes around the buggy address:
0x633000010b80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x633000010c00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x633000010c80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x633000010d00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x633000010d80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x633000010e00: fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd
0x633000010e80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x633000010f00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x633000010f80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x633000011000: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x633000011080: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==14082==ABORTING
[2]:
https://github.com/PipeWire/pipewire/blob/b5c3f217926f9066a1afbee7eb20967dd6896c56/src/modules/module-protocol-native/connection.c#L143C8-L143C15
DaVukovic
pushed a commit
that referenced
this pull request
Dec 23, 2023
…temCurrentFile * There's a possibility of a race codition on CApplicationPlayerCallback::m_itemCurrentFile leading to heap-use-after-free reported by the address sanitizer [1]. * The crash happens when GUI_MSG_UPDATE_ITEM is being handled. CApplicationPlayerCallback::m_itemCurrentFile can be accessed concurrently by the main thread in CApplication::OnMessage and CApplicationPlayerCallback::OnPlayBackStarted in the video thread. Sometimes CApplicationPlayerCallback::OnPlayBackStarted is called first, resets the m_itemCurrentFile (and deallocates the object). Then CApplication::OnMessage tries to read it - this is where heap-use-after-free occurs. * In order to mitigate the issue introduce additional messages GUI_MSG_PLAYBACK_PAUSED, GUI_MSG_PLAYBACK_RESUMED, GUI_MSG_PLAYBACK_PAUSED and GUI_MSG_PLAYBACK_SPEED_CHANGED. Those messages are sent from the GUI thread to the main thread. That way the access to CApplicationPlayerCallback::m_itemCurrentFile is serialized (it will be accessed only from the main thread). * Fixes xbmc#23247. [1]: ================================================================= ==34632==ERROR: AddressSanitizer: heap-use-after-free on address 0x6070000ea040 at pc 0x7ff0eba5f427 bp 0x7ffc508e6f90 sp 0x7ffc508e6738 WRITE of size 65 at 0x6070000ea040 thread T0 #0 0x7ff0eba5f426 in __interceptor_memcpy /usr/src/debug/gcc/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:827 #1 0x7ff0ea8b1135 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_assign(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (/usr/lib/libtinyxml.so.0+0xf135) #2 0x7ff0e914c49d in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::assign(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/bits/basic_string.h:1571 xbmc#3 0x7ff0e914c49d in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::operator=(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/bits/basic_string.h:805 xbmc#4 0x55bf362b423b in CFileItem::SetDynPath(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/dobo/kodi/xbmc/xbmc/FileItem.cpp:2021 xbmc#5 0x55bf362af7bb in CFileItem::UpdateInfo(CFileItem const&, bool) /home/dobo/kodi/xbmc/xbmc/FileItem.cpp:1741 xbmc#6 0x55bf35d56d30 in CApplication::OnMessage(CGUIMessage&) /home/dobo/kodi/xbmc/xbmc/application/Application.cpp:2727 xbmc#7 0x55bf35b590ba in CGUIWindowManager::SendMessage(CGUIMessage&) /home/dobo/kodi/xbmc/xbmc/guilib/GUIWindowManager.cpp:499 xbmc#8 0x55bf35b65e30 in CGUIWindowManager::DispatchThreadMessages() /home/dobo/kodi/xbmc/xbmc/guilib/GUIWindowManager.cpp:1561 xbmc#9 0x55bf35d5bfe2 in CApplication::Process() /home/dobo/kodi/xbmc/xbmc/application/Application.cpp:3100 xbmc#10 0x55bf35d4c2e0 in CApplication::Run() /home/dobo/kodi/xbmc/xbmc/application/Application.cpp:1907 xbmc#11 0x55bf356ae727 in XBMC_Run /home/dobo/kodi/xbmc/xbmc/platform/xbmc.cpp:61 xbmc#12 0x55bf34321830 in main /home/dobo/kodi/xbmc/xbmc/platform/posix/main.cpp:71 xbmc#13 0x7ff0e9c9a78f (/usr/lib/libc.so.6+0x2378f) xbmc#14 0x7ff0e9c9a849 in __libc_start_main (/usr/lib/libc.so.6+0x23849) xbmc#15 0x55bf343213d4 in _start (/usr/lib/kodi/kodi.bin+0x2c263d4) 0x6070000ea040 is located 0 bytes inside of 66-byte region [0x6070000ea040,0x6070000ea082) freed by thread T62 here: #0 0x7ff0ebac11fa in operator delete(void*) /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_new_delete.cpp:152 #1 0x55bf3629cc1b in CFileItem::~CFileItem() /home/dobo/kodi/xbmc/xbmc/FileItem.cpp:439 #2 0x55bf3629ccbb in CFileItem::~CFileItem() /home/dobo/kodi/xbmc/xbmc/FileItem.cpp:439 xbmc#3 0x55bf3440220d in std::_Sp_counted_ptr<CFileItem*, (__gnu_cxx::_Lock_policy)2>::_M_dispose() /usr/include/c++/12.2.1/bits/shared_ptr_base.h:428 xbmc#4 0x55bf34321add in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() /usr/include/c++/12.2.1/bits/shared_ptr_base.h:346 xbmc#5 0x55bf34321e57 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() /usr/include/c++/12.2.1/bits/shared_ptr_base.h:1071 xbmc#6 0x55bf343f1309 in std::__shared_ptr<CFileItem, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() /usr/include/c++/12.2.1/bits/shared_ptr_base.h:1524 xbmc#7 0x55bf343f65f6 in std::enable_if<std::__sp_is_constructible<CFileItem, CFileItem>::value, void>::type std::__shared_ptr<CFileItem, (__gnu_cxx::_Lock_policy)2>::reset<CFileItem>(CFileItem*) (/usr/lib/kodi/kodi.bin+0x2cfb5f6) xbmc#8 0x55bf35da0e50 in CApplicationPlayerCallback::OnPlayBackStarted(CFileItem const&) /home/dobo/kodi/xbmc/xbmc/application/ApplicationPlayerCallback.cpp:84 xbmc#9 0x55bf34dbd001 in operator() /home/dobo/kodi/xbmc/xbmc/cores/VideoPlayer/VideoPlayer.cpp:2631 xbmc#10 0x55bf34de836b in DoWork /home/dobo/kodi/xbmc/xbmc/utils/JobManager.h:39 xbmc#11 0x55bf35422489 in CJobWorker::Process() /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:55 xbmc#12 0x55bf35608346 in CThread::Action() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:267 xbmc#13 0x55bf35606c3c in operator() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:138 xbmc#14 0x55bf35608dd0 in __invoke_impl<void, CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/12.2.1/bits/invoke.h:61 xbmc#15 0x55bf35608c89 in __invoke<CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/12.2.1/bits/invoke.h:96 xbmc#16 0x55bf35608bbc in _M_invoke<0, 1, 2> /usr/include/c++/12.2.1/bits/std_thread.h:258 xbmc#17 0x55bf35608b59 in operator() /usr/include/c++/12.2.1/bits/std_thread.h:265 xbmc#18 0x55bf35608b3d in _M_run /usr/include/c++/12.2.1/bits/std_thread.h:210 xbmc#19 0x7ff0e90d72c2 in execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:82 previously allocated by thread T62 here: #0 0x7ff0ebac0672 in operator new(unsigned long) /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_new_delete.cpp:95 #1 0x7ff0ea8b10fb in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_assign(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (/usr/lib/libtinyxml.so.0+0xf0fb) Thread T62 created by T46 here: #0 0x7ff0eba64207 in __interceptor_pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:207 #1 0x7ff0e90d73a9 in __gthread_create /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:663 #2 0x7ff0e90d73a9 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:147 xbmc#3 0x55bf356077d6 in CThread::Create(bool) /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:159 xbmc#4 0x55bf354221c2 in CJobWorker::CJobWorker(CJobManager*) /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:32 xbmc#5 0x55bf354261d2 in CJobManager::StartWorkers(CJob::PRIORITY) /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:288 xbmc#6 0x55bf35425693 in CJobManager::AddJob(CJob*, IJobCallback*, CJob::PRIORITY) /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:247 xbmc#7 0x55bf3542406d in CJobQueue::QueueNextJob() /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:147 xbmc#8 0x55bf354239ed in CJobQueue::AddJob(CJob*) /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:124 xbmc#9 0x55bf368a363b in void CJobQueue::Submit<CEventSource<PVR::PVREvent>::Publish<PVR::PVREvent>(PVR::PVREvent)::{lambda()#1}>(CEventSource<PVR::PVREvent>::Publish<PVR::PVREvent>(PVR::PVREvent)::{lambda()#1}&&) (/usr/lib/kodi/kodi.bin+0x51a863b) xbmc#10 0x55bf368a0d18 in void CEventSource<PVR::PVREvent>::Publish<PVR::PVREvent>(PVR::PVREvent) /home/dobo/kodi/xbmc/xbmc/utils/EventStream.h:80 xbmc#11 0x55bf3689b4db in PVR::CPVREpgContainer::UpdateEPG(bool) /home/dobo/kodi/xbmc/xbmc/pvr/epg/EpgContainer.cpp:805 xbmc#12 0x55bf36894d13 in PVR::CPVREpgContainer::Process() /home/dobo/kodi/xbmc/xbmc/pvr/epg/EpgContainer.cpp:346 xbmc#13 0x55bf35608346 in CThread::Action() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:267 xbmc#14 0x55bf35606c3c in operator() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:138 xbmc#15 0x55bf35608dd0 in __invoke_impl<void, CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/12.2.1/bits/invoke.h:61 xbmc#16 0x55bf35608c89 in __invoke<CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/12.2.1/bits/invoke.h:96 xbmc#17 0x55bf35608bbc in _M_invoke<0, 1, 2> /usr/include/c++/12.2.1/bits/std_thread.h:258 xbmc#18 0x55bf35608b59 in operator() /usr/include/c++/12.2.1/bits/std_thread.h:265 xbmc#19 0x55bf35608b3d in _M_run /usr/include/c++/12.2.1/bits/std_thread.h:210 xbmc#20 0x7ff0e90d72c2 in execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:82 Thread T46 created by T43 here: #0 0x7ff0eba64207 in __interceptor_pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:207 #1 0x7ff0e90d73a9 in __gthread_create /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:663 #2 0x7ff0e90d73a9 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:147 xbmc#3 0x55bf356077d6 in CThread::Create(bool) /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:159 xbmc#4 0x55bf36892a8a in PVR::CPVREpgContainer::Start() /home/dobo/kodi/xbmc/xbmc/pvr/epg/EpgContainer.cpp:153 xbmc#5 0x55bf36b1ae80 in PVR::CPVRManager::Process() /home/dobo/kodi/xbmc/xbmc/pvr/PVRManager.cpp:513 xbmc#6 0x55bf35608346 in CThread::Action() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:267 xbmc#7 0x55bf35606c3c in operator() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:138 xbmc#8 0x55bf35608dd0 in __invoke_impl<void, CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/12.2.1/bits/invoke.h:61 xbmc#9 0x55bf35608c89 in __invoke<CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/12.2.1/bits/invoke.h:96 xbmc#10 0x55bf35608bbc in _M_invoke<0, 1, 2> /usr/include/c++/12.2.1/bits/std_thread.h:258 xbmc#11 0x55bf35608b59 in operator() /usr/include/c++/12.2.1/bits/std_thread.h:265 xbmc#12 0x55bf35608b3d in _M_run /usr/include/c++/12.2.1/bits/std_thread.h:210 xbmc#13 0x7ff0e90d72c2 in execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:82 Thread T43 created by T24 here: #0 0x7ff0eba64207 in __interceptor_pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:207 #1 0x7ff0e90d73a9 in __gthread_create /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:663 #2 0x7ff0e90d73a9 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:147 xbmc#3 0x55bf356077d6 in CThread::Create(bool) /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:159 xbmc#4 0x55bf36b1a1f6 in PVR::CPVRManager::Start() /home/dobo/kodi/xbmc/xbmc/pvr/PVRManager.cpp:388 xbmc#5 0x55bf36a80919 in PVR::CPVRClients::UpdateClients(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, unsigned int) /home/dobo/kodi/xbmc/xbmc/pvr/addons/PVRClients.cpp:212 xbmc#6 0x55bf36a7e4e8 in PVR::CPVRClients::Start() /home/dobo/kodi/xbmc/xbmc/pvr/addons/PVRClients.cpp:59 xbmc#7 0x55bf36b19e06 in operator() /home/dobo/kodi/xbmc/xbmc/pvr/PVRManager.cpp:362 xbmc#8 0x55bf36b2c143 in DoWork /home/dobo/kodi/xbmc/xbmc/utils/JobManager.h:39 xbmc#9 0x55bf35422489 in CJobWorker::Process() /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:55 xbmc#10 0x55bf35608346 in CThread::Action() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:267 xbmc#11 0x55bf35606c3c in operator() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:138 xbmc#12 0x55bf35608dd0 in __invoke_impl<void, CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/12.2.1/bits/invoke.h:61 xbmc#13 0x55bf35608c89 in __invoke<CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/12.2.1/bits/invoke.h:96 xbmc#14 0x55bf35608bbc in _M_invoke<0, 1, 2> /usr/include/c++/12.2.1/bits/std_thread.h:258 xbmc#15 0x55bf35608b59 in operator() /usr/include/c++/12.2.1/bits/std_thread.h:265 xbmc#16 0x55bf35608b3d in _M_run /usr/include/c++/12.2.1/bits/std_thread.h:210 xbmc#17 0x7ff0e90d72c2 in execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:82 Thread T24 created by T0 here: #0 0x7ff0eba64207 in __interceptor_pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:207 #1 0x7ff0e90d73a9 in __gthread_create /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:663 #2 0x7ff0e90d73a9 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:147 xbmc#3 0x55bf356077d6 in CThread::Create(bool) /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:159 xbmc#4 0x55bf354221c2 in CJobWorker::CJobWorker(CJobManager*) /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:32 xbmc#5 0x55bf354261d2 in CJobManager::StartWorkers(CJob::PRIORITY) /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:288 xbmc#6 0x55bf35425693 in CJobManager::AddJob(CJob*, IJobCallback*, CJob::PRIORITY) /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:247 xbmc#7 0x55bf35d64c96 in Submit<CApplication::Initialize()::<lambda()> > /home/dobo/kodi/xbmc/xbmc/utils/JobManager.h:261 xbmc#8 0x55bf35d3f094 in CApplication::Initialize() /home/dobo/kodi/xbmc/xbmc/application/Application.cpp:655 xbmc#9 0x55bf356ae6b8 in XBMC_Run /home/dobo/kodi/xbmc/xbmc/platform/xbmc.cpp:43 xbmc#10 0x55bf34321830 in main /home/dobo/kodi/xbmc/xbmc/platform/posix/main.cpp:71 xbmc#11 0x7ff0e9c9a78f (/usr/lib/libc.so.6+0x2378f) SUMMARY: AddressSanitizer: heap-use-after-free /usr/src/debug/gcc/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:827 in __interceptor_memcpy Shadow bytes around the buggy address: 0x0c0e800153b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e800153c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e800153d0: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa 0x0c0e800153e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e800153f0: fa fa fa fa fa fa fa fa fa fa fd fd fd fd fd fd =>0x0c0e80015400: fd fd fd fa fa fa fa fa[fd]fd fd fd fd fd fd fd 0x0c0e80015410: fd fa fa fa fa fa fd fd fd fd fd fd fd fd fd fa 0x0c0e80015420: fa fa fa fa 00 00 00 00 00 00 00 00 00 fa fa fa 0x0c0e80015430: fa fa fd fd fd fd fd fd fd fd fd fa fa fa fa fa 0x0c0e80015440: fa fa fa fa fa fa fa fa fa fa fa fa fa fa 00 00 0x0c0e80015450: 00 00 00 00 00 00 00 fa fa fa fa fa fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==34632==ABORTING
DaVukovic
pushed a commit
that referenced
this pull request
Dec 23, 2023
Address Sanitizer output:
Direct leak of 576 byte(s) in 1 object(s) allocated from:
#0 0x556652b7d482 in operator new(unsigned long) (kodi-test+0xa2f0482) (BuildId: eac9932a781e7c589c3657d6336c0cb0767a5cee)
#1 0x5566531a951d in CXBMCTestUtils::CreateTempFile(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/test/TestUtils.cpp:99:18
#2 0x556652c39f08 in TestXBMCTinyXML2_SaveFile_Test::TestBody() xbmc/utils/test/TestXBMCTinyXML2.cpp:123:10
xbmc#3 0x7fad8d11665b (/usr/lib/libgtest.so.1.14.0+0x5365b) (BuildId: d3f0da00423297c687edfdde9cb59f357b95e001)
Indirect leak of 43 byte(s) in 1 object(s) allocated from:
#0 0x556652b7d482 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi-test+0xa2f0482) (BuildId: eac9932a781e7c589c3657d6336c0cb0767a5cee)
#1 0x556652b90196 in std::__new_allocator<char>::allocate(unsigned long, void const*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/new_allocator.h:147:27
#2 0x556652b9001c in std::allocator_traits<std::allocator<char>>::allocate(std::allocator<char>&, unsigned long) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/alloc_traits.h:482:20
xbmc#3 0x556652b9001c in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>::_S_allocate(std::allocator<char>&, unsigned long) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/basic_string.h:126:16
xbmc#4 0x556652b8fd5f in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>::_M_create(unsigned long&, unsigned long) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/basic_string.tcc:155:14
xbmc#5 0x556652b946a3 in void std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>::_M_construct<char const*>(char const*, char const*, std::forward_iterator_tag) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/basic_string.tcc:225:14
xbmc#6 0x556652b869e1 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>::basic_string<std::allocator<char>>(char const*, std::allocator<char> const&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/basic_string.h:639:2
xbmc#7 0x55665429a52b in KODI::PLATFORM::FILESYSTEM::temp_file_path(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::error_code&) xbmc/platform/posix/Filesystem.cpp:122:10
xbmc#8 0x5566531adeac in CTempFile::Create(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/test/TestUtils.cpp:40:23
xbmc#9 0x5566531a95eb in CXBMCTestUtils::CreateTempFile(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/test/TestUtils.cpp:100:10
xbmc#10 0x556652c39f08 in TestXBMCTinyXML2_SaveFile_Test::TestBody() xbmc/utils/test/TestXBMCTinyXML2.cpp:123:10
xbmc#11 0x7fad8d11665b (/usr/lib/libgtest.so.1.14.0+0x5365b) (BuildId: d3f0da00423297c687edfdde9cb59f357b95e001)
DaVukovic
pushed a commit
that referenced
this pull request
Dec 23, 2023
Fixes memory leaks like this:
Direct leak of 5416 byte(s) in 1 object(s) allocated from:
#0 0x564b473d8ba1 in calloc (kodi-test+0xa2a8ba1) (BuildId: e17174d164cea5687c750d197e31e6bf0beb86ad)
#1 0x7f6be8db88fa (/usr/lib/libcurl.so.4+0x708fa) (BuildId: b5fe52836b4db517485d04822e61ce49b2793833)
#2 0x564b4fb89895 in XCURL::DllLibCurlGlobal::easy_acquire(char const*, char const*, void**, void**) xbmc/filesystem/DllLibCurl.cpp:208:22
xbmc#3 0x564b4facc484 in XFILE::CCurlFile::Open(CURL const&) xbmc/filesystem/CurlFile.cpp:1086:21
xbmc#4 0x564b4fac72a0 in XFILE::CCurlFile::Service(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>&) xbmc/filesystem/CurlFile.cpp:966:7
xbmc#5 0x564b4fac7a69 in XFILE::CCurlFile::Get(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>&) xbmc/filesystem/CurlFile.cpp:960:10
xbmc#6 0x564b47bbd6f6 in TestWebServer_CanGetCachedRangedFileWithExactIfRange_Test::TestBody() xbmc/network/test/TestWebServer.cpp:900:3
xbmc#7 0x7f6be969665b (/usr/lib/libgtest.so.1.14.0+0x5365b) (BuildId: d3f0da00423297c687edfdde9cb59f357b95e001)
Indirect leak of 5416 byte(s) in 1 object(s) allocated from:
#0 0x564b473d8ba1 in calloc (kodi-test+0xa2a8ba1) (BuildId: e17174d164cea5687c750d197e31e6bf0beb86ad)
#1 0x7f6be8db88fa (/usr/lib/libcurl.so.4+0x708fa) (BuildId: b5fe52836b4db517485d04822e61ce49b2793833)
Indirect leak of 5376 byte(s) in 2 object(s) allocated from:
#0 0x564b473d8839 in malloc (kodi-test+0xa2a8839) (BuildId: e17174d164cea5687c750d197e31e6bf0beb86ad)
#1 0x7f6be8d79a44 (/usr/lib/libcurl.so.4+0x31a44) (BuildId: b5fe52836b4db517485d04822e61ce49b2793833)
[...]
DaVukovic
pushed a commit
that referenced
this pull request
Jan 10, 2024
To prevent the leaks the CInputStreamAddon instance takes ownership of the
CDemuxStream objects created in the cb_get_stream_transfer callback.
Example output of address sanitizer:
Direct leak of 1776 byte(s) in 6 object(s) allocated from:
#0 0x55dc6314f7e2 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xb4bc7e2) (BuildId: cbd496f42c6c4585c86580a090c0960e7fc39797)
#1 0x55dc64549c39 in CInputStreamAddon::cb_get_stream_transfer(void*, int, INPUTSTREAM_INFO*) xbmc/cores/VideoPlayer/DVDInputStreams/InputStreamAddon.cpp:413:38
#2 0x???????????? in kodi::addon::CInstanceInputStream::ADDON_GetStream(AddonInstance_InputStream const*, int, INPUTSTREAM_INFO*, void**, void* (*)(void*, int, INPUTSTREAM_INFO*)) xbmc/addons/kodi-dev-kit/include/kodi/addon-instance/Inputstream.h:1888
xbmc#3 0x55dc645490bc in CInputStreamAddon::GetStream(int) const xbmc/cores/VideoPlayer/DVDInputStreams/InputStreamAddon.cpp:381:14
xbmc#4 0x55dc64548821 in CInputStreamAddon::GetStreams() const xbmc/cores/VideoPlayer/DVDInputStreams/InputStreamAddon.cpp:371:32
xbmc#5 0x55dc64548a76 in non-virtual thunk to CInputStreamAddon::GetStreams() const xbmc/cores/VideoPlayer/DVDInputStreams/InputStreamAddon.cpp
xbmc#6 0x55dc646822e0 in CDVDDemuxClient::RequestStreams() xbmc/cores/VideoPlayer/DVDDemuxers/DVDDemuxClient.cpp:402:32
xbmc#7 0x55dc64681cd1 in CDVDDemuxClient::Open(std::shared_ptr<CDVDInputStream>) xbmc/cores/VideoPlayer/DVDDemuxers/DVDDemuxClient.cpp:76:3
xbmc#8 0x55dc64785ede in CDVDFactoryDemuxer::CreateDemuxer(std::shared_ptr<CDVDInputStream> const&, bool) xbmc/cores/VideoPlayer/DVDDemuxers/DVDFactoryDemuxer.cpp:58:17
xbmc#9 0x55dc64b065e9 in CVideoPlayer::OpenDemuxStream() xbmc/cores/VideoPlayer/VideoPlayer.cpp:830:22
xbmc#10 0x55dc64b2288f in CVideoPlayer::Prepare() xbmc/cores/VideoPlayer/VideoPlayer.cpp:1250:8
xbmc#11 0x55dc64b36b31 in CVideoPlayer::Process() xbmc/cores/VideoPlayer/VideoPlayer.cpp:1357:3
xbmc#12 0x55dc64b72298 in non-virtual thunk to CVideoPlayer::Process() xbmc/cores/VideoPlayer/VideoPlayer.cpp
xbmc#13 0x55dc6626eda2 in CThread::Action() xbmc/threads/Thread.cpp:283:5
xbmc#14 0x55dc662715b9 in CThread::Create(bool)::$_0::operator()(CThread*, std::promise<bool>) const xbmc/threads/Thread.cpp:152:18
xbmc#15 0x55dc66270246 in void std::__invoke_impl<void, CThread::Create(bool)::$_0, CThread*, std::promise<bool>>(std::__invoke_other, CThread::Create(bool)::$_0&&, CThread*&&, std::promise<bool>&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/invoke.h:61:14
xbmc#16 0x55dc6626fe76 in std::__invoke_result<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>::type std::__invoke<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>(CThread::Create(bool)::$_0&&, CThread*&&, std::promise<bool>&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/invoke.h:96:14
xbmc#17 0x55dc6626fdaf in void std::thread::_Invoker<std::tuple<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>>::_M_invoke<0ul, 1ul, 2ul>(std::_Index_tuple<0ul, 1ul, 2ul>) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/std_thread.h:292:13
xbmc#18 0x55dc6626fc28 in std::thread::_Invoker<std::tuple<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>>::operator()() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/std_thread.h:299:11
xbmc#19 0x55dc6626f7f8 in std::thread::_State_impl<std::thread::_Invoker<std::tuple<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>>>::_M_run() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/std_thread.h:244:13
xbmc#20 0x7ff10cae1942 in execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:104:18
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This updates the window name from GameViewMode to GameStretchMode after xbmc#14496. Window definition was renamed in xbmc#14102, so it's unaffected.
For xbmc#14509