Double-free when quitting fluidsynth

[derselbst]

FluidSynth version

2.1.6 and master

Describe the bug

Expected behavior

Quit without crashing

Steps to reproduce

Execute the info command on any string setting, e.g.:

fluidsynth.exe
> info audio.sample-format
> quit

Additional context

=================================================================
==5612==ERROR: AddressSanitizer: attempting double-free on 0x602000003250 in thread T0:
    #0 0x7fc6842dd1a8 in __interceptor_free (/usr/lib64/libasan.so.4+0xdc1a8)
    #1 0x7fc683cfddaf in fluid_free /src/utils/fluid_sys.c:232
    #2 0x7fc683cf23b4 in delete_fluid_str_setting /src/utils/fluid_settings.c:124
    #3 0x7fc683cf3131 in fluid_settings_value_destroy_func /src/utils/fluid_settings.c:316
    #4 0x7fc683cebcd6 in fluid_hashtable_remove_node /src/utils/fluid_hash.c:243
    #5 0x7fc683cebef3 in fluid_hashtable_remove_all_nodes /src/utils/fluid_hash.c:272
    #6 0x7fc683cef43e in fluid_hashtable_remove_all /src/utils/fluid_hash.c:990
    #7 0x7fc683cee5eb in delete_fluid_hashtable /src/utils/fluid_hash.c:717
    #8 0x7fc683cf2fbc in delete_fluid_set_setting /src/utils/fluid_settings.c:252
    #9 0x7fc683cf313f in fluid_settings_value_destroy_func /src/utils/fluid_settings.c:320
    #10 0x7fc683cebcd6 in fluid_hashtable_remove_node /src/utils/fluid_hash.c:243
    #11 0x7fc683cebef3 in fluid_hashtable_remove_all_nodes /src/utils/fluid_hash.c:272
    #12 0x7fc683cef43e in fluid_hashtable_remove_all /src/utils/fluid_hash.c:990
    #13 0x7fc683cee5eb in delete_fluid_hashtable /src/utils/fluid_hash.c:717
    #14 0x7fc683cf305f in delete_fluid_settings /src/utils/fluid_settings.c:289
    #15 0x405d12 in main /src/fluidsynth.c:1097
    #16 0x7fc682593349 in __libc_start_main (/lib64/libc.so.6+0x24349)
    #17 0x402909 in _start (/build/src/fluidsynth+0x402909)

0x602000003250 is located 0 bytes inside of 7-byte region [0x602000003250,0x602000003257)
freed by thread T0 here:
    #0 0x7fc6842dd1a8 in __interceptor_free (/usr/lib64/libasan.so.4+0xdc1a8)
    #1 0x7fc683cfddaf in fluid_free /src/utils/fluid_sys.c:232
    #2 0x7fc683db6bfa in fluid_handle_info /src/bindings/fluid_cmd.c:2146
    #3 0x7fc683dbe570 in fluid_cmd_handler_handle /src/bindings/fluid_cmd.c:4250
    #4 0x7fc683dace42 in fluid_command /src/bindings/fluid_cmd.c:413
    #5 0x7fc683dad6cf in fluid_shell_run /src/bindings/fluid_cmd.c:520
    #6 0x7fc683dad8b4 in fluid_usershell /src/bindings/fluid_cmd.c:561
    #7 0x405bec in main /src/fluidsynth.c:1046
    #8 0x7fc682593349 in __libc_start_main (/lib64/libc.so.6+0x24349)

previously allocated by thread T0 here:
    #0 0x7fc6842dd500 in malloc (/usr/lib64/libasan.so.4+0xdc500)
    #1 0x7fc683cfdd5e in fluid_alloc /src/utils/fluid_sys.c:203
    #2 0x7fc683cf2060 in new_fluid_str_setting /src/utils/fluid_settings.c:108
    #3 0x7fc683cf43d0 in fluid_settings_register_str /src/utils/fluid_settings.c:533
    #4 0x7fc683daaeec in fluid_audio_driver_settings /src/drivers/fluid_adriver.c:199
    #5 0x7fc683cf3192 in fluid_settings_init /src/utils/fluid_settings.c:334
    #6 0x7fc683cf302a in new_fluid_settings /src/utils/fluid_settings.c:275
    #7 0x403e54 in main /src/fluidsynth.c:374
    #8 0x7fc682593349 in __libc_start_main (/lib64/libc.so.6+0x24349)

SUMMARY: AddressSanitizer: double-free (/usr/lib64/libasan.so.4+0xdc1a8) in __interceptor_free

[jjceresa]

Here fluidsynth version 2.1.6 works fine and doesn't crash when quitting. Strange.

[derselbst]

You'll only notice when you have the debug_heap feature of CRT enabled.

[jjceresa]

Ok, thanks.