Fix SwitchChannel() heap-use-after-free

[repojohnray]

==25873==ERROR: AddressSanitizer: heap-use-after-free on address 0xb4b79e80 at pc 0xc1027fe7 bp 0xb0bcb968 sp 0xb0bcb96c
READ of size 2108 at 0xb4b79e80 thread T26
#0 0xc1027fe4 in kodi::addon::CStructHdl<kodi::addon::PVRChannel, PVR_CHANNEL>::operator=(kodi::addon::CStructHdl<kodi::addon::PVRChannel, PVR_CHANNEL> const&) pvr-vdr-vnsi-Matrix-c4c9a5c4edd212462af4465246183ef2fc9993a9/src/InputstreamDemux.cpp:285
#1 0xc1027fe4 in kodi::addon::PVRChannel::operator=(kodi::addon::PVRChannel const&) /usr/local/include/kodi/addon-instance/pvr/Channels.h:38
#2 0xc1027fe4 in cVNSIDemux::SwitchChannel(kodi::addon::PVRChannel const&) pvr-vdr-vnsi-Matrix-c4c9a5c4edd212462af4465246183ef2fc9993a9/src/InputstreamDemux.cpp:315
#3 0xc0eb6158 in CVNSIClientInstance::OpenLiveStream(kodi::addon::PVRChannel const&) pvr-vdr-vnsi-Matrix-c4c9a5c4edd212462af4465246183ef2fc9993a9/src/ClientInstance.cpp:1517
#4 0xc0f1aad2 in kodi::addon::CInstancePVRClient::ADDON_OpenLiveStream(AddonInstance_PVR const*, PVR_CHANNEL const*) (/usr/local/lib/kodi/addons/pvr.vdr.vnsi/pvr.vdr.vnsi.so.19.0.5+0x1daad2)
#5 0x1753f0e in operator() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/pvr/addons/PVRClient.cpp:1425

[repojohnray]

=================================================================
==25873==ERROR: AddressSanitizer: heap-use-after-free on address 0xb4b79e80 at pc 0xc1027fe7 bp 0xb0bcb968 sp 0xb0bcb96c
READ of size 2108 at 0xb4b79e80 thread T26
#0 0xc1027fe4 in kodi::addon::CStructHdl<kodi::addon::PVRChannel, PVR_CHANNEL>::operator=(kodi::addon::CStructHdl<kodi::addon::PVRChannel, PVR_CHANNEL> const&) pvr-vdr-vnsi-Matrix-c4c9a5c4edd212462af4465246183ef2fc9993a9/src/InputstreamDemux.cpp:285
#1 0xc1027fe4 in kodi::addon::PVRChannel::operator=(kodi::addon::PVRChannel const&) /usr/local/include/kodi/addon-instance/pvr/Channels.h:38
#2 0xc1027fe4 in cVNSIDemux::SwitchChannel(kodi::addon::PVRChannel const&) pvr-vdr-vnsi-Matrix-c4c9a5c4edd212462af4465246183ef2fc9993a9/src/InputstreamDemux.cpp:315
#3 0xc0eb6158 in CVNSIClientInstance::OpenLiveStream(kodi::addon::PVRChannel const&) pvr-vdr-vnsi-Matrix-c4c9a5c4edd212462af4465246183ef2fc9993a9/src/ClientInstance.cpp:1517
#4 0xc0f1aad2 in kodi::addon::CInstancePVRClient::ADDON_OpenLiveStream(AddonInstance_PVR const*, PVR_CHANNEL const*) (/usr/local/lib/kodi/addons/pvr.vdr.vnsi/pvr.vdr.vnsi.so.19.0.5+0x1daad2)
#5 0x1753f0e in operator() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/pvr/addons/PVRClient.cpp:1425
#6 0x172bcd8 in std::function<PVR_ERROR (AddonInstance_PVR const*)>::operator()(AddonInstance_PVR const*) const /sr9/usr/include/c++/11.3.0/bits/std_function.h:590
#7 0x172bcd8 in PVR::CPVRClient::DoAddonCall(char const*, std::function<PVR_ERROR (AddonInstance_PVR const*)> const&, bool, bool) const xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/pvr/addons/PVRClient.cpp:1390
#8 0x174a028 in PVR::CPVRClient::OpenLiveStream(std::shared_ptrPVR::CPVRChannel const&) xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/pvr/addons/PVRClient.cpp:1411
#9 0x8bbe92 in CInputStreamPVRChannel::OpenPVRStream() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/cores/VideoPlayer/DVDInputStreams/InputStreamPVRChannel.cpp:47
#10 0x8a6a22 in CInputStreamPVRBase::Open() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/cores/VideoPlayer/DVDInputStreams/InputStreamPVRBase.cpp:42
#11 0xe8bad0 in CVideoPlayer::OpenInputStream() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/cores/VideoPlayer/VideoPlayer.cpp:776
#12 0xee3290 in CVideoPlayer::Prepare() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/cores/VideoPlayer/VideoPlayer.cpp:1211
#13 0xf14f92 in CVideoPlayer::Process() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/cores/VideoPlayer/VideoPlayer.cpp:1317
#14 0x1286a4c in CThread::Action() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/threads/Thread.cpp:282
#15 0x12984ba in operator() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/threads/Thread.cpp:140
#16 0x129c6ca in __invoke_impl<void, CThread::Create(bool)::<lambda(CThread*, std::promise)>, CThread*, std::promise > /sr9/usr/include/c++/11.3.0/bits/invoke.h:61
#17 0x129c6ca in __invoke<CThread::Create(bool)::<lambda(CThread*, std::promise)>, CThread*, std::promise > /sr9/usr/include/c++/11.3.0/bits/invoke.h:96
#18 0x129c6ca in _M_invoke<0, 1, 2> /sr9/usr/include/c++/11.3.0/bits/std_thread.h:253
#19 0x129c6ca in operator() /sr9/usr/include/c++/11.3.0/bits/std_thread.h:260
#20 0x129c6ca in _M_run /sr9/usr/include/c++/11.3.0/bits/std_thread.h:211
#21 0xe34e31aa (/usr/lib/libstdc++.so.6+0xa31aa)
#22 0xf76e2c5a (/usr/lib/libasan.so.6+0x42c5a)
#23 0xe360aee0 in start_thread glibc-2.35/nptl/pthread_create.c:442

0xb4b79e80 is located 0 bytes inside of 2108-byte region [0xb4b79e80,0xb4b7a6bc)
freed by thread T26 here:
#0 0xf77258c8 in operator delete(void*, unsigned int) (/usr/lib/libasan.so.6+0x858c8)
#1 0xc10278ac in kodi::addon::CStructHdl<kodi::addon::PVRChannel, PVR_CHANNEL>::operator=(kodi::addon::CStructHdl<kodi::addon::PVRChannel, PVR_CHANNEL> const&) /usr/local/include/kodi/AddonBase.h:273
#2 0xc10278ac in kodi::addon::PVRChannel::operator=(kodi::addon::PVRChannel const&) /usr/local/include/kodi/addon-instance/pvr/Channels.h:38
#3 0xc10278ac in cVNSIDemux::SwitchChannel(kodi::addon::PVRChannel const&) pvr-vdr-vnsi-Matrix-c4c9a5c4edd212462af4465246183ef2fc9993a9/src/InputstreamDemux.cpp:315
#4 0xc0eb6158 in CVNSIClientInstance::OpenLiveStream(kodi::addon::PVRChannel const&) pvr-vdr-vnsi-Matrix-c4c9a5c4edd212462af4465246183ef2fc9993a9/src/ClientInstance.cpp:1517
#5 0xc0f1aad2 in kodi::addon::CInstancePVRClient::ADDON_OpenLiveStream(AddonInstance_PVR const*, PVR_CHANNEL const*) (/usr/local/lib/kodi/addons/pvr.vdr.vnsi/pvr.vdr.vnsi.so.19.0.5+0x1daad2)
#6 0x1753f0e in operator() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/pvr/addons/PVRClient.cpp:1425
#7 0x172bcd8 in std::function<PVR_ERROR (AddonInstance_PVR const*)>::operator()(AddonInstance_PVR const*) const /sr9/usr/include/c++/11.3.0/bits/std_function.h:590
#8 0x172bcd8 in PVR::CPVRClient::DoAddonCall(char const*, std::function<PVR_ERROR (AddonInstance_PVR const*)> const&, bool, bool) const xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/pvr/addons/PVRClient.cpp:1390
#9 0x174a028 in PVR::CPVRClient::OpenLiveStream(std::shared_ptrPVR::CPVRChannel const&) xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/pvr/addons/PVRClient.cpp:1411
#10 0x8bbe92 in CInputStreamPVRChannel::OpenPVRStream() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/cores/VideoPlayer/DVDInputStreams/InputStreamPVRChannel.cpp:47
#11 0x8a6a22 in CInputStreamPVRBase::Open() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/cores/VideoPlayer/DVDInputStreams/InputStreamPVRBase.cpp:42
#12 0xe8bad0 in CVideoPlayer::OpenInputStream() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/cores/VideoPlayer/VideoPlayer.cpp:776
#13 0xee3290 in CVideoPlayer::Prepare() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/cores/VideoPlayer/VideoPlayer.cpp:1211
#14 0xf14f92 in CVideoPlayer::Process() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/cores/VideoPlayer/VideoPlayer.cpp:1317
#15 0x1286a4c in CThread::Action() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/threads/Thread.cpp:282
#16 0x12984ba in operator() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/threads/Thread.cpp:140
#17 0x129c6ca in __invoke_impl<void, CThread::Create(bool)::<lambda(CThread*, std::promise)>, CThread*, std::promise > /sr9/usr/include/c++/11.3.0/bits/invoke.h:61
#18 0x129c6ca in __invoke<CThread::Create(bool)::<lambda(CThread*, std::promise)>, CThread*, std::promise > /sr9/usr/include/c++/11.3.0/bits/invoke.h:96
#19 0x129c6ca in _M_invoke<0, 1, 2> /sr9/usr/include/c++/11.3.0/bits/std_thread.h:253
#20 0x129c6ca in operator() /sr9/usr/include/c++/11.3.0/bits/std_thread.h:260
#21 0x129c6ca in _M_run /sr9/usr/include/c++/11.3.0/bits/std_thread.h:211
#22 0xe34e31aa (/usr/lib/libstdc++.so.6+0xa31aa)
#23 0xf76e2c5a (/usr/lib/libasan.so.6+0x42c5a)
#24 0xe360aee0 in start_thread glibc-2.35/nptl/pthread_create.c:442

previously allocated by thread T26 here:
#0 0xf7725000 in operator new(unsigned int) (/usr/lib/libasan.so.6+0x85000)
#1 0xc1028de4 in kodi::addon::CStructHdl<kodi::addon::PVRChannel, PVR_CHANNEL>::operator=(kodi::addon::CStructHdl<kodi::addon::PVRChannel, PVR_CHANNEL> const&) /usr/local/include/kodi/AddonBase.h:275
#2 0xc1028de4 in kodi::addon::PVRChannel::operator=(kodi::addon::PVRChannel const&) /usr/local/include/kodi/addon-instance/pvr/Channels.h:38
#3 0xc1028de4 in cVNSIDemux::OpenChannel(kodi::addon::PVRChannel const&) pvr-vdr-vnsi-Matrix-c4c9a5c4edd212462af4465246183ef2fc9993a9/src/InputstreamDemux.cpp:62
#4 0xc0eb6158 in CVNSIClientInstance::OpenLiveStream(kodi::addon::PVRChannel const&) pvr-vdr-vnsi-Matrix-c4c9a5c4edd212462af4465246183ef2fc9993a9/src/ClientInstance.cpp:1517
#5 0xc0f1aad2 in kodi::addon::CInstancePVRClient::ADDON_OpenLiveStream(AddonInstance_PVR const*, PVR_CHANNEL const*) (/usr/local/lib/kodi/addons/pvr.vdr.vnsi/pvr.vdr.vnsi.so.19.0.5+0x1daad2)
#6 0x1753f0e in operator() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/pvr/addons/PVRClient.cpp:1425
#7 0x172bcd8 in std::function<PVR_ERROR (AddonInstance_PVR const*)>::operator()(AddonInstance_PVR const*) const /sr9/usr/include/c++/11.3.0/bits/std_function.h:590
#8 0x172bcd8 in PVR::CPVRClient::DoAddonCall(char const*, std::function<PVR_ERROR (AddonInstance_PVR const*)> const&, bool, bool) const xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/pvr/addons/PVRClient.cpp:1390
#9 0x174a028 in PVR::CPVRClient::OpenLiveStream(std::shared_ptrPVR::CPVRChannel const&) xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/pvr/addons/PVRClient.cpp:1411
#10 0x8bbe92 in CInputStreamPVRChannel::OpenPVRStream() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/cores/VideoPlayer/DVDInputStreams/InputStreamPVRChannel.cpp:47
#11 0x8a6a22 in CInputStreamPVRBase::Open() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/cores/VideoPlayer/DVDInputStreams/InputStreamPVRBase.cpp:42
#12 0xe8bad0 in CVideoPlayer::OpenInputStream() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/cores/VideoPlayer/VideoPlayer.cpp:776
#13 0xee3290 in CVideoPlayer::Prepare() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/cores/VideoPlayer/VideoPlayer.cpp:1211
#14 0xf14f92 in CVideoPlayer::Process() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/cores/VideoPlayer/VideoPlayer.cpp:1317
#15 0x1286a4c in CThread::Action() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/threads/Thread.cpp:282
#16 0x12984ba in operator() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/threads/Thread.cpp:140
#17 0x129c6ca in __invoke_impl<void, CThread::Create(bool)::<lambda(CThread*, std::promise)>, CThread*, std::promise > /sr9/usr/include/c++/11.3.0/bits/invoke.h:61
#18 0x129c6ca in __invoke<CThread::Create(bool)::<lambda(CThread*, std::promise)>, CThread*, std::promise > /sr9/usr/include/c++/11.3.0/bits/invoke.h:96
#19 0x129c6ca in _M_invoke<0, 1, 2> /sr9/usr/include/c++/11.3.0/bits/std_thread.h:253
#20 0x129c6ca in operator() /sr9/usr/include/c++/11.3.0/bits/std_thread.h:260
#21 0x129c6ca in _M_run /sr9/usr/include/c++/11.3.0/bits/std_thread.h:211
#22 0xe34e31aa (/usr/lib/libstdc++.so.6+0xa31aa)
#23 0xf76e2c5a (/usr/lib/libasan.so.6+0x42c5a)
#24 0xe360aee0 in start_thread glibc-2.35/nptl/pthread_create.c:442

Thread T26 created by T0 here:
#0 0xf76e2ca6 in pthread_create (/usr/lib/libasan.so.6+0x42ca6)
#1 0xffebbc5c ([stack]+0x1ec5c)

SUMMARY: AddressSanitizer: heap-use-after-free pvr-vdr-vnsi-Matrix-c4c9a5c4edd212462af4465246183ef2fc9993a9/src/InputstreamDemux.cpp:285 in kodi::addon::CStructHdl<kodi::addon::PVRChannel, PVR_CHANNEL>::operator=(kodi::addon::CStructHdl<kodi::addon::PVRChannel, PVR_CHANNEL> const&)
Shadow bytes around the buggy address:
0x3696f380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x3696f390: 00 00 00 00 00 00 00 04 fa fa fa fa fa fa fa fa
0x3696f3a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x3696f3b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x3696f3c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x3696f3d0:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x3696f3e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x3696f3f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x3696f400: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x3696f410: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x3696f420: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc

==25873==ERROR: AddressSanitizer: heap-use-after-free on address 0xb4b79e80 at pc 0xf76ce1d9 bp 0xb0bcb538 sp 0xb0bcb540
READ of size 2108 at 0xb4b79e80 thread T26
#0 0xf76ce1d6 in __interceptor_memcpy (/usr/lib/libasan.so.6+0x2e1d6)
#1 0xc1027a98 in kodi::addon::CStructHdl<kodi::addon::PVRChannel, PVR_CHANNEL>::operator=(kodi::addon::CStructHdl<kodi::addon::PVRChannel, PVR_CHANNEL> const&) /usr/local/include/kodi/AddonBase.h:275
#2 0xc1027a98 in kodi::addon::PVRChannel::operator=(kodi::addon::PVRChannel const&) /usr/local/include/kodi/addon-instance/pvr/Channels.h:38
#3 0xc1027a98 in cVNSIDemux::SwitchChannel(kodi::addon::PVRChannel const&) pvr-vdr-vnsi-Matrix-c4c9a5c4edd212462af4465246183ef2fc9993a9/src/InputstreamDemux.cpp:315
#4 0xc0eb6158 in CVNSIClientInstance::OpenLiveStream(kodi::addon::PVRChannel const&) pvr-vdr-vnsi-Matrix-c4c9a5c4edd212462af4465246183ef2fc9993a9/src/ClientInstance.cpp:1517
#5 0xc0f1aad2 in kodi::addon::CInstancePVRClient::ADDON_OpenLiveStream(AddonInstance_PVR const*, PVR_CHANNEL const*) (/usr/local/lib/kodi/addons/pvr.vdr.vnsi/pvr.vdr.vnsi.so.19.0.5+0x1daad2)
#6 0x1753f0e in operator() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/pvr/addons/PVRClient.cpp:1425
#7 0x172bcd8 in std::function<PVR_ERROR (AddonInstance_PVR const*)>::operator()(AddonInstance_PVR const*) const /sr9/usr/include/c++/11.3.0/bits/std_function.h:590
#8 0x172bcd8 in PVR::CPVRClient::DoAddonCall(char const*, std::function<PVR_ERROR (AddonInstance_PVR const*)> const&, bool, bool) const xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/pvr/addons/PVRClient.cpp:1390
#9 0x174a028 in PVR::CPVRClient::OpenLiveStream(std::shared_ptrPVR::CPVRChannel const&) xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/pvr/addons/PVRClient.cpp:1411
#10 0x8bbe92 in CInputStreamPVRChannel::OpenPVRStream() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/cores/VideoPlayer/DVDInputStreams/InputStreamPVRChannel.cpp:47
#11 0x8a6a22 in CInputStreamPVRBase::Open() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/cores/VideoPlayer/DVDInputStreams/InputStreamPVRBase.cpp:42
#12 0xe8bad0 in CVideoPlayer::OpenInputStream() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/cores/VideoPlayer/VideoPlayer.cpp:776
#13 0xee3290 in CVideoPlayer::Prepare() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/cores/VideoPlayer/VideoPlayer.cpp:1211
#14 0xf14f92 in CVideoPlayer::Process() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/cores/VideoPlayer/VideoPlayer.cpp:1317
#15 0x1286a4c in CThread::Action() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/threads/Thread.cpp:282
#16 0x12984ba in operator() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/threads/Thread.cpp:140
#17 0x129c6ca in __invoke_impl<void, CThread::Create(bool)::<lambda(CThread*, std::promise)>, CThread*, std::promise > /sr9/usr/include/c++/11.3.0/bits/invoke.h:61
#18 0x129c6ca in __invoke<CThread::Create(bool)::<lambda(CThread*, std::promise)>, CThread*, std::promise > /sr9/usr/include/c++/11.3.0/bits/invoke.h:96
#19 0x129c6ca in _M_invoke<0, 1, 2> /sr9/usr/include/c++/11.3.0/bits/std_thread.h:253
#20 0x129c6ca in operator() /sr9/usr/include/c++/11.3.0/bits/std_thread.h:260
#21 0x129c6ca in _M_run /sr9/usr/include/c++/11.3.0/bits/std_thread.h:211
#22 0xe34e31aa (/usr/lib/libstdc++.so.6+0xa31aa)
#23 0xf76e2c5a (/usr/lib/libasan.so.6+0x42c5a)
#24 0xe360aee0 in start_thread glibc-2.35/nptl/pthread_create.c:442

0xb4b79e80 is located 0 bytes inside of 2108-byte region [0xb4b79e80,0xb4b7a6bc)
freed by thread T26 here:
#0 0xf77258c8 in operator delete(void*, unsigned int) (/usr/lib/libasan.so.6+0x858c8)
#1 0xc10278ac in kodi::addon::CStructHdl<kodi::addon::PVRChannel, PVR_CHANNEL>::operator=(kodi::addon::CStructHdl<kodi::addon::PVRChannel, PVR_CHANNEL> const&) /usr/local/include/kodi/AddonBase.h:273
#2 0xc10278ac in kodi::addon::PVRChannel::operator=(kodi::addon::PVRChannel const&) /usr/local/include/kodi/addon-instance/pvr/Channels.h:38
#3 0xc10278ac in cVNSIDemux::SwitchChannel(kodi::addon::PVRChannel const&) pvr-vdr-vnsi-Matrix-c4c9a5c4edd212462af4465246183ef2fc9993a9/src/InputstreamDemux.cpp:315
#4 0xc0eb6158 in CVNSIClientInstance::OpenLiveStream(kodi::addon::PVRChannel const&) pvr-vdr-vnsi-Matrix-c4c9a5c4edd212462af4465246183ef2fc9993a9/src/ClientInstance.cpp:1517
#5 0xc0f1aad2 in kodi::addon::CInstancePVRClient::ADDON_OpenLiveStream(AddonInstance_PVR const*, PVR_CHANNEL const*) (/usr/local/lib/kodi/addons/pvr.vdr.vnsi/pvr.vdr.vnsi.so.19.0.5+0x1daad2)
#6 0x1753f0e in operator() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/pvr/addons/PVRClient.cpp:1425
#7 0x172bcd8 in std::function<PVR_ERROR (AddonInstance_PVR const*)>::operator()(AddonInstance_PVR const*) const /sr9/usr/include/c++/11.3.0/bits/std_function.h:590
#8 0x172bcd8 in PVR::CPVRClient::DoAddonCall(char const*, std::function<PVR_ERROR (AddonInstance_PVR const*)> const&, bool, bool) const xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/pvr/addons/PVRClient.cpp:1390
#9 0x174a028 in PVR::CPVRClient::OpenLiveStream(std::shared_ptrPVR::CPVRChannel const&) xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/pvr/addons/PVRClient.cpp:1411
#10 0x8bbe92 in CInputStreamPVRChannel::OpenPVRStream() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/cores/VideoPlayer/DVDInputStreams/InputStreamPVRChannel.cpp:47
#11 0x8a6a22 in CInputStreamPVRBase::Open() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/cores/VideoPlayer/DVDInputStreams/InputStreamPVRBase.cpp:42
#12 0xe8bad0 in CVideoPlayer::OpenInputStream() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/cores/VideoPlayer/VideoPlayer.cpp:776
#13 0xee3290 in CVideoPlayer::Prepare() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/cores/VideoPlayer/VideoPlayer.cpp:1211
#14 0xf14f92 in CVideoPlayer::Process() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/cores/VideoPlayer/VideoPlayer.cpp:1317
#15 0x1286a4c in CThread::Action() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/threads/Thread.cpp:282
#16 0x12984ba in operator() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/threads/Thread.cpp:140
#17 0x129c6ca in __invoke_impl<void, CThread::Create(bool)::<lambda(CThread*, std::promise)>, CThread*, std::promise > /sr9/usr/include/c++/11.3.0/bits/invoke.h:61
#18 0x129c6ca in __invoke<CThread::Create(bool)::<lambda(CThread*, std::promise)>, CThread*, std::promise > /sr9/usr/include/c++/11.3.0/bits/invoke.h:96
#19 0x129c6ca in _M_invoke<0, 1, 2> /sr9/usr/include/c++/11.3.0/bits/std_thread.h:253
#20 0x129c6ca in operator() /sr9/usr/include/c++/11.3.0/bits/std_thread.h:260
#21 0x129c6ca in _M_run /sr9/usr/include/c++/11.3.0/bits/std_thread.h:211
#22 0xe34e31aa (/usr/lib/libstdc++.so.6+0xa31aa)
#23 0xf76e2c5a (/usr/lib/libasan.so.6+0x42c5a)
#24 0xe360aee0 in start_thread glibc-2.35/nptl/pthread_create.c:442

previously allocated by thread T26 here:
#0 0xf7725000 in operator new(unsigned int) (/usr/lib/libasan.so.6+0x85000)
#1 0xc1028de4 in kodi::addon::CStructHdl<kodi::addon::PVRChannel, PVR_CHANNEL>::operator=(kodi::addon::CStructHdl<kodi::addon::PVRChannel, PVR_CHANNEL> const&) /usr/local/include/kodi/AddonBase.h:275
#2 0xc1028de4 in kodi::addon::PVRChannel::operator=(kodi::addon::PVRChannel const&) /usr/local/include/kodi/addon-instance/pvr/Channels.h:38
#3 0xc1028de4 in cVNSIDemux::OpenChannel(kodi::addon::PVRChannel const&) pvr-vdr-vnsi-Matrix-c4c9a5c4edd212462af4465246183ef2fc9993a9/src/InputstreamDemux.cpp:62
#4 0xc0eb6158 in CVNSIClientInstance::OpenLiveStream(kodi::addon::PVRChannel const&) pvr-vdr-vnsi-Matrix-c4c9a5c4edd212462af4465246183ef2fc9993a9/src/ClientInstance.cpp:1517
#5 0xc0f1aad2 in kodi::addon::CInstancePVRClient::ADDON_OpenLiveStream(AddonInstance_PVR const*, PVR_CHANNEL const*) (/usr/local/lib/kodi/addons/pvr.vdr.vnsi/pvr.vdr.vnsi.so.19.0.5+0x1daad2)
#6 0x1753f0e in operator() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/pvr/addons/PVRClient.cpp:1425
#7 0x172bcd8 in std::function<PVR_ERROR (AddonInstance_PVR const*)>::operator()(AddonInstance_PVR const*) const /sr9/usr/include/c++/11.3.0/bits/std_function.h:590
#8 0x172bcd8 in PVR::CPVRClient::DoAddonCall(char const*, std::function<PVR_ERROR (AddonInstance_PVR const*)> const&, bool, bool) const xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/pvr/addons/PVRClient.cpp:1390
#9 0x174a028 in PVR::CPVRClient::OpenLiveStream(std::shared_ptrPVR::CPVRChannel const&) xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/pvr/addons/PVRClient.cpp:1411
#10 0x8bbe92 in CInputStreamPVRChannel::OpenPVRStream() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/cores/VideoPlayer/DVDInputStreams/InputStreamPVRChannel.cpp:47
#11 0x8a6a22 in CInputStreamPVRBase::Open() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/cores/VideoPlayer/DVDInputStreams/InputStreamPVRBase.cpp:42
#12 0xe8bad0 in CVideoPlayer::OpenInputStream() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/cores/VideoPlayer/VideoPlayer.cpp:776
#13 0xee3290 in CVideoPlayer::Prepare() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/cores/VideoPlayer/VideoPlayer.cpp:1211
#14 0xf14f92 in CVideoPlayer::Process() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/cores/VideoPlayer/VideoPlayer.cpp:1317
#15 0x1286a4c in CThread::Action() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/threads/Thread.cpp:282
#16 0x12984ba in operator() xbmc-Matrix-11fcf3089436c701b86b98658d646730cf35136d/xbmc/threads/Thread.cpp:140
#17 0x129c6ca in __invoke_impl<void, CThread::Create(bool)::<lambda(CThread*, std::promise)>, CThread*, std::promise > /sr9/usr/include/c++/11.3.0/bits/invoke.h:61
#18 0x129c6ca in __invoke<CThread::Create(bool)::<lambda(CThread*, std::promise)>, CThread*, std::promise > /sr9/usr/include/c++/11.3.0/bits/invoke.h:96
#19 0x129c6ca in _M_invoke<0, 1, 2> /sr9/usr/include/c++/11.3.0/bits/std_thread.h:253
#20 0x129c6ca in operator() /sr9/usr/include/c++/11.3.0/bits/std_thread.h:260
#21 0x129c6ca in _M_run /sr9/usr/include/c++/11.3.0/bits/std_thread.h:211
#22 0xe34e31aa (/usr/lib/libstdc++.so.6+0xa31aa)
#23 0xf76e2c5a (/usr/lib/libasan.so.6+0x42c5a)
#24 0xe360aee0 in start_thread glibc-2.35/nptl/pthread_create.c:442

SUMMARY: AddressSanitizer: heap-use-after-free (/usr/lib/libasan.so.6+0x2e1d6) in __interceptor_memcpy
Shadow bytes around the buggy address:
0x3696f380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x3696f390: 00 00 00 00 00 00 00 04 fa fa fa fa fa fa fa fa
0x3696f3a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x3696f3b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x3696f3c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x3696f3d0:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x3696f3e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x3696f3f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x3696f400: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x3696f410: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x3696f420: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc

[phunkyfish]

Sorry but it’s impossible to follow any reasoning for this change. Can you move the logs to paste site links and then explain why this change is required?

[repojohnray]

This was detected by the gcc sanitizer, the issue is related to the operator "=" defined for this specific object which deletes the data of the right member, and this specific problem is triggered when we try to use "=" with the right object equals to the left one. Anyway, this class seems to be unable to handle the case when the right and left object are the same of the operator "=".

[ksooo]

Anyway, this class seems to be unable to handle the case when the right and left object are the same of the operator "=".

Then, this class should be fixed and your workaround should not be needed.

[repojohnray]

Using a class to process the line below is absurd; We should check that the object is not identical.
A = A;

[phunkyfish]

Using a class to process the line below is absurd; We should check that the object is not identical.
A = A;

That is not the point being made. The code that results in the original problem still exists and should be refactored out if your fix is the right thing to do. Otherwise it can happen again.

[repojohnray]

I think that writing "A = A,;" should remain invalid.

Anyway, maybe adding to "const CStructHdl& operator=(const CStructHdl& right)" something like "assert(!m_owner || (m_owner && m_cStructure != right.m_cStructure));" could help to debug this kind of issue. This needs to be tested.

[howie-f]

shouldn‘t this be some kind of self assignment guard like

if (this == &right) return *this;

[ksooo]

@howie-f yes, exactly.

[ksooo]

I think that writing "A = A,;" should remain invalid.

No, this is valid, but the operator= should handle it correctly, like @howie-f suggested.

[howie-f]

@repojohnray would you like to open a respective pr?

[repojohnray]

The PR is created: xbmc/xbmc#21627

Note: This commit should be added to Matrix as well.

[ksooo]

This is inline code and although it is located in the xbmc repo, the addon needs to be recompiled after the xbmc PR was merged to actually get the fix.

[repojohnray]

xbmc/xbmc#21627 fixes this issue.