Add plex/Network/NetworkInterfaceBSD.cpp #18
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
s/downloadItem/downloadPackage in the correct place.
…cesBSD Conflicts: CMakeLists.txt Media/round.png addons/skin.plex/Media/round.png
Kwiboo
pushed a commit
to Kwiboo/xbmc
that referenced
this pull request
May 19, 2018
Class `CBusyWaiter` derives from `CThread`, and its only instance lives in the stack frame of `CGUIDialogBusy::Wait()`. Commit cc8364a triggered an ancient Kodi crash bug based on a misunderstanding how destructors work in C++, introduced in commit 64427d4 (coincidentally by the same author). Anyway, that commit cc8364a changed how cancellation gets triggered, making it more likely. And if that cancellation happens, nobody takes care for stopping the CThread properly; `~CThread()` calls `StopThread()`, but by then, the `CBusyWaiter` instance has already been morphed back to its base class `CThread`. This however triggers the crash in the still-running thread. This class morphing while calling destructors is what makes the whole `~CThread()` implementation wrong from the bottom: calling `StopThread()` from the base class destructor can never ever work properly, because it will crash the thread in any case. And if no thread were running anymore, the call would be useless. All uses of `CThread` without additional calls to `StopThread()` are a crash bug, but this commit fixes only the instance in class `CBusyWaiter`, by adding another `StopThread()` call to its destructor. This is how the crash looks like: ``` Thread 1 (Thread 0x7ff1d37fe700 (LWP 1394)): #0 __GI___pthread_mutex_lock (mutex=0x66657270747265d3) at ../nptl/pthread_mutex_lock.c:65 plexinc#1 0x0000562afcf3352c in (anonymous namespace)::CRecursiveMutex::lock (this=0x66657270747265d3) at xbmc/threads/platform/RecursiveMutex.h:45 plexinc#2 0x0000562afcf34618 in (anonymous namespace)::CountingLockable<XbmcThreads::CRecursiveMutex>::lock (this=0x66657270747265d3) at xbmc/threads/Lockables.h:63 plexinc#3 0x0000562afcf34466 in (anonymous namespace)::UniqueLock<CCriticalSection>::UniqueLock (this=0x7ff1d37fdb80, lockable=...) at xbmc/threads/Lockables.h:132 plexinc#4 0x0000562afcf3356f in CSingleLock::CSingleLock (this=0x7ff1d37fdb80, cs=...) at xbmc/threads/SingleLock.h:38 plexinc#5 0x0000562afd4ee7c7 in (anonymous namespace)::CEventGroup::Set (this=0x6665727074726563, child=0x7ffeca201060) at xbmc/threads/Event.h:127 plexinc#6 0x0000562afd4ee2db in CEvent::Set (this=0x7ffeca201060) at xbmc/threads/Event.cpp:70 plexinc#7 0x0000562afd4f16ff in CThread::staticThread (data=0x7ffeca200f80) at xbmc/threads/Thread.cpp:133 plexinc#8 0x00007ff20bd955aa in start_thread (arg=0x7ff1d37fe700) at pthread_create.c:463 plexinc#9 0x00007ff20321acbf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 ``` And this is the thread which created the `CBusyWaiter` (at the time of the crash it had already moved on): ``` Thread 19 (Thread 0x7ff20c191980 (LWP 1353)): #0 0x00007ff209da1c83 in ?? () from /usr/lib/x86_64-linux-gnu/libsqlite3.so.0 plexinc#1 0x00007ff209d9c3c6 in ?? () from /usr/lib/x86_64-linux-gnu/libsqlite3.so.0 plexinc#2 0x00007ff209dcc0ab in ?? () from /usr/lib/x86_64-linux-gnu/libsqlite3.so.0 plexinc#3 0x00007ff209dd0c9e in ?? () from /usr/lib/x86_64-linux-gnu/libsqlite3.so.0 plexinc#4 0x00007ff209dd11fe in ?? () from /usr/lib/x86_64-linux-gnu/libsqlite3.so.0 plexinc#5 0x00007ff209dd1526 in sqlite3_prepare_v2 () from /usr/lib/x86_64-linux-gnu/libsqlite3.so.0 plexinc#6 0x0000562afd755a56 in (anonymous namespace)::SqliteDataset::query (this=0x562b03898080, query=...) at xbmc/dbwrappers/sqlitedataset.cpp:649 plexinc#7 0x0000562afd33a824 in CVideoDatabase::GetScraperForPath (this=0x562b02530f00, strPath=..., settings=..., foundDirectly=@0x7ffeca201b6f: false) at xbmc/video/VideoDatabase.cpp:7297 plexinc#8 0x0000562afd33b831 in CVideoDatabase::GetContentForPath (this=0x562b02530f00, strPath=...) at xbmc/video/VideoDatabase.cpp:7426 plexinc#9 0x0000562afd27dc6c in CGUIWindowVideoNav::LoadVideoInfo (items=..., database=..., allowReplaceLabels=true) at xbmc/video/windows/GUIWindowVideoNav.cpp:578 plexinc#10 0x0000562afd27db95 in CGUIWindowVideoNav::LoadVideoInfo (this=0x562b02530760, items=...) at xbmc/video/windows/GUIWindowVideoNav.cpp:564 plexinc#11 0x0000562afd27ce81 in CGUIWindowVideoNav::GetDirectory (this=0x562b02530760, strDirectory=..., items=...) at xbmc/video/windows/GUIWindowVideoNav.cpp:545 plexinc#12 0x0000562afd3b4e35 in CGUIMediaWindow::Update (this=0x562b02530760, strDirectory=..., updateFilterPath=true) at xbmc/windows/GUIMediaWindow.cpp:806 plexinc#13 0x0000562afd274a96 in CGUIWindowVideoBase::Update (this=0x562b02530760, strDirectory=..., updateFilterPath=true) at xbmc/video/windows/GUIWindowVideoBase.cpp:1247 plexinc#14 0x0000562afd27ae04 in CGUIWindowVideoNav::Update (this=0x562b02530760, strDirectory=..., updateFilterPath=true) at xbmc/video/windows/GUIWindowVideoNav.cpp:340 plexinc#15 0x0000562afd3b6e91 in CGUIMediaWindow::OnClick (this=0x562b02530760, iItem=2, player=...) at xbmc/windows/GUIMediaWindow.cpp:1072 plexinc#16 0x0000562afd270a66 in CGUIWindowVideoBase::OnClick (this=0x562b02530760, iItem=2, player=...) at xbmc/video/windows/GUIWindowVideoBase.cpp:609 plexinc#17 0x0000562afd283ec0 in CGUIWindowVideoNav::OnClick (this=0x562b02530760, iItem=2, player=...) at xbmc/video/windows/GUIWindowVideoNav.cpp:1205 plexinc#18 0x0000562afd3b7867 in CGUIMediaWindow::OnSelect (this=0x562b02530760, item=2) at xbmc/windows/GUIMediaWindow.cpp:1141 plexinc#19 0x0000562afd270c1b in CGUIWindowVideoBase::OnSelect (this=0x562b02530760, iItem=2) at xbmc/video/windows/GUIWindowVideoBase.cpp:627 plexinc#20 0x0000562afd3b1978 in CGUIMediaWindow::OnMessage (this=0x562b02530760, message=...) at xbmc/windows/GUIMediaWindow.cpp:319 plexinc#21 0x0000562afd26e169 in CGUIWindowVideoBase::OnMessage (this=0x562b02530760, message=...) at xbmc/video/windows/GUIWindowVideoBase.cpp:200 plexinc#22 0x0000562afd27a666 in CGUIWindowVideoNav::OnMessage (this=0x562b02530760, message=...) at xbmc/video/windows/GUIWindowVideoNav.cpp:254 plexinc#23 0x0000562afd61dbba in CGUIControl::SendWindowMessage (this=0x562b03547780, message=...) at xbmc/guilib/GUIControl.cpp:316 plexinc#24 0x0000562afd60ebaa in CGUIBaseContainer::OnClick (this=0x562b03547780, actionID=7) at xbmc/guilib/GUIBaseContainer.cpp:793 plexinc#25 0x0000562afd60cce7 in CGUIBaseContainer::OnAction (this=0x562b03547780, action=...) at xbmc/guilib/GUIBaseContainer.cpp:407 plexinc#26 0x0000562afd64570b in CGUIFixedListContainer::OnAction (this=0x562b03547780, action=...) at xbmc/guilib/GUIFixedListContainer.cpp:81 plexinc#27 0x0000562afd6a69fc in CGUIWindow::OnAction (this=0x562b02530760, action=...) at xbmc/guilib/GUIWindow.cpp:435 plexinc#28 0x0000562afd3b0d43 in CGUIMediaWindow::OnAction (this=0x562b02530760, action=...) at xbmc/windows/GUIMediaWindow.cpp:202 plexinc#29 0x0000562afd26dcb7 in CGUIWindowVideoBase::OnAction (this=0x562b02530760, action=...) at xbmc/video/windows/GUIWindowVideoBase.cpp:111 plexinc#30 0x0000562afd2797a0 in CGUIWindowVideoNav::OnAction (this=0x562b02530760, action=...) at xbmc/video/windows/GUIWindowVideoNav.cpp:105 plexinc#31 0x0000562afd6b3c14 in CGUIWindowManager::HandleAction (this=0x562b01d17c60, action=...) at xbmc/guilib/GUIWindowManager.cpp:1100 plexinc#32 0x0000562afd6b39ce in CGUIWindowManager::OnAction (this=0x562b01d17c60, action=...) at xbmc/guilib/GUIWindowManager.cpp:1050 plexinc#33 0x0000562afd8e1888 in CApplication::OnAction (this=0x562b01a4d5d0, action=...) at xbmc/Application.cpp:1924 xbmc#34 0x0000562afd5b729a in CInputManager::ExecuteInputAction (this=0x562b01bb8680, action=...) at xbmc/input/InputManager.cpp:704 xbmc#35 0x0000562afd5b6c86 in CInputManager::HandleKey (this=0x562b01bb8680, key=...) at xbmc/input/InputManager.cpp:644 xbmc#36 0x0000562afd5b5ed8 in CInputManager::OnKey (this=0x562b01bb8680, key=...) at xbmc/input/InputManager.cpp:483 xbmc#37 0x0000562afd5b5be6 in CInputManager::OnEvent (this=0x562b01bb8680, newEvent=...) at xbmc/input/InputManager.cpp:442 xbmc#38 0x0000562afd8d8aaf in CApplication::HandlePortEvents (this=0x562b01a4d5d0) at xbmc/Application.cpp:341 xbmc#39 0x0000562afd8e4fe6 in CApplication::FrameMove (this=0x562b01a4d5d0, processEvents=true, processGUI=true) at xbmc/Application.cpp:2647 xbmc#40 0x0000562afd9add56 in CXBApplicationEx::Run (this=0x562b01a4d5d0, params=...) at xbmc/XBApplicationEx.cpp:107 xbmc#41 0x0000562afd528974 in XBMC_Run (renderGUI=true, params=...) at xbmc/platform/xbmc.cpp:88 xbmc#42 0x0000562afcef1e72 in main (argc=4, argv=0x7ffeca2096e8) at xbmc/platform/posix/main.cpp:108 ```
Kwiboo
pushed a commit
to Kwiboo/xbmc
that referenced
this pull request
May 19, 2018
Probably many more attributes need to be protected, but this commit
aims to fix just this crash bug:
```
==2579==ERROR: AddressSanitizer: heap-use-after-free on address 0x611003c48200 at pc 0x555558929511 bp 0x7fffc7fc2710 sp 0x7fffc7fc2708
READ of size 8 at 0x611003c48200 thread T168 (PVRManager)
#0 0x555558929510 in std::_Sp_counted_ptr<PVR::CPVRTimerType*, (__gnu_cxx::_Lock_policy)2>::_M_dispose() (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x33d5510)
plexinc#1 0x555557165886 in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x1c11886)
plexinc#2 0x555557162ff9 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x1c0eff9)
plexinc#3 0x555558913621 in std::__shared_ptr<PVR::CPVRTimerType, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x33bf621)
plexinc#4 0x555558913663 in std::shared_ptr<PVR::CPVRTimerType>::~shared_ptr() (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x33bf663)
plexinc#5 0x555558926430 in void std::_Destroy<std::shared_ptr<PVR::CPVRTimerType> >(std::shared_ptr<PVR::CPVRTimerType>*) (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x33d2430)
plexinc#6 0x555558924b2e in void std::_Destroy_aux<false>::__destroy<std::shared_ptr<PVR::CPVRTimerType>*>(std::shared_ptr<PVR::CPVRTimerType>*, std::shared_ptr<PVR::CPVRTimerType>*) (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x33d0b2e)
plexinc#7 0x5555589201a7 in void std::_Destroy<std::shared_ptr<PVR::CPVRTimerType>*>(std::shared_ptr<PVR::CPVRTimerType>*, std::shared_ptr<PVR::CPVRTimerType>*) (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x33cc1a7)
plexinc#8 0x55555891a094 in void std::_Destroy<std::shared_ptr<PVR::CPVRTimerType>*, std::shared_ptr<PVR::CPVRTimerType> >(std::shared_ptr<PVR::CPVRTimerType>*, std::shared_ptr<PVR::CPVRTimerType>*, std::allocator<std::shared_ptr<PVR::CPVRTimerType> >&) (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x33c6094)
plexinc#9 0x555558916a51 in std::vector<std::shared_ptr<PVR::CPVRTimerType>, std::allocator<std::shared_ptr<PVR::CPVRTimerType> > >::~vector() (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x33c2a51)
plexinc#10 0x555558e3fe5b in PVR::CPVRTimerType::CreateFromAttributes(unsigned int, unsigned int, int) (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x38ebe5b)
plexinc#11 0x555558e0ac61 in PVR::CPVRTimerInfoTag::CPVRTimerInfoTag(bool) (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x38b6c61)
plexinc#12 0x555558e26831 in PVR::CPVRTimers::UpdateEntries(PVR::CPVRTimersContainer const&, std::vector<int, std::allocator<int> > const&) (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x38d2831)
plexinc#13 0x555558e24fa6 in PVR::CPVRTimers::Update() (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x38d0fa6)
plexinc#14 0x555558e24b11 in PVR::CPVRTimers::Load() (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x38d0b11)
plexinc#15 0x555558fd3397 in PVR::CPVRManager::LoadComponents(PVR::CPVRGUIProgressHandler*) (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x3a7f397)
plexinc#16 0x555558fd2362 in PVR::CPVRManager::Process() (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x3a7e362)
plexinc#17 0x555558038fe0 in CThread::Action() (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x2ae4fe0)
plexinc#18 0x5555580386cc in CThread::staticThread(void*) (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x2ae46cc)
plexinc#19 0x7ffff6c0e5a9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x75a9)
plexinc#20 0x7fffee013cbe in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xf6cbe)
0x611003c48200 is located 0 bytes inside of 216-byte region [0x611003c48200,0x611003c482d8)
freed by thread T166 (JobWorker) here:
#0 0x7ffff6f01040 in operator delete(void*) (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdc040)
plexinc#1 0x555558e4071b in PVR::CPVRTimerType::~CPVRTimerType() (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x38ec71b)
plexinc#2 0x555558929540 in std::_Sp_counted_ptr<PVR::CPVRTimerType*, (__gnu_cxx::_Lock_policy)2>::_M_dispose() (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x33d5540)
plexinc#3 0x555557165886 in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x1c11886)
plexinc#4 0x55555738a63a in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::operator=(std::__shared_count<(__gnu_cxx::_Lock_policy)2> const&) (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x1e3663a)
plexinc#5 0x555558926844 in std::__shared_ptr<PVR::CPVRTimerType, (__gnu_cxx::_Lock_policy)2>::operator=(std::__shared_ptr<PVR::CPVRTimerType, (__gnu_cxx::_Lock_policy)2> const&) (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x33d2844)
plexinc#6 0x55555892686e in std::shared_ptr<PVR::CPVRTimerType>::operator=(std::shared_ptr<PVR::CPVRTimerType> const&) (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x33d286e)
plexinc#7 0x5555589268b8 in std::shared_ptr<PVR::CPVRTimerType>* std::__copy_move<false, false, std::random_access_iterator_tag>::__copy_m<std::shared_ptr<PVR::CPVRTimerType> const*, std::shared_ptr<PVR::CPVRTimerType>*>(std::shared_ptr<PVR::CPVRTimerType> const*, std::shared_ptr<PVR::CPVRTimerType> const*, std::shared_ptr<PVR::CPVRTimerType>*) (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x33d28b8)
plexinc#8 0x555558924ed2 in std::shared_ptr<PVR::CPVRTimerType>* std::__copy_move_a<false, std::shared_ptr<PVR::CPVRTimerType> const*, std::shared_ptr<PVR::CPVRTimerType>*>(std::shared_ptr<PVR::CPVRTimerType> const*, std::shared_ptr<PVR::CPVRTimerType> const*, std::shared_ptr<PVR::CPVRTimerType>*) (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x33d0ed2)
plexinc#9 0x55555892094e in __gnu_cxx::__normal_iterator<std::shared_ptr<PVR::CPVRTimerType>*, std::vector<std::shared_ptr<PVR::CPVRTimerType>, std::allocator<std::shared_ptr<PVR::CPVRTimerType> > > > std::__copy_move_a2<false, __gnu_cxx::__normal_iterator<std::shared_ptr<PVR::CPVRTimerType> const*, std::vector<std::shared_ptr<PVR::CPVRTimerType>, std::allocator<std::shared_ptr<PVR::CPVRTimerType> > > >, __gnu_cxx::__normal_iterator<std::shared_ptr<PVR::CPVRTimerType>*, std::vector<std::shared_ptr<PVR::CPVRTimerType>, std::allocator<std::shared_ptr<PVR::CPVRTimerType> > > > >(__gnu_cxx::__normal_iterator<std::shared_ptr<PVR::CPVRTimerType> const*, std::vector<std::shared_ptr<PVR::CPVRTimerType>, std::allocator<std::shared_ptr<PVR::CPVRTimerType> > > >, __gnu_cxx::__normal_iterator<std::shared_ptr<PVR::CPVRTimerType> const*, std::vector<std::shared_ptr<PVR::CPVRTimerType>, std::allocator<std::shared_ptr<PVR::CPVRTimerType> > > >, __gnu_cxx::__normal_iterator<std::shared_ptr<PVR::CPVRTimerType>*, std::vector<std::shared_ptr<PVR::CPVRTimerType>, std::allocator<std::shared_ptr<PVR::CPVRTimerType> > > >) (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x33cc94e)
plexinc#10 0x55555891b4ad in __gnu_cxx::__normal_iterator<std::shared_ptr<PVR::CPVRTimerType>*, std::vector<std::shared_ptr<PVR::CPVRTimerType>, std::allocator<std::shared_ptr<PVR::CPVRTimerType> > > > std::copy<__gnu_cxx::__normal_iterator<std::shared_ptr<PVR::CPVRTimerType> const*, std::vector<std::shared_ptr<PVR::CPVRTimerType>, std::allocator<std::shared_ptr<PVR::CPVRTimerType> > > >, __gnu_cxx::__normal_iterator<std::shared_ptr<PVR::CPVRTimerType>*, std::vector<std::shared_ptr<PVR::CPVRTimerType>, std::allocator<std::shared_ptr<PVR::CPVRTimerType> > > > >(__gnu_cxx::__normal_iterator<std::shared_ptr<PVR::CPVRTimerType> const*, std::vector<std::shared_ptr<PVR::CPVRTimerType>, std::allocator<std::shared_ptr<PVR::CPVRTimerType> > > >, __gnu_cxx::__normal_iterator<std::shared_ptr<PVR::CPVRTimerType> const*, std::vector<std::shared_ptr<PVR::CPVRTimerType>, std::allocator<std::shared_ptr<PVR::CPVRTimerType> > > >, __gnu_cxx::__normal_iterator<std::shared_ptr<PVR::CPVRTimerType>*, std::vector<std::shared_ptr<PVR::CPVRTimerType>, std::allocator<std::shared_ptr<PVR::CPVRTimerType> > > >) (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x33c74ad)
plexinc#11 0x55555891757f in std::vector<std::shared_ptr<PVR::CPVRTimerType>, std::allocator<std::shared_ptr<PVR::CPVRTimerType> > >::operator=(std::vector<std::shared_ptr<PVR::CPVRTimerType>, std::allocator<std::shared_ptr<PVR::CPVRTimerType> > > const&) (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x33c357f)
plexinc#12 0x5555588e314e in PVR::CPVRClient::GetAddonProperties() (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x338f14e)
plexinc#13 0x555558f89eec in PVR::CPVRClients::ConnectionStateChange(PVR::CPVRClient*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&, PVR_CONNECTION_STATE, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x3a35eec)
plexinc#14 0x55555904915e in PVR::CPVRClientConnectionJob::DoWork() (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x3af515e)
plexinc#15 0x555557ea8995 in CJobWorker::Process() (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x2954995)
plexinc#16 0x555558038fe0 in CThread::Action() (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x2ae4fe0)
plexinc#17 0x5555580386cc in CThread::staticThread(void*) (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x2ae46cc)
plexinc#18 0x7ffff6c0e5a9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x75a9)
```
Kwiboo
pushed a commit
to Kwiboo/xbmc
that referenced
this pull request
Jul 9, 2024
`m_iOvector` is a pointer array into the match data, so the match data must be
kept as long as `m_iOvector` is used.
Address Sanitizer output:
==28015==ERROR: AddressSanitizer: heap-use-after-free on address 0x5190000406e8 at pc 0x59cf02e5ad9e bp 0x7ffdcd8a1a10 sp 0x7ffdcd8a1a08
READ of size 8 at 0x5190000406e8 thread T0
#0 0x59cf02e5ad9d in CRegExp::PrivateRegFind(unsigned long, char const*, unsigned int, int) xbmc/utils/RegExp.cpp:425:10
plexinc#1 0x59cf013cb942 in CRegExp::RegFind(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, unsigned int, int) xbmc/utils/RegExp.h:95:12
plexinc#2 0x59cf0316a9ef in CXBMCTinyXML2::ParseHelper(unsigned long, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>&&) xbmc/utils/XBMCTinyXML2.cpp:106:12
plexinc#3 0x59cf0316965b in CXBMCTinyXML2::Parse(std::basic_string_view<char, std::char_traits<char>>) xbmc/utils/XBMCTinyXML2.cpp:82:10
plexinc#4 0x59cf03168fac in CXBMCTinyXML2::LoadFile(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/utils/XBMCTinyXML2.cpp:36:3
plexinc#5 0x59cf0563fe1b in CMediaSourceSettings::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/settings/MediaSourceSettings.cpp:85:15
plexinc#6 0x59cf0563f590 in CMediaSourceSettings::Load() xbmc/settings/MediaSourceSettings.cpp:71:10
plexinc#7 0x59cf0563f3d0 in CMediaSourceSettings::OnSettingsLoaded() xbmc/settings/MediaSourceSettings.cpp:61:3
plexinc#8 0x59cf053c86c4 in CSettingsManager::OnSettingsLoaded() xbmc/settings/lib/SettingsManager.cpp:1022:22
plexinc#9 0x59cf053969dc in CSettingsManager::Load(TiXmlElement const*, bool&, bool, std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CSetting>, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, std::shared_ptr<CSetting>>>>*) xbmc/settings/lib/SettingsManager.cpp:173:5
plexinc#10 0x59cf056ed775 in CSettingsBase::LoadValuesFromXml(TiXmlElement const*, bool&) xbmc/settings/SettingsBase.cpp:86:29
plexinc#11 0x59cf056b96b0 in CSettings::Load(TiXmlElement const*, bool&) xbmc/settings/Settings.cpp:217:23
plexinc#12 0x59cf056b8f00 in CSettings::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/settings/Settings.cpp:125:8
plexinc#13 0x59cf056b87e5 in CSettings::Load() xbmc/settings/Settings.cpp:117:10
plexinc#14 0x59cf05715a60 in CSettingsComponent::Load() xbmc/settings/SettingsComponent.cpp:83:22
plexinc#15 0x59cf041da912 in CApplication::Create() xbmc/application/Application.cpp:320:27
plexinc#16 0x59cf033b4eed in XBMC_Run xbmc/platform/xbmc.cpp:26:22
plexinc#17 0x59cf00752b7f in main xbmc/platform/posix/main.cpp:70:16
plexinc#18 0x74a07d239c87 (/usr/lib/libc.so.6+0x25c87) (BuildId: 32a656aa5562eece8c59a585f5eacd6cf5e2307b)
plexinc#19 0x74a07d239d4b in __libc_start_main (/usr/lib/libc.so.6+0x25d4b) (BuildId: 32a656aa5562eece8c59a585f5eacd6cf5e2307b)
plexinc#20 0x59cf00618804 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0x9f91804) (BuildId: fa447ae84e6fbfe91e7ec718a600116496d7607e)
0x5190000406e8 is located 104 bytes inside of 1112-byte region [0x519000040680,0x519000040ad8)
freed by thread T0 here:
#0 0x59cf007069b2 in free.part.0 (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa07f9b2) (BuildId: fa447ae84e6fbfe91e7ec718a600116496d7607e)
plexinc#1 0x59cf02e59ed8 in CRegExp::PrivateRegFind(unsigned long, char const*, unsigned int, int) xbmc/utils/RegExp.cpp:352:3
plexinc#2 0x59cf013cb942 in CRegExp::RegFind(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, unsigned int, int) xbmc/utils/RegExp.h:95:12
plexinc#3 0x59cf0316a9ef in CXBMCTinyXML2::ParseHelper(unsigned long, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>&&) xbmc/utils/XBMCTinyXML2.cpp:106:12
plexinc#4 0x59cf0316965b in CXBMCTinyXML2::Parse(std::basic_string_view<char, std::char_traits<char>>) xbmc/utils/XBMCTinyXML2.cpp:82:10
plexinc#5 0x59cf03168fac in CXBMCTinyXML2::LoadFile(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/utils/XBMCTinyXML2.cpp:36:3
plexinc#6 0x59cf0563fe1b in CMediaSourceSettings::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/settings/MediaSourceSettings.cpp:85:15
plexinc#7 0x59cf0563f590 in CMediaSourceSettings::Load() xbmc/settings/MediaSourceSettings.cpp:71:10
plexinc#8 0x59cf0563f3d0 in CMediaSourceSettings::OnSettingsLoaded() xbmc/settings/MediaSourceSettings.cpp:61:3
plexinc#9 0x59cf053c86c4 in CSettingsManager::OnSettingsLoaded() xbmc/settings/lib/SettingsManager.cpp:1022:22
plexinc#10 0x59cf053969dc in CSettingsManager::Load(TiXmlElement const*, bool&, bool, std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CSetting>, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, std::shared_ptr<CSetting>>>>*) xbmc/settings/lib/SettingsManager.cpp:173:5
plexinc#11 0x59cf056ed775 in CSettingsBase::LoadValuesFromXml(TiXmlElement const*, bool&) xbmc/settings/SettingsBase.cpp:86:29
plexinc#12 0x59cf056b96b0 in CSettings::Load(TiXmlElement const*, bool&) xbmc/settings/Settings.cpp:217:23
plexinc#13 0x59cf056b8f00 in CSettings::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/settings/Settings.cpp:125:8
plexinc#14 0x59cf056b87e5 in CSettings::Load() xbmc/settings/Settings.cpp:117:10
plexinc#15 0x59cf05715a60 in CSettingsComponent::Load() xbmc/settings/SettingsComponent.cpp:83:22
plexinc#16 0x59cf041da912 in CApplication::Create() xbmc/application/Application.cpp:320:27
plexinc#17 0x59cf033b4eed in XBMC_Run xbmc/platform/xbmc.cpp:26:22
plexinc#18 0x59cf00752b7f in main xbmc/platform/posix/main.cpp:70:16
plexinc#19 0x74a07d239c87 (/usr/lib/libc.so.6+0x25c87) (BuildId: 32a656aa5562eece8c59a585f5eacd6cf5e2307b)
plexinc#20 0x74a07d239d4b in __libc_start_main (/usr/lib/libc.so.6+0x25d4b) (BuildId: 32a656aa5562eece8c59a585f5eacd6cf5e2307b)
plexinc#21 0x59cf00618804 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0x9f91804) (BuildId: fa447ae84e6fbfe91e7ec718a600116496d7607e)
previously allocated by thread T0 here:
#0 0x59cf007079e9 in malloc (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa0809e9) (BuildId: fa447ae84e6fbfe91e7ec718a600116496d7607e)
plexinc#1 0x74a07fb7faed (/usr/lib/libpcre2-8.so.0+0x12aed) (BuildId: d6a22ace8f92ae592b620499fc467ef7899f99a0)
plexinc#2 0x74a07fbbf29f in pcre2_match_data_create_8 (/usr/lib/libpcre2-8.so.0+0x5229f) (BuildId: d6a22ace8f92ae592b620499fc467ef7899f99a0)
plexinc#3 0x59cf02e59c65 in CRegExp::PrivateRegFind(unsigned long, char const*, unsigned int, int) xbmc/utils/RegExp.cpp:347:8
plexinc#4 0x59cf013cb942 in CRegExp::RegFind(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, unsigned int, int) xbmc/utils/RegExp.h:95:12
plexinc#5 0x59cf0316a9ef in CXBMCTinyXML2::ParseHelper(unsigned long, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>&&) xbmc/utils/XBMCTinyXML2.cpp:106:12
plexinc#6 0x59cf0316965b in CXBMCTinyXML2::Parse(std::basic_string_view<char, std::char_traits<char>>) xbmc/utils/XBMCTinyXML2.cpp:82:10
plexinc#7 0x59cf03168fac in CXBMCTinyXML2::LoadFile(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/utils/XBMCTinyXML2.cpp:36:3
plexinc#8 0x59cf0563fe1b in CMediaSourceSettings::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/settings/MediaSourceSettings.cpp:85:15
plexinc#9 0x59cf0563f590 in CMediaSourceSettings::Load() xbmc/settings/MediaSourceSettings.cpp:71:10
plexinc#10 0x59cf0563f3d0 in CMediaSourceSettings::OnSettingsLoaded() xbmc/settings/MediaSourceSettings.cpp:61:3
plexinc#11 0x59cf053c86c4 in CSettingsManager::OnSettingsLoaded() xbmc/settings/lib/SettingsManager.cpp:1022:22
plexinc#12 0x59cf053969dc in CSettingsManager::Load(TiXmlElement const*, bool&, bool, std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CSetting>, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, std::shared_ptr<CSetting>>>>*) xbmc/settings/lib/SettingsManager.cpp:173:5
plexinc#13 0x59cf056ed775 in CSettingsBase::LoadValuesFromXml(TiXmlElement const*, bool&) xbmc/settings/SettingsBase.cpp:86:29
plexinc#14 0x59cf056b96b0 in CSettings::Load(TiXmlElement const*, bool&) xbmc/settings/Settings.cpp:217:23
plexinc#15 0x59cf056b8f00 in CSettings::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/settings/Settings.cpp:125:8
plexinc#16 0x59cf056b87e5 in CSettings::Load() xbmc/settings/Settings.cpp:117:10
plexinc#17 0x59cf05715a60 in CSettingsComponent::Load() xbmc/settings/SettingsComponent.cpp:83:22
plexinc#18 0x59cf041da912 in CApplication::Create() xbmc/application/Application.cpp:320:27
plexinc#19 0x59cf033b4eed in XBMC_Run xbmc/platform/xbmc.cpp:26:22
plexinc#20 0x59cf00752b7f in main xbmc/platform/posix/main.cpp:70:16
plexinc#21 0x74a07d239c87 (/usr/lib/libc.so.6+0x25c87) (BuildId: 32a656aa5562eece8c59a585f5eacd6cf5e2307b)
plexinc#22 0x74a07d239d4b in __libc_start_main (/usr/lib/libc.so.6+0x25d4b) (BuildId: 32a656aa5562eece8c59a585f5eacd6cf5e2307b)
plexinc#23 0x59cf00618804 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0x9f91804) (BuildId: fa447ae84e6fbfe91e7ec718a600116496d7607e)
SUMMARY: AddressSanitizer: heap-use-after-free xbmc/utils/RegExp.cpp:425:10 in CRegExp::PrivateRegFind(unsigned long, char const*, unsigned int, int)
Shadow bytes around the buggy address:
0x519000040400: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x519000040480: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x519000040500: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x519000040580: fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa fa
0x519000040600: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x519000040680: fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd
0x519000040700: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x519000040780: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x519000040800: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x519000040880: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x519000040900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==28015==ABORTING
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This provides plexhometheater with the ability to detect Network Interface changes using BSD sockets (rather than Netlink which is specific to Linux)