Freebsd support: sed portability #14

Fneufneu · 2011-01-27T17:29:27Z

on non gnu sed (like we found on all bsd), + is not a basic regular expression
so use * instead

so use * instead

so replace it by two install command install -d folder install file find -regextype posix-extended does not exist on BSD and OSX. replace it with find -E -printf does not exist on BSD and OSX. replace it with -exec printf "%s" "{}" - install -D exec two commands separate by a -and

Backport 2851b1f from upstream FFmpeg, it fixes a rare matroskadec crash: matroskadec: check that pointers were initialized before accessing them fix ticket #14 Signed-off-by: Aurelien Jacobs <aurel@gnuage.org>

Dcadec

Fix/workaround for crash when opening PVR recording for playback. Seems thumb extractor job close pvr recorded stream while read operation is running. Now as workaround this commit forbids the thumb extractor job for PVR item. Program terminated with signal SIGSEGV, Segmentation fault. Thread 1 (Thread 0x7fededd6a700 (LWP 5095)): ... xbmc#4 0x0000000000fda1af in PVR::CPVRClient::ReadStream (this=0x7fedcc000c40, lpBuf=lpBuf@entry=0x7fede40bdf80, uiBufSize=uiBufSize@entry=32768) at PVRClient.cpp:1302 xbmc#5 0x0000000000fe462c in PVR::CPVRClients::ReadStream (this=<optimized out>, lpBuf=lpBuf@entry=0x7fede40bdf80, uiBufSize=uiBufSize@entry=32768) at PVRClients.cpp:1551 xbmc#6 0x0000000000af4a86 in XFILE::CPVRFile::Read (this=<optimized out>, buffer=0x7fede40bdf80, size=32768) at PVRFile.cpp:117 xbmc#7 0x000000000095ddc9 in CDVDInputStreamPVRManager::Read (this=0x7fede4027b50, buf=<optimized out>, buf_size=<optimized out>) at DVDInputStreamPVRManager.cpp:177 xbmc#8 0x0000000001724d92 in fill_buffer (s=0x7fede4059a60) at libavformat/aviobuf.c:477 xbmc#9 avio_read (s=s@entry=0x7fede4059a60, buf=0x7fede406f1f0 "x\005", size=size@entry=2048) at libavformat/aviobuf.c:564 xbmc#10 0x00000000017441e9 in av_probe_input_buffer2 (pb=0x7fede4059a60, fmt=0x7fededd61b58, filename=<optimized out>, logctx=0x0, offset=0, max_probe_size=1048576) at libavformat/format.c:282 xbmc#11 0x00000000017443f9 in av_probe_input_buffer (pb=<optimized out>, fmt=<optimized out>, filename=<optimized out>, logctx=<optimized out>, offset=<optimized out>, max_probe_size=<optimized out>) at libavformat/format.c:336 xbmc#12 0x000000000094ca69 in CDVDDemuxFFmpeg::Open (this=this@entry=0x7fede4015dc0, pInput=pInput@entry=0x7fede4027b50, streaminfo=streaminfo@entry=true, fileinfo=fileinfo@entry=false) at DVDDemuxFFmpeg.cpp:289 xbmc#13 0x00000000009468f8 in CDVDFactoryDemuxer::CreateDemuxer (pInputStream=0x7fede4027b50, fileinfo=fileinfo@entry=false) at DVDFactoryDemuxer.cpp:134 xbmc#14 0x00000000018dcb33 in CDVDPlayer::OpenDemuxStream (this=this@entry=0x95407e0) at DVDPlayer.cpp:797 xbmc#15 0x00000000018e5573 in CDVDPlayer::Process (this=0x95407e0) at DVDPlayer.cpp:1117 Thread 32 (Thread 0x7fedaeffd700 (LWP 5088)): ... xbmc#15 0x0000000000fda72d in PVR::CPVRClient::CloseStream (this=0x7fedcc000c40) at PVRClient.cpp:1772 xbmc#16 0x0000000000fe454e in PVR::CPVRClients::CloseStream (this=0x7fede0000ad0) at PVRClients.cpp:1538 xbmc#17 0x0000000000c79fe1 in PVR::CPVRManager::CloseStream (this=0x237d3e0 <PVR::CPVRManager::Get()::pvrManagerInstance>) at PVRManager.cpp:1090 xbmc#18 0x000000000095ec4a in CDVDInputStreamPVRManager::Close (this=this@entry=0x7fed84008f10) at DVDInputStreamPVRManager.cpp:151 xbmc#19 0x000000000095ed04 in CDVDInputStreamPVRManager::~CDVDInputStreamPVRManager (this=0x7fed84008f10, __in_chrg=<optimized out>) at DVDInputStreamPVRManager.cpp:57 xbmc#20 0x000000000095edc9 in CDVDInputStreamPVRManager::~CDVDInputStreamPVRManager (this=0x7fed84008f10, __in_chrg=<optimized out>) at DVDInputStreamPVRManager.cpp:58 xbmc#21 0x000000000091d434 in CDVDFileInfo::GetFileStreamDetails (pItem=pItem@entry=0x7fede40d57d0) at DVDFileInfo.cpp:360 xbmc#22 0x0000000000861942 in CThumbExtractor::DoWork (this=0x7fede40d57b0) at VideoThumbLoader.cpp:135 xbmc#23 0x0000000000f4fe59 in CJobWorker::Process (this=0x45e22c0) at JobManager.cpp:68

Shouldn't happen, but it does, apparently... *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** Build fingerprint: 'NVIDIA/foster_e/foster:6.0/MRA58K/324774_733.8518:user/release-keys' Revision: '0' ABI: 'arm' pid: 20646, tid: 20677, name: Thread-3241 >>> com.semperpax.spmc16 <<< signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr -------- Abort message: 'art/runtime/java_vm_ext.cc:410] JNI DETECTED ERROR IN APPLICATION: java_object == null' r0 00000000 r1 000050c5 r2 00000006 r3 57a82978 r4 57a82980 r5 57a82930 r6 00000001 r7 0000010c r8 4345a378 r9 42c7c800 sl 00000001 fp 00000001 ip 00000006 sp 57a82428 lr 4060b339 pc 4060caf4 cpsr 40070010 backtrace: #00 pc 00041af4 /system/lib/libc.so (tgkill+12) xbmc#1 pc 00040335 /system/lib/libc.so (pthread_kill+32) xbmc#2 pc 0001ca6f /system/lib/libc.so (raise+10) xbmc#3 pc 00019c21 /system/lib/libc.so (__libc_android_abort+34) xbmc#4 pc 000174e4 /system/lib/libc.so (abort+4) xbmc#5 pc 003338d1 /system/lib/libart.so (_ZN3art7Runtime5AbortEv+228) xbmc#6 pc 000f45fb /system/lib/libart.so (_ZN3art10LogMessageD2Ev+2226) xbmc#7 pc 0025aa27 /system/lib/libart.so (_ZN3art9JavaVMExt8JniAbortEPKcS2_+1550) xbmc#8 pc 0025ae53 /system/lib/libart.so (_ZN3art9JavaVMExt9JniAbortFEPKcS2_z+74) xbmc#9 pc 002802e3 /system/lib/libart.so (_ZN3art3JNI14GetObjectClassEP7_JNIEnvP8_jobject+454) xbmc#10 pc 00c85418 /data/app/com.semperpax.spmc16-1/lib/arm/libspmc.so (_ZNK19CJNIViewInputDevice7getNameEv+36) xbmc#11 pc 00c5f6b8 /data/app/com.semperpax.spmc16-1/lib/arm/libspmc.so (_ZN17CWinEventsAndroid11MessagePumpEv+1064) xbmc#12 pc 00b09f84 /data/app/com.semperpax.spmc16-1/lib/arm/libspmc.so (_ZN12CApplication9FrameMoveEbb+208) xbmc#13 pc 00b9729c /data/app/com.semperpax.spmc16-1/lib/arm/libspmc.so (_ZN16CXBApplicationEx3RunEv+196) xbmc#14 pc 00b9c4fc /data/app/com.semperpax.spmc16-1/lib/arm/libspmc.so (XBMC_Run+340) xbmc#15 pc 00508b78 /data/app/com.semperpax.spmc16-1/lib/arm/libspmc.so (_ZN8CXBMCApp3runEv+44) xbmc#16 pc 0050aab8 /data/app/com.semperpax.spmc16-1/lib/arm/libspmc.so (_Z10thread_runI8CXBMCAppXadL_ZNS0_3runEvEEEPvS1_+4) xbmc#17 pc 0003fc37 /system/lib/libc.so (_ZL15__pthread_startPv+30) xbmc#18 pc 0001a2a3 /system/lib/libc.so (__start_thread+6)

Report from Android O tesing on O: From: <android-developer-preview-no-reply@google.com> Date: Apr 19, 2017 21:20 Subject: Native crash when trying to open Kodi addon To: <developers@kodi.tv> Cc: <androidsupport@kodi.tv> Hello, In preparation for the upcoming release of Android O, we've been rigorously testing popular applications on Google Play, including ”Kodi" [org.xbmc.kodi]. During testing, we uncovered a bug specific to your application running on the Android O Developer Preview. Here are the details: Step(s) to Reproduce: Install “Kodi” application from Play store Launch the application Tap Add-Ons from the menu Expected Result(s): App should not crash when tapping Add-Ons Observed Result(s): App crashes when tapping Add-Ons Possible Root Cause(s): It looks like Kodi is fetching an icon from PackageManager and calling this method: icon.getBitmap(). This used to work in N and below because all Icons were png, in which they could be cast to BitmapDrawable. However, starting in the next OS, there is no guarantee icon drawable objects can automatically convert to BitmapDrawable. There is also no guarantee that all of BitmapDrawable's methods (such as getBitmap) will be readily available. Log: java_vm_ext.cc:504] JNI DETECTED ERROR IN APPLICATION: mid == null Revision: '0' ABI: 'arm64' pid: 9423, tid: 9469, name: Thread-5 >>> org.xbmc.kodi <<< signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr -------- Abort message: 'java_vm_ext.cc:504] JNI DETECTED ERROR IN APPLICATION: mid == null' x0 0000000000000000 x1 00000000000024fd x2 0000000000000006 x3 0000000000000008 x4 0000000000000114 x5 00000000000000ff x6 0000000000000000 x7 0080808080808080 x8 0000000000000083 x9 6cd9bf0d77661d2f x10 0000000000000001 x11 0000000000000001 x12 ffffffffffffffff x13 0000000000000008 x14 ffffffffffffffff x15 0030fcf94d051582 x16 00000073abd6d300 x17 00000073abd0f3fc x18 0000000000000020 x19 00000000000024cf x20 00000000000024fd x21 0000007388714700 x22 0000000000000002 x23 00000000000000c1 x24 00000000000009b7 x25 000000738c527600 x26 00000000000009b6 x27 00000073883fea20 x28 0000000000000059 x29 00000073883fe8c0 x30 00000073abcc390c sp 00000073883fe880 pc 00000073abd0f404 pstate 0000000000000000 backtrace: #00 pc 0000000000069404 /system/lib64/libc.so (tgkill+8) #1 pc 000000000001d908 /system/lib64/libc.so (abort+80) #2 pc 00000000004325bc /system/lib64/libart.so (_ZN3art7Runtime5AbortEPKc+528) #3 pc 0000000000432ccc /system/lib64/libart.so (_ZN3art7Runtime7AborterEPKc+24) #4 pc 000000000051c578 /system/lib64/libart.so (_ZN7android4base10LogMessageD1Ev+1016) #5 pc 00000000002d0920 /system/lib64/libart.so (_ZN3art9JavaVMExt8JniAbortEPKcS2_+1716) #6 pc 00000000002d0bec /system/lib64/libart.so (_ZN3art9JavaVMExt9JniAbortFEPKcS2_z+176) xbmc#7 pc 000000000031482c /system/lib64/libart.so (_ZN3art3JNI17CallObjectMethodVEP7_JNIEnvP8_jobjectP10_jmethodIDSt9__va_list+1440) xbmc#8 pc 00000000013b8920 /data/app/org.xbmc.kodi-TYKIN- 5zBb80hcqOZMy_tw==/lib/arm64/libkodi.so (_ZN3jni7details20call_jhobject_methodEP7_JNIEnvP8_jobjectP10_jmethodIDz+148) xbmc#9 pc 000000000139f7a4 /data/app/org.xbmc.kodi-TYKIN- 5zBb80hcqOZMy_tw==/lib/arm64/libkodi.so (_ZN18CJNIBitmapDrawable9getBitmapEv+148) xbmc#10 pc 000000000130b8ac /data/app/org.xbmc.kodi-TYKIN- 5zBb80hcqOZMy_tw==/lib/arm64/libkodi.so (_ZN5XFILE15CFileAndroidApp8ReadIconEPPhPjS3_+1008) xbmc#11 pc 0000000000cb33fc /data/app/org.xbmc.kodi-TYKIN- 5zBb80hcqOZMy_tw==/lib/arm64/libkodi.so (_ZN12CBaseTexture12LoadFromFileERKSsjjbS1_+232) xbmc#12 pc 0000000000e8d6b0 /data/app/org.xbmc.kodi-TYKIN- 5zBb80hcqOZMy_tw==/lib/arm64/libkodi.so (_ZN12CImageLoader6DoWorkEv+524) xbmc#13 pc 0000000000ad8ab8 /data/app/org.xbmc.kodi-TYKIN- 5zBb80hcqOZMy_tw==/lib/arm64/libkodi.so (_ZN10CJobWorker7ProcessEv+68) xbmc#14 pc 0000000000b69184 /data/app/org.xbmc.kodi-TYKIN- 5zBb80hcqOZMy_tw==/lib/arm64/libkodi.so (_ZN7CThread6ActionEv+44) xbmc#15 pc 0000000000b69418 /data/app/org.xbmc.kodi-TYKIN- 5zBb80hcqOZMy_tw==/lib/arm64/libkodi.so (_ZN7CThread12staticThreadEPv+148) xbmc#16 pc 0000000000065db4 /system/lib64/libc.so (_ZL15__pthread_startPv+36) xbmc#17 pc 000000000001ec9c /system/lib64/libc.so (__start_thread+68) We wanted to let you know so you could take a look and address the issue. Please do not reply to this message. If you discover an issue with the platform running Android O Dev Preview, please file a bug in our issue tracker. Thanks! Android Support Team

Class `CBusyWaiter` derives from `CThread`, and its only instance lives in the stack frame of `CGUIDialogBusy::Wait()`. Commit cc8364a triggered an ancient Kodi crash bug based on a misunderstanding how destructors work in C++, introduced in commit 64427d4 (coincidentally by the same author). Anyway, that commit cc8364a changed how cancellation gets triggered, making it more likely. And if that cancellation happens, nobody takes care for stopping the CThread properly; `~CThread()` calls `StopThread()`, but by then, the `CBusyWaiter` instance has already been morphed back to its base class `CThread`. This however triggers the crash in the still-running thread. This class morphing while calling destructors is what makes the whole `~CThread()` implementation wrong from the bottom: calling `StopThread()` from the base class destructor can never ever work properly, because it will crash the thread in any case. And if no thread were running anymore, the call would be useless. All uses of `CThread` without additional calls to `StopThread()` are a crash bug, but this commit fixes only the instance in class `CBusyWaiter`, by adding another `StopThread()` call to its destructor. This is how the crash looks like: ``` Thread 1 (Thread 0x7ff1d37fe700 (LWP 1394)): #0 __GI___pthread_mutex_lock (mutex=0x66657270747265d3) at ../nptl/pthread_mutex_lock.c:65 #1 0x0000562afcf3352c in (anonymous namespace)::CRecursiveMutex::lock (this=0x66657270747265d3) at xbmc/threads/platform/RecursiveMutex.h:45 #2 0x0000562afcf34618 in (anonymous namespace)::CountingLockable<XbmcThreads::CRecursiveMutex>::lock (this=0x66657270747265d3) at xbmc/threads/Lockables.h:63 xbmc#3 0x0000562afcf34466 in (anonymous namespace)::UniqueLock<CCriticalSection>::UniqueLock (this=0x7ff1d37fdb80, lockable=...) at xbmc/threads/Lockables.h:132 xbmc#4 0x0000562afcf3356f in CSingleLock::CSingleLock (this=0x7ff1d37fdb80, cs=...) at xbmc/threads/SingleLock.h:38 xbmc#5 0x0000562afd4ee7c7 in (anonymous namespace)::CEventGroup::Set (this=0x6665727074726563, child=0x7ffeca201060) at xbmc/threads/Event.h:127 xbmc#6 0x0000562afd4ee2db in CEvent::Set (this=0x7ffeca201060) at xbmc/threads/Event.cpp:70 xbmc#7 0x0000562afd4f16ff in CThread::staticThread (data=0x7ffeca200f80) at xbmc/threads/Thread.cpp:133 xbmc#8 0x00007ff20bd955aa in start_thread (arg=0x7ff1d37fe700) at pthread_create.c:463 xbmc#9 0x00007ff20321acbf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 ``` And this is the thread which created the `CBusyWaiter` (at the time of the crash it had already moved on): ``` Thread 19 (Thread 0x7ff20c191980 (LWP 1353)): #0 0x00007ff209da1c83 in ?? () from /usr/lib/x86_64-linux-gnu/libsqlite3.so.0 #1 0x00007ff209d9c3c6 in ?? () from /usr/lib/x86_64-linux-gnu/libsqlite3.so.0 #2 0x00007ff209dcc0ab in ?? () from /usr/lib/x86_64-linux-gnu/libsqlite3.so.0 xbmc#3 0x00007ff209dd0c9e in ?? () from /usr/lib/x86_64-linux-gnu/libsqlite3.so.0 xbmc#4 0x00007ff209dd11fe in ?? () from /usr/lib/x86_64-linux-gnu/libsqlite3.so.0 xbmc#5 0x00007ff209dd1526 in sqlite3_prepare_v2 () from /usr/lib/x86_64-linux-gnu/libsqlite3.so.0 xbmc#6 0x0000562afd755a56 in (anonymous namespace)::SqliteDataset::query (this=0x562b03898080, query=...) at xbmc/dbwrappers/sqlitedataset.cpp:649 xbmc#7 0x0000562afd33a824 in CVideoDatabase::GetScraperForPath (this=0x562b02530f00, strPath=..., settings=..., foundDirectly=@0x7ffeca201b6f: false) at xbmc/video/VideoDatabase.cpp:7297 xbmc#8 0x0000562afd33b831 in CVideoDatabase::GetContentForPath (this=0x562b02530f00, strPath=...) at xbmc/video/VideoDatabase.cpp:7426 xbmc#9 0x0000562afd27dc6c in CGUIWindowVideoNav::LoadVideoInfo (items=..., database=..., allowReplaceLabels=true) at xbmc/video/windows/GUIWindowVideoNav.cpp:578 xbmc#10 0x0000562afd27db95 in CGUIWindowVideoNav::LoadVideoInfo (this=0x562b02530760, items=...) at xbmc/video/windows/GUIWindowVideoNav.cpp:564 xbmc#11 0x0000562afd27ce81 in CGUIWindowVideoNav::GetDirectory (this=0x562b02530760, strDirectory=..., items=...) at xbmc/video/windows/GUIWindowVideoNav.cpp:545 xbmc#12 0x0000562afd3b4e35 in CGUIMediaWindow::Update (this=0x562b02530760, strDirectory=..., updateFilterPath=true) at xbmc/windows/GUIMediaWindow.cpp:806 xbmc#13 0x0000562afd274a96 in CGUIWindowVideoBase::Update (this=0x562b02530760, strDirectory=..., updateFilterPath=true) at xbmc/video/windows/GUIWindowVideoBase.cpp:1247 xbmc#14 0x0000562afd27ae04 in CGUIWindowVideoNav::Update (this=0x562b02530760, strDirectory=..., updateFilterPath=true) at xbmc/video/windows/GUIWindowVideoNav.cpp:340 xbmc#15 0x0000562afd3b6e91 in CGUIMediaWindow::OnClick (this=0x562b02530760, iItem=2, player=...) at xbmc/windows/GUIMediaWindow.cpp:1072 xbmc#16 0x0000562afd270a66 in CGUIWindowVideoBase::OnClick (this=0x562b02530760, iItem=2, player=...) at xbmc/video/windows/GUIWindowVideoBase.cpp:609 xbmc#17 0x0000562afd283ec0 in CGUIWindowVideoNav::OnClick (this=0x562b02530760, iItem=2, player=...) at xbmc/video/windows/GUIWindowVideoNav.cpp:1205 xbmc#18 0x0000562afd3b7867 in CGUIMediaWindow::OnSelect (this=0x562b02530760, item=2) at xbmc/windows/GUIMediaWindow.cpp:1141 xbmc#19 0x0000562afd270c1b in CGUIWindowVideoBase::OnSelect (this=0x562b02530760, iItem=2) at xbmc/video/windows/GUIWindowVideoBase.cpp:627 xbmc#20 0x0000562afd3b1978 in CGUIMediaWindow::OnMessage (this=0x562b02530760, message=...) at xbmc/windows/GUIMediaWindow.cpp:319 xbmc#21 0x0000562afd26e169 in CGUIWindowVideoBase::OnMessage (this=0x562b02530760, message=...) at xbmc/video/windows/GUIWindowVideoBase.cpp:200 xbmc#22 0x0000562afd27a666 in CGUIWindowVideoNav::OnMessage (this=0x562b02530760, message=...) at xbmc/video/windows/GUIWindowVideoNav.cpp:254 xbmc#23 0x0000562afd61dbba in CGUIControl::SendWindowMessage (this=0x562b03547780, message=...) at xbmc/guilib/GUIControl.cpp:316 xbmc#24 0x0000562afd60ebaa in CGUIBaseContainer::OnClick (this=0x562b03547780, actionID=7) at xbmc/guilib/GUIBaseContainer.cpp:793 xbmc#25 0x0000562afd60cce7 in CGUIBaseContainer::OnAction (this=0x562b03547780, action=...) at xbmc/guilib/GUIBaseContainer.cpp:407 xbmc#26 0x0000562afd64570b in CGUIFixedListContainer::OnAction (this=0x562b03547780, action=...) at xbmc/guilib/GUIFixedListContainer.cpp:81 xbmc#27 0x0000562afd6a69fc in CGUIWindow::OnAction (this=0x562b02530760, action=...) at xbmc/guilib/GUIWindow.cpp:435 xbmc#28 0x0000562afd3b0d43 in CGUIMediaWindow::OnAction (this=0x562b02530760, action=...) at xbmc/windows/GUIMediaWindow.cpp:202 xbmc#29 0x0000562afd26dcb7 in CGUIWindowVideoBase::OnAction (this=0x562b02530760, action=...) at xbmc/video/windows/GUIWindowVideoBase.cpp:111 xbmc#30 0x0000562afd2797a0 in CGUIWindowVideoNav::OnAction (this=0x562b02530760, action=...) at xbmc/video/windows/GUIWindowVideoNav.cpp:105 xbmc#31 0x0000562afd6b3c14 in CGUIWindowManager::HandleAction (this=0x562b01d17c60, action=...) at xbmc/guilib/GUIWindowManager.cpp:1100 xbmc#32 0x0000562afd6b39ce in CGUIWindowManager::OnAction (this=0x562b01d17c60, action=...) at xbmc/guilib/GUIWindowManager.cpp:1050 xbmc#33 0x0000562afd8e1888 in CApplication::OnAction (this=0x562b01a4d5d0, action=...) at xbmc/Application.cpp:1924 xbmc#34 0x0000562afd5b729a in CInputManager::ExecuteInputAction (this=0x562b01bb8680, action=...) at xbmc/input/InputManager.cpp:704 xbmc#35 0x0000562afd5b6c86 in CInputManager::HandleKey (this=0x562b01bb8680, key=...) at xbmc/input/InputManager.cpp:644 xbmc#36 0x0000562afd5b5ed8 in CInputManager::OnKey (this=0x562b01bb8680, key=...) at xbmc/input/InputManager.cpp:483 xbmc#37 0x0000562afd5b5be6 in CInputManager::OnEvent (this=0x562b01bb8680, newEvent=...) at xbmc/input/InputManager.cpp:442 xbmc#38 0x0000562afd8d8aaf in CApplication::HandlePortEvents (this=0x562b01a4d5d0) at xbmc/Application.cpp:341 xbmc#39 0x0000562afd8e4fe6 in CApplication::FrameMove (this=0x562b01a4d5d0, processEvents=true, processGUI=true) at xbmc/Application.cpp:2647 xbmc#40 0x0000562afd9add56 in CXBApplicationEx::Run (this=0x562b01a4d5d0, params=...) at xbmc/XBApplicationEx.cpp:107 xbmc#41 0x0000562afd528974 in XBMC_Run (renderGUI=true, params=...) at xbmc/platform/xbmc.cpp:88 xbmc#42 0x0000562afcef1e72 in main (argc=4, argv=0x7ffeca2096e8) at xbmc/platform/posix/main.cpp:108 ```

Probably many more attributes need to be protected, but this commit aims to fix just this crash bug: ``` ==2579==ERROR: AddressSanitizer: heap-use-after-free on address 0x611003c48200 at pc 0x555558929511 bp 0x7fffc7fc2710 sp 0x7fffc7fc2708 READ of size 8 at 0x611003c48200 thread T168 (PVRManager) #0 0x555558929510 in std::_Sp_counted_ptr<PVR::CPVRTimerType*, (__gnu_cxx::_Lock_policy)2>::_M_dispose() (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x33d5510) #1 0x555557165886 in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x1c11886) #2 0x555557162ff9 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x1c0eff9) xbmc#3 0x555558913621 in std::__shared_ptr<PVR::CPVRTimerType, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x33bf621) xbmc#4 0x555558913663 in std::shared_ptr<PVR::CPVRTimerType>::~shared_ptr() (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x33bf663) xbmc#5 0x555558926430 in void std::_Destroy<std::shared_ptr<PVR::CPVRTimerType> >(std::shared_ptr<PVR::CPVRTimerType>*) (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x33d2430) xbmc#6 0x555558924b2e in void std::_Destroy_aux<false>::__destroy<std::shared_ptr<PVR::CPVRTimerType>*>(std::shared_ptr<PVR::CPVRTimerType>*, std::shared_ptr<PVR::CPVRTimerType>*) (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x33d0b2e) xbmc#7 0x5555589201a7 in void std::_Destroy<std::shared_ptr<PVR::CPVRTimerType>*>(std::shared_ptr<PVR::CPVRTimerType>*, std::shared_ptr<PVR::CPVRTimerType>*) (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x33cc1a7) xbmc#8 0x55555891a094 in void std::_Destroy<std::shared_ptr<PVR::CPVRTimerType>*, std::shared_ptr<PVR::CPVRTimerType> >(std::shared_ptr<PVR::CPVRTimerType>*, std::shared_ptr<PVR::CPVRTimerType>*, std::allocator<std::shared_ptr<PVR::CPVRTimerType> >&) (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x33c6094) xbmc#9 0x555558916a51 in std::vector<std::shared_ptr<PVR::CPVRTimerType>, std::allocator<std::shared_ptr<PVR::CPVRTimerType> > >::~vector() (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x33c2a51) xbmc#10 0x555558e3fe5b in PVR::CPVRTimerType::CreateFromAttributes(unsigned int, unsigned int, int) (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x38ebe5b) xbmc#11 0x555558e0ac61 in PVR::CPVRTimerInfoTag::CPVRTimerInfoTag(bool) (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x38b6c61) xbmc#12 0x555558e26831 in PVR::CPVRTimers::UpdateEntries(PVR::CPVRTimersContainer const&, std::vector<int, std::allocator<int> > const&) (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x38d2831) xbmc#13 0x555558e24fa6 in PVR::CPVRTimers::Update() (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x38d0fa6) xbmc#14 0x555558e24b11 in PVR::CPVRTimers::Load() (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x38d0b11) xbmc#15 0x555558fd3397 in PVR::CPVRManager::LoadComponents(PVR::CPVRGUIProgressHandler*) (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x3a7f397) xbmc#16 0x555558fd2362 in PVR::CPVRManager::Process() (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x3a7e362) xbmc#17 0x555558038fe0 in CThread::Action() (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x2ae4fe0) xbmc#18 0x5555580386cc in CThread::staticThread(void*) (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x2ae46cc) xbmc#19 0x7ffff6c0e5a9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x75a9) xbmc#20 0x7fffee013cbe in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xf6cbe) 0x611003c48200 is located 0 bytes inside of 216-byte region [0x611003c48200,0x611003c482d8) freed by thread T166 (JobWorker) here: #0 0x7ffff6f01040 in operator delete(void*) (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdc040) #1 0x555558e4071b in PVR::CPVRTimerType::~CPVRTimerType() (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x38ec71b) #2 0x555558929540 in std::_Sp_counted_ptr<PVR::CPVRTimerType*, (__gnu_cxx::_Lock_policy)2>::_M_dispose() (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x33d5540) xbmc#3 0x555557165886 in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x1c11886) xbmc#4 0x55555738a63a in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::operator=(std::__shared_count<(__gnu_cxx::_Lock_policy)2> const&) (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x1e3663a) xbmc#5 0x555558926844 in std::__shared_ptr<PVR::CPVRTimerType, (__gnu_cxx::_Lock_policy)2>::operator=(std::__shared_ptr<PVR::CPVRTimerType, (__gnu_cxx::_Lock_policy)2> const&) (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x33d2844) xbmc#6 0x55555892686e in std::shared_ptr<PVR::CPVRTimerType>::operator=(std::shared_ptr<PVR::CPVRTimerType> const&) (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x33d286e) xbmc#7 0x5555589268b8 in std::shared_ptr<PVR::CPVRTimerType>* std::__copy_move<false, false, std::random_access_iterator_tag>::__copy_m<std::shared_ptr<PVR::CPVRTimerType> const*, std::shared_ptr<PVR::CPVRTimerType>*>(std::shared_ptr<PVR::CPVRTimerType> const*, std::shared_ptr<PVR::CPVRTimerType> const*, std::shared_ptr<PVR::CPVRTimerType>*) (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x33d28b8) xbmc#8 0x555558924ed2 in std::shared_ptr<PVR::CPVRTimerType>* std::__copy_move_a<false, std::shared_ptr<PVR::CPVRTimerType> const*, std::shared_ptr<PVR::CPVRTimerType>*>(std::shared_ptr<PVR::CPVRTimerType> const*, std::shared_ptr<PVR::CPVRTimerType> const*, std::shared_ptr<PVR::CPVRTimerType>*) (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x33d0ed2) xbmc#9 0x55555892094e in __gnu_cxx::__normal_iterator<std::shared_ptr<PVR::CPVRTimerType>*, std::vector<std::shared_ptr<PVR::CPVRTimerType>, std::allocator<std::shared_ptr<PVR::CPVRTimerType> > > > std::__copy_move_a2<false, __gnu_cxx::__normal_iterator<std::shared_ptr<PVR::CPVRTimerType> const*, std::vector<std::shared_ptr<PVR::CPVRTimerType>, std::allocator<std::shared_ptr<PVR::CPVRTimerType> > > >, __gnu_cxx::__normal_iterator<std::shared_ptr<PVR::CPVRTimerType>*, std::vector<std::shared_ptr<PVR::CPVRTimerType>, std::allocator<std::shared_ptr<PVR::CPVRTimerType> > > > >(__gnu_cxx::__normal_iterator<std::shared_ptr<PVR::CPVRTimerType> const*, std::vector<std::shared_ptr<PVR::CPVRTimerType>, std::allocator<std::shared_ptr<PVR::CPVRTimerType> > > >, __gnu_cxx::__normal_iterator<std::shared_ptr<PVR::CPVRTimerType> const*, std::vector<std::shared_ptr<PVR::CPVRTimerType>, std::allocator<std::shared_ptr<PVR::CPVRTimerType> > > >, __gnu_cxx::__normal_iterator<std::shared_ptr<PVR::CPVRTimerType>*, std::vector<std::shared_ptr<PVR::CPVRTimerType>, std::allocator<std::shared_ptr<PVR::CPVRTimerType> > > >) (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x33cc94e) xbmc#10 0x55555891b4ad in __gnu_cxx::__normal_iterator<std::shared_ptr<PVR::CPVRTimerType>*, std::vector<std::shared_ptr<PVR::CPVRTimerType>, std::allocator<std::shared_ptr<PVR::CPVRTimerType> > > > std::copy<__gnu_cxx::__normal_iterator<std::shared_ptr<PVR::CPVRTimerType> const*, std::vector<std::shared_ptr<PVR::CPVRTimerType>, std::allocator<std::shared_ptr<PVR::CPVRTimerType> > > >, __gnu_cxx::__normal_iterator<std::shared_ptr<PVR::CPVRTimerType>*, std::vector<std::shared_ptr<PVR::CPVRTimerType>, std::allocator<std::shared_ptr<PVR::CPVRTimerType> > > > >(__gnu_cxx::__normal_iterator<std::shared_ptr<PVR::CPVRTimerType> const*, std::vector<std::shared_ptr<PVR::CPVRTimerType>, std::allocator<std::shared_ptr<PVR::CPVRTimerType> > > >, __gnu_cxx::__normal_iterator<std::shared_ptr<PVR::CPVRTimerType> const*, std::vector<std::shared_ptr<PVR::CPVRTimerType>, std::allocator<std::shared_ptr<PVR::CPVRTimerType> > > >, __gnu_cxx::__normal_iterator<std::shared_ptr<PVR::CPVRTimerType>*, std::vector<std::shared_ptr<PVR::CPVRTimerType>, std::allocator<std::shared_ptr<PVR::CPVRTimerType> > > >) (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x33c74ad) xbmc#11 0x55555891757f in std::vector<std::shared_ptr<PVR::CPVRTimerType>, std::allocator<std::shared_ptr<PVR::CPVRTimerType> > >::operator=(std::vector<std::shared_ptr<PVR::CPVRTimerType>, std::allocator<std::shared_ptr<PVR::CPVRTimerType> > > const&) (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x33c357f) xbmc#12 0x5555588e314e in PVR::CPVRClient::GetAddonProperties() (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x338f14e) xbmc#13 0x555558f89eec in PVR::CPVRClients::ConnectionStateChange(PVR::CPVRClient*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&, PVR_CONNECTION_STATE, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x3a35eec) xbmc#14 0x55555904915e in PVR::CPVRClientConnectionJob::DoWork() (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x3af515e) xbmc#15 0x555557ea8995 in CJobWorker::Process() (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x2954995) xbmc#16 0x555558038fe0 in CThread::Action() (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x2ae4fe0) xbmc#17 0x5555580386cc in CThread::staticThread(void*) (/usr/local/stow/kodi-asan/lib/kodi/kodi-x11+0x2ae46cc) xbmc#18 0x7ffff6c0e5a9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x75a9) ```

There was tried to open local add-on with value "m_localAddon" where at repo content not set! This has created the following crash: ```gdb Thread 1 "kodi.bin" received signal SIGSEGV, Segmentation fault. 0x0000555557be400e in CGUIDialogAddonInfo::UpdateControls (this=0x55555bdf8a30, performButtonFocus=PerformButtonFocus::CHOICE_YES) at /home/alwin/Dev/kodi/kodi/xbmc/addons/gui/GUIDialogAddonInfo.cpp:263 263 const bool hasSettings = m_localAddon->CanHaveAddonOrInstanceSettings(); (gdb) (gdb) bt #0 0x0000555557be400e in CGUIDialogAddonInfo::UpdateControls(PerformButtonFocus) (this=0x55555bdf8a30, performButtonFocus=PerformButtonFocus::CHOICE_YES) at /home/alwin/Dev/kodi/kodi/xbmc/addons/gui/GUIDialogAddonInfo.cpp:263 #1 0x0000555557be2d95 in CGUIDialogAddonInfo::OnInitWindow() (this=0x55555bdf8a30) at /home/alwin/Dev/kodi/kodi/xbmc/addons/gui/GUIDialogAddonInfo.cpp:169 #2 0x0000555557a62565 in CGUIWindow::OnMessage(CGUIMessage&) (this=0x55555bdf8a30, message=...) at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIWindow.cpp:588 #3 0x00005555579d4bef in CGUIDialog::OnMessage(CGUIMessage&) (this=0x55555bdf8a30, message=...) at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIDialog.cpp:92 #4 0x0000555557be2bfc in CGUIDialogAddonInfo::OnMessage(CGUIMessage&) (this=0x55555bdf8a30, message=...) at /home/alwin/Dev/kodi/kodi/xbmc/addons/gui/GUIDialogAddonInfo.cpp:152 #5 0x00005555579d5092 in CGUIDialog::Open_Internal(bool, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (this=0x55555bdf8a30, bProcessRenderLoop=true, param="") at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIDialog.cpp:169 #6 0x00005555579d52a2 in CGUIDialog::Open(bool, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (this=0x55555bdf8a30, bProcessRenderLoop=true, param="") at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIDialog.cpp:201 #7 0x00005555579d5182 in CGUIDialog::Open(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (this=0x55555bdf8a30, param="") at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIDialog.cpp:187 #8 0x0000555557be99df in CGUIDialogAddonInfo::ShowForItem(std::shared_ptr<CFileItem> const&) (item=std::shared_ptr<CFileItem> (use count 6, weak count 0) = {...}) at /home/alwin/Dev/kodi/kodi/xbmc/addons/gui/GUIDialogAddonInfo.cpp:806 #9 0x0000555557bf7e4c in CGUIWindowAddonBrowser::OnClick(int, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (this=0x55555bdcdbb0, iItem=1, player="") at /home/alwin/Dev/kodi/kodi/xbmc/addons/gui/GUIWindowAddonBrowser.cpp:256 #10 0x00005555576ae097 in CGUIMediaWindow::OnSelect(int) (this=0x55555bdcdbb0, item=1) at /home/alwin/Dev/kodi/kodi/xbmc/windows/GUIMediaWindow.cpp:1186 #11 0x00005555576a759d in CGUIMediaWindow::OnMessage(CGUIMessage&) (this=0x55555bdcdbb0, message=...) at /home/alwin/Dev/kodi/kodi/xbmc/windows/GUIMediaWindow.cpp:309 #12 0x0000555557bf6f1d in CGUIWindowAddonBrowser::OnMessage(CGUIMessage&) (this=0x55555bdcdbb0, message=...) at /home/alwin/Dev/kodi/kodi/xbmc/addons/gui/GUIWindowAddonBrowser.cpp:150 #13 0x00005555579b1b42 in CGUIControl::SendWindowMessage(CGUIMessage&) const (this=0x55555cdfee90, message=...) at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIControl.cpp:313 #14 0x000055555799edb2 in CGUIBaseContainer::OnClick(int) (this=0x55555cdfee90, actionID=7) at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIBaseContainer.cpp:873 #15 0x000055555799c917 in CGUIBaseContainer::OnAction(CAction const&) (this=0x55555cdfee90, action=...) at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIBaseContainer.cpp:450 #16 0x00005555579df9ab in CGUIFixedListContainer::OnAction(CAction const&) (this=0x55555cdfee90, action=...) at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIFixedListContainer.cpp:70 #17 0x0000555557a6197b in CGUIWindow::OnAction(CAction const&) (this=0x55555bdcdbb0, action=...) at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIWindow.cpp:425 #18 0x00005555576a6938 in CGUIMediaWindow::OnAction(CAction const&) (this=0x55555bdcdbb0, action=...) at /home/alwin/Dev/kodi/kodi/xbmc/windows/GUIMediaWindow.cpp:188 #19 0x0000555557a6f570 in CGUIWindowManager::HandleAction(CAction const&) const (this=0x55555b404e80, action=...) at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIWindowManager.cpp:1173 #20 0x0000555557a6f2d3 in CGUIWindowManager::OnAction(CAction const&) const (this=0x55555b404e80, action=...) at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIWindowManager.cpp:1118 #21 0x0000555557d216ad in CApplication::OnAction(CAction const&) (this=0x55555affd9f0, action=...) at /home/alwin/Dev/kodi/kodi/xbmc/Application.cpp:968 #22 0x0000555557939465 in CInputManager::ExecuteInputAction(CAction const&) (this=0x55555b12cc30, action=...) at /home/alwin/Dev/kodi/kodi/xbmc/input/InputManager.cpp:718 #23 0x0000555557938d05 in CInputManager::HandleKey(CKey const&) (this=0x55555b12cc30, key=...) at /home/alwin/Dev/kodi/kodi/xbmc/input/InputManager.cpp:653 #24 0x0000555557939047 in CInputManager::OnKeyUp(CKey const&) (this=0x55555b12cc30, key=...) at /home/alwin/Dev/kodi/kodi/xbmc/input/InputManager.cpp:666 #25 0x0000555557937484 in CInputManager::OnEvent(XBMC_Event&) (this=0x55555b12cc30, newEvent=...) at /home/alwin/Dev/kodi/kodi/xbmc/input/InputManager.cpp:345 #26 0x0000555557d1d0db in CApplication::HandlePortEvents() (this=0x55555affd9f0) at /home/alwin/Dev/kodi/kodi/xbmc/Application.cpp:317 #27 0x0000555557d257d3 in CApplication::FrameMove(bool, bool) (this=0x55555affd9f0, processEvents=true, processGUI=true) at /home/alwin/Dev/kodi/kodi/xbmc/Application.cpp:1752 #28 0x0000555557d25e29 in CApplication::Run() (this=0x55555affd9f0) at /home/alwin/Dev/kodi/kodi/xbmc/Application.cpp:1855 #29 0x000055555787b5e8 in XBMC_Run(bool, std::shared_ptr<CAppParams> const&) (renderGUI=true, params=std::shared_ptr<CAppParams> (use count 3, weak count 0) = {...}) at /home/alwin/Dev/kodi/kodi/xbmc/platform/xbmc.cpp:64 #30 0x0000555557025f89 in main(int, char**) (argc=1, argv=0x7fffffffdb28) at /home/alwin/Dev/kodi/kodi/xbmc/platform/posix/main.cpp:69 ```

UBSAN error: xbmc/network/websocket/WebSocket.cpp:107:14: runtime error: load of misaligned address 0x63100021c802 for type 'const uint32_t' (aka 'const unsigned int'), which requires 4 byte alignment 0x63100021c802: note: pointer points here 00 00 88 82 cf d3 5c c3 cc 3a 00 be be be be be be be be be be be be be be be be be be be be be ^ #0 0x56360048bf64 in CWebSocketFrame::CWebSocketFrame(char const*, unsigned long) xbmc/network/websocket/WebSocket.cpp:107:14 xbmc#1 0x5636004a6905 in CWebSocketV8::GetFrame(char const*, unsigned long) xbmc/network/websocket/WebSocketV8.cpp:145:14 xbmc#2 0x563600491ec9 in CWebSocket::Handle(char const*&, unsigned long&, bool&) xbmc/network/websocket/WebSocket.cpp:298:34 xbmc#3 0x5636005b05dd in JSONRPC::CTCPServer::CWebSocketClient::PushBuffer(JSONRPC::CTCPServer*, char const*, int) xbmc/network/TCPServer.cpp:716:29 xbmc#4 0x5636005a3760 in JSONRPC::CTCPServer::Process() xbmc/network/TCPServer.cpp:171:33 xbmc#5 0x5636005a6858 in non-virtual thunk to JSONRPC::CTCPServer::Process() xbmc/network/TCPServer.cpp xbmc#6 0x5635fca1fe32 in CThread::Action() xbmc/threads/Thread.cpp:283:5 xbmc#7 0x5635fca225f6 in CThread::Create(bool)::$_0::operator()(CThread*, std::promise<bool>) const xbmc/threads/Thread.cpp:152:18 xbmc#8 0x5635fca212d6 in void std::__invoke_impl<void, CThread::Create(bool)::$_0, CThread*, std::promise<bool>>(std::__invoke_other, CThread::Create(bool)::$_0&&, CThread*&&, std::promise<bool>&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/invoke.h:61:14 xbmc#9 0x5635fca20f06 in std::__invoke_result<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>::type std::__invoke<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>(CThread::Create(bool)::$_0&&, CThread*&&, std::promise<bool>&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/invoke.h:96:14 xbmc#10 0x5635fca20e3f in void std::thread::_Invoker<std::tuple<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>>::_M_invoke<0ul, 1ul, 2ul>(std::_Index_tuple<0ul, 1ul, 2ul>) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/std_thread.h:292:13 xbmc#11 0x5635fca20cb8 in std::thread::_Invoker<std::tuple<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>>::operator()() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/std_thread.h:299:11 xbmc#12 0x5635fca20888 in std::thread::_State_impl<std::thread::_Invoker<std::tuple<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>>>::_M_run() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/std_thread.h:244:13 xbmc#13 0x7f03890e1942 in execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:104:18 xbmc#14 0x7f038a88c9ea (/usr/lib/libc.so.6+0x8c9ea) (BuildId: 316d0d3666387f0e8fb98773f51aa1801027c5ab) xbmc#15 0x7f038a910dfb (/usr/lib/libc.so.6+0x110dfb) (BuildId: 316d0d3666387f0e8fb98773f51aa1801027c5ab) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior xbmc/network/websocket/WebSocket.cpp:107:14 in

…temCurrentFile * There's a possibility of a race codition on CApplicationPlayerCallback::m_itemCurrentFile leading to heap-use-after-free reported by the address sanitizer [1]. * The crash happens when GUI_MSG_UPDATE_ITEM is being handled. CApplicationPlayerCallback::m_itemCurrentFile can be accessed concurrently by the main thread in CApplication::OnMessage and CApplicationPlayerCallback::OnPlayBackStarted in the video thread. Sometimes CApplicationPlayerCallback::OnPlayBackStarted is called first, resets the m_itemCurrentFile (and deallocates the object). Then CApplication::OnMessage tries to read it - this is where heap-use-after-free occurs. * In order to mitigate the issue introduce additional messages GUI_MSG_PLAYBACK_PAUSED, GUI_MSG_PLAYBACK_RESUMED, GUI_MSG_PLAYBACK_PAUSED and GUI_MSG_PLAYBACK_SPEED_CHANGED. Those messages are sent from the GUI thread to the main thread. That way the access to CApplicationPlayerCallback::m_itemCurrentFile is serialized (it will be accessed only from the main thread). * Fixes xbmc#23247. [1]: ================================================================= ==34632==ERROR: AddressSanitizer: heap-use-after-free on address 0x6070000ea040 at pc 0x7ff0eba5f427 bp 0x7ffc508e6f90 sp 0x7ffc508e6738 WRITE of size 65 at 0x6070000ea040 thread T0 #0 0x7ff0eba5f426 in __interceptor_memcpy /usr/src/debug/gcc/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:827 xbmc#1 0x7ff0ea8b1135 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_assign(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (/usr/lib/libtinyxml.so.0+0xf135) xbmc#2 0x7ff0e914c49d in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::assign(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/bits/basic_string.h:1571 xbmc#3 0x7ff0e914c49d in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::operator=(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/bits/basic_string.h:805 xbmc#4 0x55bf362b423b in CFileItem::SetDynPath(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/dobo/kodi/xbmc/xbmc/FileItem.cpp:2021 xbmc#5 0x55bf362af7bb in CFileItem::UpdateInfo(CFileItem const&, bool) /home/dobo/kodi/xbmc/xbmc/FileItem.cpp:1741 xbmc#6 0x55bf35d56d30 in CApplication::OnMessage(CGUIMessage&) /home/dobo/kodi/xbmc/xbmc/application/Application.cpp:2727 xbmc#7 0x55bf35b590ba in CGUIWindowManager::SendMessage(CGUIMessage&) /home/dobo/kodi/xbmc/xbmc/guilib/GUIWindowManager.cpp:499 xbmc#8 0x55bf35b65e30 in CGUIWindowManager::DispatchThreadMessages() /home/dobo/kodi/xbmc/xbmc/guilib/GUIWindowManager.cpp:1561 xbmc#9 0x55bf35d5bfe2 in CApplication::Process() /home/dobo/kodi/xbmc/xbmc/application/Application.cpp:3100 xbmc#10 0x55bf35d4c2e0 in CApplication::Run() /home/dobo/kodi/xbmc/xbmc/application/Application.cpp:1907 xbmc#11 0x55bf356ae727 in XBMC_Run /home/dobo/kodi/xbmc/xbmc/platform/xbmc.cpp:61 xbmc#12 0x55bf34321830 in main /home/dobo/kodi/xbmc/xbmc/platform/posix/main.cpp:71 xbmc#13 0x7ff0e9c9a78f (/usr/lib/libc.so.6+0x2378f) xbmc#14 0x7ff0e9c9a849 in __libc_start_main (/usr/lib/libc.so.6+0x23849) xbmc#15 0x55bf343213d4 in _start (/usr/lib/kodi/kodi.bin+0x2c263d4) 0x6070000ea040 is located 0 bytes inside of 66-byte region [0x6070000ea040,0x6070000ea082) freed by thread T62 here: #0 0x7ff0ebac11fa in operator delete(void*) /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_new_delete.cpp:152 xbmc#1 0x55bf3629cc1b in CFileItem::~CFileItem() /home/dobo/kodi/xbmc/xbmc/FileItem.cpp:439 xbmc#2 0x55bf3629ccbb in CFileItem::~CFileItem() /home/dobo/kodi/xbmc/xbmc/FileItem.cpp:439 xbmc#3 0x55bf3440220d in std::_Sp_counted_ptr<CFileItem*, (__gnu_cxx::_Lock_policy)2>::_M_dispose() /usr/include/c++/12.2.1/bits/shared_ptr_base.h:428 xbmc#4 0x55bf34321add in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() /usr/include/c++/12.2.1/bits/shared_ptr_base.h:346 xbmc#5 0x55bf34321e57 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() /usr/include/c++/12.2.1/bits/shared_ptr_base.h:1071 xbmc#6 0x55bf343f1309 in std::__shared_ptr<CFileItem, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() /usr/include/c++/12.2.1/bits/shared_ptr_base.h:1524 xbmc#7 0x55bf343f65f6 in std::enable_if<std::__sp_is_constructible<CFileItem, CFileItem>::value, void>::type std::__shared_ptr<CFileItem, (__gnu_cxx::_Lock_policy)2>::reset<CFileItem>(CFileItem*) (/usr/lib/kodi/kodi.bin+0x2cfb5f6) xbmc#8 0x55bf35da0e50 in CApplicationPlayerCallback::OnPlayBackStarted(CFileItem const&) /home/dobo/kodi/xbmc/xbmc/application/ApplicationPlayerCallback.cpp:84 xbmc#9 0x55bf34dbd001 in operator() /home/dobo/kodi/xbmc/xbmc/cores/VideoPlayer/VideoPlayer.cpp:2631 xbmc#10 0x55bf34de836b in DoWork /home/dobo/kodi/xbmc/xbmc/utils/JobManager.h:39 xbmc#11 0x55bf35422489 in CJobWorker::Process() /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:55 xbmc#12 0x55bf35608346 in CThread::Action() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:267 xbmc#13 0x55bf35606c3c in operator() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:138 xbmc#14 0x55bf35608dd0 in __invoke_impl<void, CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/12.2.1/bits/invoke.h:61 xbmc#15 0x55bf35608c89 in __invoke<CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/12.2.1/bits/invoke.h:96 xbmc#16 0x55bf35608bbc in _M_invoke<0, 1, 2> /usr/include/c++/12.2.1/bits/std_thread.h:258 xbmc#17 0x55bf35608b59 in operator() /usr/include/c++/12.2.1/bits/std_thread.h:265 xbmc#18 0x55bf35608b3d in _M_run /usr/include/c++/12.2.1/bits/std_thread.h:210 xbmc#19 0x7ff0e90d72c2 in execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:82 previously allocated by thread T62 here: #0 0x7ff0ebac0672 in operator new(unsigned long) /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_new_delete.cpp:95 xbmc#1 0x7ff0ea8b10fb in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_assign(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (/usr/lib/libtinyxml.so.0+0xf0fb) Thread T62 created by T46 here: #0 0x7ff0eba64207 in __interceptor_pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:207 xbmc#1 0x7ff0e90d73a9 in __gthread_create /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:663 xbmc#2 0x7ff0e90d73a9 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:147 xbmc#3 0x55bf356077d6 in CThread::Create(bool) /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:159 xbmc#4 0x55bf354221c2 in CJobWorker::CJobWorker(CJobManager*) /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:32 xbmc#5 0x55bf354261d2 in CJobManager::StartWorkers(CJob::PRIORITY) /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:288 xbmc#6 0x55bf35425693 in CJobManager::AddJob(CJob*, IJobCallback*, CJob::PRIORITY) /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:247 xbmc#7 0x55bf3542406d in CJobQueue::QueueNextJob() /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:147 xbmc#8 0x55bf354239ed in CJobQueue::AddJob(CJob*) /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:124 xbmc#9 0x55bf368a363b in void CJobQueue::Submit<CEventSource<PVR::PVREvent>::Publish<PVR::PVREvent>(PVR::PVREvent)::{lambda()xbmc#1}>(CEventSource<PVR::PVREvent>::Publish<PVR::PVREvent>(PVR::PVREvent)::{lambda()xbmc#1}&&) (/usr/lib/kodi/kodi.bin+0x51a863b) xbmc#10 0x55bf368a0d18 in void CEventSource<PVR::PVREvent>::Publish<PVR::PVREvent>(PVR::PVREvent) /home/dobo/kodi/xbmc/xbmc/utils/EventStream.h:80 xbmc#11 0x55bf3689b4db in PVR::CPVREpgContainer::UpdateEPG(bool) /home/dobo/kodi/xbmc/xbmc/pvr/epg/EpgContainer.cpp:805 xbmc#12 0x55bf36894d13 in PVR::CPVREpgContainer::Process() /home/dobo/kodi/xbmc/xbmc/pvr/epg/EpgContainer.cpp:346 xbmc#13 0x55bf35608346 in CThread::Action() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:267 xbmc#14 0x55bf35606c3c in operator() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:138 xbmc#15 0x55bf35608dd0 in __invoke_impl<void, CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/12.2.1/bits/invoke.h:61 xbmc#16 0x55bf35608c89 in __invoke<CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/12.2.1/bits/invoke.h:96 xbmc#17 0x55bf35608bbc in _M_invoke<0, 1, 2> /usr/include/c++/12.2.1/bits/std_thread.h:258 xbmc#18 0x55bf35608b59 in operator() /usr/include/c++/12.2.1/bits/std_thread.h:265 xbmc#19 0x55bf35608b3d in _M_run /usr/include/c++/12.2.1/bits/std_thread.h:210 xbmc#20 0x7ff0e90d72c2 in execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:82 Thread T46 created by T43 here: #0 0x7ff0eba64207 in __interceptor_pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:207 xbmc#1 0x7ff0e90d73a9 in __gthread_create /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:663 xbmc#2 0x7ff0e90d73a9 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:147 xbmc#3 0x55bf356077d6 in CThread::Create(bool) /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:159 xbmc#4 0x55bf36892a8a in PVR::CPVREpgContainer::Start() /home/dobo/kodi/xbmc/xbmc/pvr/epg/EpgContainer.cpp:153 xbmc#5 0x55bf36b1ae80 in PVR::CPVRManager::Process() /home/dobo/kodi/xbmc/xbmc/pvr/PVRManager.cpp:513 xbmc#6 0x55bf35608346 in CThread::Action() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:267 xbmc#7 0x55bf35606c3c in operator() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:138 xbmc#8 0x55bf35608dd0 in __invoke_impl<void, CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/12.2.1/bits/invoke.h:61 xbmc#9 0x55bf35608c89 in __invoke<CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/12.2.1/bits/invoke.h:96 xbmc#10 0x55bf35608bbc in _M_invoke<0, 1, 2> /usr/include/c++/12.2.1/bits/std_thread.h:258 xbmc#11 0x55bf35608b59 in operator() /usr/include/c++/12.2.1/bits/std_thread.h:265 xbmc#12 0x55bf35608b3d in _M_run /usr/include/c++/12.2.1/bits/std_thread.h:210 xbmc#13 0x7ff0e90d72c2 in execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:82 Thread T43 created by T24 here: #0 0x7ff0eba64207 in __interceptor_pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:207 xbmc#1 0x7ff0e90d73a9 in __gthread_create /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:663 xbmc#2 0x7ff0e90d73a9 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:147 xbmc#3 0x55bf356077d6 in CThread::Create(bool) /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:159 xbmc#4 0x55bf36b1a1f6 in PVR::CPVRManager::Start() /home/dobo/kodi/xbmc/xbmc/pvr/PVRManager.cpp:388 xbmc#5 0x55bf36a80919 in PVR::CPVRClients::UpdateClients(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, unsigned int) /home/dobo/kodi/xbmc/xbmc/pvr/addons/PVRClients.cpp:212 xbmc#6 0x55bf36a7e4e8 in PVR::CPVRClients::Start() /home/dobo/kodi/xbmc/xbmc/pvr/addons/PVRClients.cpp:59 xbmc#7 0x55bf36b19e06 in operator() /home/dobo/kodi/xbmc/xbmc/pvr/PVRManager.cpp:362 xbmc#8 0x55bf36b2c143 in DoWork /home/dobo/kodi/xbmc/xbmc/utils/JobManager.h:39 xbmc#9 0x55bf35422489 in CJobWorker::Process() /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:55 xbmc#10 0x55bf35608346 in CThread::Action() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:267 xbmc#11 0x55bf35606c3c in operator() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:138 xbmc#12 0x55bf35608dd0 in __invoke_impl<void, CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/12.2.1/bits/invoke.h:61 xbmc#13 0x55bf35608c89 in __invoke<CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/12.2.1/bits/invoke.h:96 xbmc#14 0x55bf35608bbc in _M_invoke<0, 1, 2> /usr/include/c++/12.2.1/bits/std_thread.h:258 xbmc#15 0x55bf35608b59 in operator() /usr/include/c++/12.2.1/bits/std_thread.h:265 xbmc#16 0x55bf35608b3d in _M_run /usr/include/c++/12.2.1/bits/std_thread.h:210 xbmc#17 0x7ff0e90d72c2 in execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:82 Thread T24 created by T0 here: #0 0x7ff0eba64207 in __interceptor_pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:207 xbmc#1 0x7ff0e90d73a9 in __gthread_create /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:663 xbmc#2 0x7ff0e90d73a9 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:147 xbmc#3 0x55bf356077d6 in CThread::Create(bool) /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:159 xbmc#4 0x55bf354221c2 in CJobWorker::CJobWorker(CJobManager*) /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:32 xbmc#5 0x55bf354261d2 in CJobManager::StartWorkers(CJob::PRIORITY) /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:288 xbmc#6 0x55bf35425693 in CJobManager::AddJob(CJob*, IJobCallback*, CJob::PRIORITY) /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:247 xbmc#7 0x55bf35d64c96 in Submit<CApplication::Initialize()::<lambda()> > /home/dobo/kodi/xbmc/xbmc/utils/JobManager.h:261 xbmc#8 0x55bf35d3f094 in CApplication::Initialize() /home/dobo/kodi/xbmc/xbmc/application/Application.cpp:655 xbmc#9 0x55bf356ae6b8 in XBMC_Run /home/dobo/kodi/xbmc/xbmc/platform/xbmc.cpp:43 xbmc#10 0x55bf34321830 in main /home/dobo/kodi/xbmc/xbmc/platform/posix/main.cpp:71 xbmc#11 0x7ff0e9c9a78f (/usr/lib/libc.so.6+0x2378f) SUMMARY: AddressSanitizer: heap-use-after-free /usr/src/debug/gcc/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:827 in __interceptor_memcpy Shadow bytes around the buggy address: 0x0c0e800153b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e800153c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e800153d0: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa 0x0c0e800153e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e800153f0: fa fa fa fa fa fa fa fa fa fa fd fd fd fd fd fd =>0x0c0e80015400: fd fd fd fa fa fa fa fa[fd]fd fd fd fd fd fd fd 0x0c0e80015410: fd fa fa fa fa fa fd fd fd fd fd fd fd fd fd fa 0x0c0e80015420: fa fa fa fa 00 00 00 00 00 00 00 00 00 fa fa fa 0x0c0e80015430: fa fa fd fd fd fd fd fd fd fd fd fa fa fa fa fa 0x0c0e80015440: fa fa fa fa fa fa fa fa fa fa fa fa fa fa 00 00 0x0c0e80015450: 00 00 00 00 00 00 00 fa fa fa fa fa fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==34632==ABORTING

…erateDevicesEx * Heap-use-after-free [1] happens when EnumerateDevicesEx calls `GetName` on the registry instance. The string view containing `m_name` in CPipewireGlobal has been already freed by the pipewire library in `connection_ensure_size` function [2]. * In order to mitigate the issue copy the strings returned from pipewire. [1]: ================================================================= ==14082==ERROR: AddressSanitizer: heap-use-after-free on address 0x633000010e60 at pc 0x7effc8461003 bp 0x7effa7bb1e50 sp 0x7effa7bb15f8 READ of size 55 at 0x633000010e60 thread T19 #0 0x7effc8461002 in __interceptor_memcpy /usr/src/debug/gcc/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:899 xbmc#1 0x7effc6f11222 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_mutate(unsigned long, unsigned long, char const*, unsigned long) (/usr/lib/libtinyxml.so.0+0xf222) (BuildId: 2f5d236264d4d695dbe432f41e1eb46c7bc2d5d4) xbmc#2 0x7effc575a8eb in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_replace(unsigned long, unsigned long, char const*, unsigned long) /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/bits/basic_string.tcc:543 xbmc#3 0x55921037c9e7 in std::enable_if<std::__and_<std::is_convertible<std::basic_string_view<char, std::char_traits<char> > const&, std::basic_string_view<char, std::char_traits<char> > >, std::__not_<std::is_convertible<std::basic_string_view<char, std::char_traits<char> > const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const*> >, std::__not_<std::is_convertible<std::basic_string_view<char, std::char_traits<char> > const&, char const*> > >::value, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&>::type std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::assign<std::basic_string_view<char, std::char_traits<char> > >(std::basic_string_view<char, std::char_traits<char> > const&) /usr/include/c++/13.2.1/bits/basic_string.h:1733 xbmc#4 0x55921037b622 in std::enable_if<std::__and_<std::is_convertible<std::basic_string_view<char, std::char_traits<char> > const&, std::basic_string_view<char, std::char_traits<char> > >, std::__not_<std::is_convertible<std::basic_string_view<char, std::char_traits<char> > const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const*> >, std::__not_<std::is_convertible<std::basic_string_view<char, std::char_traits<char> > const&, char const*> > >::value, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&>::type std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::operator=<std::basic_string_view<char, std::char_traits<char> > >(std::basic_string_view<char, std::char_traits<char> > const&) /usr/include/c++/13.2.1/bits/basic_string.h:925 xbmc#5 0x559213183577 in AE::SINK::CAESinkPipewire::EnumerateDevicesEx(std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool) /home/dobo/kodi/xbmc/xbmc/cores/AudioEngine/Sinks/pipewire/AESinkPipewire.cpp:310 xbmc#6 0x55921316198a in void std::__invoke_impl<void, void (*&)(std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool), std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool>(std::__invoke_other, void (*&)(std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool), std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool&&) (/usr/lib/kodi/kodi.bin+0x623998a) (BuildId: a994426076ec43899fd3927b99c3ccdf5393f60f) xbmc#7 0x55921316015a in std::enable_if<is_invocable_r_v<void, void (*&)(std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool), std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool>, void>::type std::__invoke_r<void, void (*&)(std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool), std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool>(void (*&)(std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool), std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool&&) /usr/include/c++/13.2.1/bits/invoke.h:111 xbmc#8 0x55921315befe in std::_Function_handler<void (std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool), void (*)(std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool)>::_M_invoke(std::_Any_data const&, std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool&&) /usr/include/c++/13.2.1/bits/std_function.h:290 xbmc#9 0x5592130a86bf in std::function<void (std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool)>::operator()(std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool) const /usr/include/c++/13.2.1/bits/std_function.h:591 xbmc#10 0x5592130a6e5a in AE::CAESinkFactory::EnumerateEx(std::vector<AE::AESinkInfo, std::allocator<AE::AESinkInfo> >&, bool, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/dobo/kodi/xbmc/xbmc/cores/AudioEngine/AESinkFactory.cpp:101 xbmc#11 0x559213110f45 in ActiveAE::CActiveAESink::EnumerateSinkList(bool, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >) /home/dobo/kodi/xbmc/xbmc/cores/AudioEngine/Engines/ActiveAE/ActiveAESink.cpp:702 xbmc#12 0x5592130bdfc2 in ActiveAE::CActiveAE::StateMachine(int, Actor::Protocol*, Actor::Message*) /home/dobo/kodi/xbmc/xbmc/cores/AudioEngine/Engines/ActiveAE/ActiveAE.cpp:517 xbmc#13 0x5592130c2baa in ActiveAE::CActiveAE::Process() /home/dobo/kodi/xbmc/xbmc/cores/AudioEngine/Engines/ActiveAE/ActiveAE.cpp:1070 xbmc#14 0x55921106f9e2 in CThread::Action() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:283 xbmc#15 0x55921106e300 in operator() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:152 xbmc#16 0x559211070410 in __invoke_impl<void, CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/13.2.1/bits/invoke.h:61 xbmc#17 0x5592110702c9 in __invoke<CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/13.2.1/bits/invoke.h:96 xbmc#18 0x5592110701fc in _M_invoke<0, 1, 2> /usr/include/c++/13.2.1/bits/std_thread.h:292 xbmc#19 0x559211070199 in operator() /usr/include/c++/13.2.1/bits/std_thread.h:299 xbmc#20 0x55921107017d in _M_run /usr/include/c++/13.2.1/bits/std_thread.h:244 xbmc#21 0x7effc56e1942 in execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:104 xbmc#22 0x7effc628c9ea (/usr/lib/libc.so.6+0x8c9ea) (BuildId: 316d0d3666387f0e8fb98773f51aa1801027c5ab) xbmc#23 0x7effc6310dfb (/usr/lib/libc.so.6+0x110dfb) (BuildId: 316d0d3666387f0e8fb98773f51aa1801027c5ab) 0x633000010e60 is located 67168 bytes inside of 98304-byte region [0x633000000800,0x633000018800) freed by thread T3 here: #0 0x7effc84e007a in __interceptor_realloc /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:85 xbmc#1 0x7effbee91c2f in connection_ensure_size ../pipewire/src/modules/module-protocol-native/connection.c:143 previously allocated by thread T3 here: #0 0x7effc84e007a in __interceptor_realloc /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:85 xbmc#1 0x7effbee91c2f in connection_ensure_size ../pipewire/src/modules/module-protocol-native/connection.c:143 Thread T19 created by T0 here: #0 0x7effc844a497 in __interceptor_pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:208 xbmc#1 0x7effc56e1a29 in __gthread_create /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:663 xbmc#2 0x7effc56e1a29 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:172 xbmc#3 0x55921106ee30 in CThread::Create(bool) /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:175 xbmc#4 0x5592130d96cd in ActiveAE::CActiveAE::Start() /home/dobo/kodi/xbmc/xbmc/cores/AudioEngine/Engines/ActiveAE/ActiveAE.cpp:2675 xbmc#5 0x5592117bc377 in CApplication::Initialize() /home/dobo/kodi/xbmc/xbmc/application/Application.cpp:610 xbmc#6 0x559211124646 in XBMC_Run /home/dobo/kodi/xbmc/xbmc/platform/xbmc.cpp:43 xbmc#7 0x55920fd30a70 in main /home/dobo/kodi/xbmc/xbmc/platform/posix/main.cpp:77 xbmc#8 0x7effc6227ccf (/usr/lib/libc.so.6+0x27ccf) (BuildId: 316d0d3666387f0e8fb98773f51aa1801027c5ab) Thread T3 created by T0 here: #0 0x7effc844a497 in __interceptor_pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:208 xbmc#1 0x7effc7e73e5f in impl_create ../pipewire/src/pipewire/thread.c:68 SUMMARY: AddressSanitizer: heap-use-after-free /usr/src/debug/gcc/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:899 in __interceptor_memcpy Shadow bytes around the buggy address: 0x633000010b80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x633000010c00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x633000010c80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x633000010d00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x633000010d80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x633000010e00: fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd 0x633000010e80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x633000010f00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x633000010f80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x633000011000: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x633000011080: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==14082==ABORTING [2]: https://github.com/PipeWire/pipewire/blob/b5c3f217926f9066a1afbee7eb20967dd6896c56/src/modules/module-protocol-native/connection.c#L143C8-L143C15

…temCurrentFile * There's a possibility of a race codition on CApplicationPlayerCallback::m_itemCurrentFile leading to heap-use-after-free reported by the address sanitizer [1]. * The crash happens when GUI_MSG_UPDATE_ITEM is being handled. CApplicationPlayerCallback::m_itemCurrentFile can be accessed concurrently by the main thread in CApplication::OnMessage and CApplicationPlayerCallback::OnPlayBackStarted in the video thread. Sometimes CApplicationPlayerCallback::OnPlayBackStarted is called first, resets the m_itemCurrentFile (and deallocates the object). Then CApplication::OnMessage tries to read it - this is where heap-use-after-free occurs. * In order to mitigate the issue introduce additional messages GUI_MSG_PLAYBACK_PAUSED, GUI_MSG_PLAYBACK_RESUMED, GUI_MSG_PLAYBACK_PAUSED and GUI_MSG_PLAYBACK_SPEED_CHANGED. Those messages are sent from the GUI thread to the main thread. That way the access to CApplicationPlayerCallback::m_itemCurrentFile is serialized (it will be accessed only from the main thread). * Fixes xbmc#23247. [1]: ================================================================= ==34632==ERROR: AddressSanitizer: heap-use-after-free on address 0x6070000ea040 at pc 0x7ff0eba5f427 bp 0x7ffc508e6f90 sp 0x7ffc508e6738 WRITE of size 65 at 0x6070000ea040 thread T0 #0 0x7ff0eba5f426 in __interceptor_memcpy /usr/src/debug/gcc/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:827 xbmc#1 0x7ff0ea8b1135 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_assign(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (/usr/lib/libtinyxml.so.0+0xf135) xbmc#2 0x7ff0e914c49d in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::assign(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/bits/basic_string.h:1571 xbmc#3 0x7ff0e914c49d in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::operator=(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/bits/basic_string.h:805 xbmc#4 0x55bf362b423b in CFileItem::SetDynPath(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/dobo/kodi/xbmc/xbmc/FileItem.cpp:2021 xbmc#5 0x55bf362af7bb in CFileItem::UpdateInfo(CFileItem const&, bool) /home/dobo/kodi/xbmc/xbmc/FileItem.cpp:1741 xbmc#6 0x55bf35d56d30 in CApplication::OnMessage(CGUIMessage&) /home/dobo/kodi/xbmc/xbmc/application/Application.cpp:2727 xbmc#7 0x55bf35b590ba in CGUIWindowManager::SendMessage(CGUIMessage&) /home/dobo/kodi/xbmc/xbmc/guilib/GUIWindowManager.cpp:499 xbmc#8 0x55bf35b65e30 in CGUIWindowManager::DispatchThreadMessages() /home/dobo/kodi/xbmc/xbmc/guilib/GUIWindowManager.cpp:1561 xbmc#9 0x55bf35d5bfe2 in CApplication::Process() /home/dobo/kodi/xbmc/xbmc/application/Application.cpp:3100 xbmc#10 0x55bf35d4c2e0 in CApplication::Run() /home/dobo/kodi/xbmc/xbmc/application/Application.cpp:1907 xbmc#11 0x55bf356ae727 in XBMC_Run /home/dobo/kodi/xbmc/xbmc/platform/xbmc.cpp:61 xbmc#12 0x55bf34321830 in main /home/dobo/kodi/xbmc/xbmc/platform/posix/main.cpp:71 xbmc#13 0x7ff0e9c9a78f (/usr/lib/libc.so.6+0x2378f) xbmc#14 0x7ff0e9c9a849 in __libc_start_main (/usr/lib/libc.so.6+0x23849) xbmc#15 0x55bf343213d4 in _start (/usr/lib/kodi/kodi.bin+0x2c263d4) 0x6070000ea040 is located 0 bytes inside of 66-byte region [0x6070000ea040,0x6070000ea082) freed by thread T62 here: #0 0x7ff0ebac11fa in operator delete(void*) /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_new_delete.cpp:152 xbmc#1 0x55bf3629cc1b in CFileItem::~CFileItem() /home/dobo/kodi/xbmc/xbmc/FileItem.cpp:439 xbmc#2 0x55bf3629ccbb in CFileItem::~CFileItem() /home/dobo/kodi/xbmc/xbmc/FileItem.cpp:439 xbmc#3 0x55bf3440220d in std::_Sp_counted_ptr<CFileItem*, (__gnu_cxx::_Lock_policy)2>::_M_dispose() /usr/include/c++/12.2.1/bits/shared_ptr_base.h:428 xbmc#4 0x55bf34321add in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() /usr/include/c++/12.2.1/bits/shared_ptr_base.h:346 xbmc#5 0x55bf34321e57 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() /usr/include/c++/12.2.1/bits/shared_ptr_base.h:1071 xbmc#6 0x55bf343f1309 in std::__shared_ptr<CFileItem, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() /usr/include/c++/12.2.1/bits/shared_ptr_base.h:1524 xbmc#7 0x55bf343f65f6 in std::enable_if<std::__sp_is_constructible<CFileItem, CFileItem>::value, void>::type std::__shared_ptr<CFileItem, (__gnu_cxx::_Lock_policy)2>::reset<CFileItem>(CFileItem*) (/usr/lib/kodi/kodi.bin+0x2cfb5f6) xbmc#8 0x55bf35da0e50 in CApplicationPlayerCallback::OnPlayBackStarted(CFileItem const&) /home/dobo/kodi/xbmc/xbmc/application/ApplicationPlayerCallback.cpp:84 xbmc#9 0x55bf34dbd001 in operator() /home/dobo/kodi/xbmc/xbmc/cores/VideoPlayer/VideoPlayer.cpp:2631 xbmc#10 0x55bf34de836b in DoWork /home/dobo/kodi/xbmc/xbmc/utils/JobManager.h:39 xbmc#11 0x55bf35422489 in CJobWorker::Process() /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:55 xbmc#12 0x55bf35608346 in CThread::Action() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:267 xbmc#13 0x55bf35606c3c in operator() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:138 xbmc#14 0x55bf35608dd0 in __invoke_impl<void, CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/12.2.1/bits/invoke.h:61 xbmc#15 0x55bf35608c89 in __invoke<CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/12.2.1/bits/invoke.h:96 xbmc#16 0x55bf35608bbc in _M_invoke<0, 1, 2> /usr/include/c++/12.2.1/bits/std_thread.h:258 xbmc#17 0x55bf35608b59 in operator() /usr/include/c++/12.2.1/bits/std_thread.h:265 xbmc#18 0x55bf35608b3d in _M_run /usr/include/c++/12.2.1/bits/std_thread.h:210 xbmc#19 0x7ff0e90d72c2 in execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:82 previously allocated by thread T62 here: #0 0x7ff0ebac0672 in operator new(unsigned long) /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_new_delete.cpp:95 xbmc#1 0x7ff0ea8b10fb in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_assign(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (/usr/lib/libtinyxml.so.0+0xf0fb) Thread T62 created by T46 here: #0 0x7ff0eba64207 in __interceptor_pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:207 xbmc#1 0x7ff0e90d73a9 in __gthread_create /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:663 xbmc#2 0x7ff0e90d73a9 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:147 xbmc#3 0x55bf356077d6 in CThread::Create(bool) /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:159 xbmc#4 0x55bf354221c2 in CJobWorker::CJobWorker(CJobManager*) /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:32 xbmc#5 0x55bf354261d2 in CJobManager::StartWorkers(CJob::PRIORITY) /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:288 xbmc#6 0x55bf35425693 in CJobManager::AddJob(CJob*, IJobCallback*, CJob::PRIORITY) /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:247 xbmc#7 0x55bf3542406d in CJobQueue::QueueNextJob() /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:147 xbmc#8 0x55bf354239ed in CJobQueue::AddJob(CJob*) /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:124 xbmc#9 0x55bf368a363b in void CJobQueue::Submit<CEventSource<PVR::PVREvent>::Publish<PVR::PVREvent>(PVR::PVREvent)::{lambda()xbmc#1}>(CEventSource<PVR::PVREvent>::Publish<PVR::PVREvent>(PVR::PVREvent)::{lambda()xbmc#1}&&) (/usr/lib/kodi/kodi.bin+0x51a863b) xbmc#10 0x55bf368a0d18 in void CEventSource<PVR::PVREvent>::Publish<PVR::PVREvent>(PVR::PVREvent) /home/dobo/kodi/xbmc/xbmc/utils/EventStream.h:80 xbmc#11 0x55bf3689b4db in PVR::CPVREpgContainer::UpdateEPG(bool) /home/dobo/kodi/xbmc/xbmc/pvr/epg/EpgContainer.cpp:805 xbmc#12 0x55bf36894d13 in PVR::CPVREpgContainer::Process() /home/dobo/kodi/xbmc/xbmc/pvr/epg/EpgContainer.cpp:346 xbmc#13 0x55bf35608346 in CThread::Action() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:267 xbmc#14 0x55bf35606c3c in operator() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:138 xbmc#15 0x55bf35608dd0 in __invoke_impl<void, CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/12.2.1/bits/invoke.h:61 xbmc#16 0x55bf35608c89 in __invoke<CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/12.2.1/bits/invoke.h:96 xbmc#17 0x55bf35608bbc in _M_invoke<0, 1, 2> /usr/include/c++/12.2.1/bits/std_thread.h:258 xbmc#18 0x55bf35608b59 in operator() /usr/include/c++/12.2.1/bits/std_thread.h:265 xbmc#19 0x55bf35608b3d in _M_run /usr/include/c++/12.2.1/bits/std_thread.h:210 xbmc#20 0x7ff0e90d72c2 in execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:82 Thread T46 created by T43 here: #0 0x7ff0eba64207 in __interceptor_pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:207 xbmc#1 0x7ff0e90d73a9 in __gthread_create /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:663 xbmc#2 0x7ff0e90d73a9 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:147 xbmc#3 0x55bf356077d6 in CThread::Create(bool) /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:159 xbmc#4 0x55bf36892a8a in PVR::CPVREpgContainer::Start() /home/dobo/kodi/xbmc/xbmc/pvr/epg/EpgContainer.cpp:153 xbmc#5 0x55bf36b1ae80 in PVR::CPVRManager::Process() /home/dobo/kodi/xbmc/xbmc/pvr/PVRManager.cpp:513 xbmc#6 0x55bf35608346 in CThread::Action() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:267 xbmc#7 0x55bf35606c3c in operator() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:138 xbmc#8 0x55bf35608dd0 in __invoke_impl<void, CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/12.2.1/bits/invoke.h:61 xbmc#9 0x55bf35608c89 in __invoke<CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/12.2.1/bits/invoke.h:96 xbmc#10 0x55bf35608bbc in _M_invoke<0, 1, 2> /usr/include/c++/12.2.1/bits/std_thread.h:258 xbmc#11 0x55bf35608b59 in operator() /usr/include/c++/12.2.1/bits/std_thread.h:265 xbmc#12 0x55bf35608b3d in _M_run /usr/include/c++/12.2.1/bits/std_thread.h:210 xbmc#13 0x7ff0e90d72c2 in execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:82 Thread T43 created by T24 here: #0 0x7ff0eba64207 in __interceptor_pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:207 xbmc#1 0x7ff0e90d73a9 in __gthread_create /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:663 xbmc#2 0x7ff0e90d73a9 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:147 xbmc#3 0x55bf356077d6 in CThread::Create(bool) /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:159 xbmc#4 0x55bf36b1a1f6 in PVR::CPVRManager::Start() /home/dobo/kodi/xbmc/xbmc/pvr/PVRManager.cpp:388 xbmc#5 0x55bf36a80919 in PVR::CPVRClients::UpdateClients(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, unsigned int) /home/dobo/kodi/xbmc/xbmc/pvr/addons/PVRClients.cpp:212 xbmc#6 0x55bf36a7e4e8 in PVR::CPVRClients::Start() /home/dobo/kodi/xbmc/xbmc/pvr/addons/PVRClients.cpp:59 xbmc#7 0x55bf36b19e06 in operator() /home/dobo/kodi/xbmc/xbmc/pvr/PVRManager.cpp:362 xbmc#8 0x55bf36b2c143 in DoWork /home/dobo/kodi/xbmc/xbmc/utils/JobManager.h:39 xbmc#9 0x55bf35422489 in CJobWorker::Process() /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:55 xbmc#10 0x55bf35608346 in CThread::Action() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:267 xbmc#11 0x55bf35606c3c in operator() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:138 xbmc#12 0x55bf35608dd0 in __invoke_impl<void, CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/12.2.1/bits/invoke.h:61 xbmc#13 0x55bf35608c89 in __invoke<CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/12.2.1/bits/invoke.h:96 xbmc#14 0x55bf35608bbc in _M_invoke<0, 1, 2> /usr/include/c++/12.2.1/bits/std_thread.h:258 xbmc#15 0x55bf35608b59 in operator() /usr/include/c++/12.2.1/bits/std_thread.h:265 xbmc#16 0x55bf35608b3d in _M_run /usr/include/c++/12.2.1/bits/std_thread.h:210 xbmc#17 0x7ff0e90d72c2 in execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:82 Thread T24 created by T0 here: #0 0x7ff0eba64207 in __interceptor_pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:207 xbmc#1 0x7ff0e90d73a9 in __gthread_create /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:663 xbmc#2 0x7ff0e90d73a9 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:147 xbmc#3 0x55bf356077d6 in CThread::Create(bool) /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:159 xbmc#4 0x55bf354221c2 in CJobWorker::CJobWorker(CJobManager*) /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:32 xbmc#5 0x55bf354261d2 in CJobManager::StartWorkers(CJob::PRIORITY) /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:288 xbmc#6 0x55bf35425693 in CJobManager::AddJob(CJob*, IJobCallback*, CJob::PRIORITY) /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:247 xbmc#7 0x55bf35d64c96 in Submit<CApplication::Initialize()::<lambda()> > /home/dobo/kodi/xbmc/xbmc/utils/JobManager.h:261 xbmc#8 0x55bf35d3f094 in CApplication::Initialize() /home/dobo/kodi/xbmc/xbmc/application/Application.cpp:655 xbmc#9 0x55bf356ae6b8 in XBMC_Run /home/dobo/kodi/xbmc/xbmc/platform/xbmc.cpp:43 xbmc#10 0x55bf34321830 in main /home/dobo/kodi/xbmc/xbmc/platform/posix/main.cpp:71 xbmc#11 0x7ff0e9c9a78f (/usr/lib/libc.so.6+0x2378f) SUMMARY: AddressSanitizer: heap-use-after-free /usr/src/debug/gcc/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:827 in __interceptor_memcpy Shadow bytes around the buggy address: 0x0c0e800153b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e800153c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e800153d0: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa 0x0c0e800153e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e800153f0: fa fa fa fa fa fa fa fa fa fa fd fd fd fd fd fd =>0x0c0e80015400: fd fd fd fa fa fa fa fa[fd]fd fd fd fd fd fd fd 0x0c0e80015410: fd fa fa fa fa fa fd fd fd fd fd fd fd fd fd fa 0x0c0e80015420: fa fa fa fa 00 00 00 00 00 00 00 00 00 fa fa fa 0x0c0e80015430: fa fa fd fd fd fd fd fd fd fd fd fa fa fa fa fa 0x0c0e80015440: fa fa fa fa fa fa fa fa fa fa fa fa fa fa 00 00 0x0c0e80015450: 00 00 00 00 00 00 00 fa fa fa fa fa fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==34632==ABORTING

To prevent the leaks the CInputStreamAddon instance takes ownership of the CDemuxStream objects created in the cb_get_stream_transfer callback. Example output of address sanitizer: Direct leak of 1776 byte(s) in 6 object(s) allocated from: #0 0x55dc6314f7e2 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xb4bc7e2) (BuildId: cbd496f42c6c4585c86580a090c0960e7fc39797) xbmc#1 0x55dc64549c39 in CInputStreamAddon::cb_get_stream_transfer(void*, int, INPUTSTREAM_INFO*) xbmc/cores/VideoPlayer/DVDInputStreams/InputStreamAddon.cpp:413:38 xbmc#2 0x???????????? in kodi::addon::CInstanceInputStream::ADDON_GetStream(AddonInstance_InputStream const*, int, INPUTSTREAM_INFO*, void**, void* (*)(void*, int, INPUTSTREAM_INFO*)) xbmc/addons/kodi-dev-kit/include/kodi/addon-instance/Inputstream.h:1888 xbmc#3 0x55dc645490bc in CInputStreamAddon::GetStream(int) const xbmc/cores/VideoPlayer/DVDInputStreams/InputStreamAddon.cpp:381:14 xbmc#4 0x55dc64548821 in CInputStreamAddon::GetStreams() const xbmc/cores/VideoPlayer/DVDInputStreams/InputStreamAddon.cpp:371:32 xbmc#5 0x55dc64548a76 in non-virtual thunk to CInputStreamAddon::GetStreams() const xbmc/cores/VideoPlayer/DVDInputStreams/InputStreamAddon.cpp xbmc#6 0x55dc646822e0 in CDVDDemuxClient::RequestStreams() xbmc/cores/VideoPlayer/DVDDemuxers/DVDDemuxClient.cpp:402:32 xbmc#7 0x55dc64681cd1 in CDVDDemuxClient::Open(std::shared_ptr<CDVDInputStream>) xbmc/cores/VideoPlayer/DVDDemuxers/DVDDemuxClient.cpp:76:3 xbmc#8 0x55dc64785ede in CDVDFactoryDemuxer::CreateDemuxer(std::shared_ptr<CDVDInputStream> const&, bool) xbmc/cores/VideoPlayer/DVDDemuxers/DVDFactoryDemuxer.cpp:58:17 xbmc#9 0x55dc64b065e9 in CVideoPlayer::OpenDemuxStream() xbmc/cores/VideoPlayer/VideoPlayer.cpp:830:22 xbmc#10 0x55dc64b2288f in CVideoPlayer::Prepare() xbmc/cores/VideoPlayer/VideoPlayer.cpp:1250:8 xbmc#11 0x55dc64b36b31 in CVideoPlayer::Process() xbmc/cores/VideoPlayer/VideoPlayer.cpp:1357:3 xbmc#12 0x55dc64b72298 in non-virtual thunk to CVideoPlayer::Process() xbmc/cores/VideoPlayer/VideoPlayer.cpp xbmc#13 0x55dc6626eda2 in CThread::Action() xbmc/threads/Thread.cpp:283:5 xbmc#14 0x55dc662715b9 in CThread::Create(bool)::$_0::operator()(CThread*, std::promise<bool>) const xbmc/threads/Thread.cpp:152:18 xbmc#15 0x55dc66270246 in void std::__invoke_impl<void, CThread::Create(bool)::$_0, CThread*, std::promise<bool>>(std::__invoke_other, CThread::Create(bool)::$_0&&, CThread*&&, std::promise<bool>&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/invoke.h:61:14 xbmc#16 0x55dc6626fe76 in std::__invoke_result<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>::type std::__invoke<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>(CThread::Create(bool)::$_0&&, CThread*&&, std::promise<bool>&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/invoke.h:96:14 xbmc#17 0x55dc6626fdaf in void std::thread::_Invoker<std::tuple<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>>::_M_invoke<0ul, 1ul, 2ul>(std::_Index_tuple<0ul, 1ul, 2ul>) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/std_thread.h:292:13 xbmc#18 0x55dc6626fc28 in std::thread::_Invoker<std::tuple<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>>::operator()() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/std_thread.h:299:11 xbmc#19 0x55dc6626f7f8 in std::thread::_State_impl<std::thread::_Invoker<std::tuple<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>>>::_M_run() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/std_thread.h:244:13 xbmc#20 0x7ff10cae1942 in execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:104:18

UBSAN error: xbmc/network/websocket/WebSocket.cpp:107:14: runtime error: load of misaligned address 0x63100021c802 for type 'const uint32_t' (aka 'const unsigned int'), which requires 4 byte alignment 0x63100021c802: note: pointer points here 00 00 88 82 cf d3 5c c3 cc 3a 00 be be be be be be be be be be be be be be be be be be be be be ^ #0 0x56360048bf64 in CWebSocketFrame::CWebSocketFrame(char const*, unsigned long) xbmc/network/websocket/WebSocket.cpp:107:14 xbmc#1 0x5636004a6905 in CWebSocketV8::GetFrame(char const*, unsigned long) xbmc/network/websocket/WebSocketV8.cpp:145:14 xbmc#2 0x563600491ec9 in CWebSocket::Handle(char const*&, unsigned long&, bool&) xbmc/network/websocket/WebSocket.cpp:298:34 xbmc#3 0x5636005b05dd in JSONRPC::CTCPServer::CWebSocketClient::PushBuffer(JSONRPC::CTCPServer*, char const*, int) xbmc/network/TCPServer.cpp:716:29 xbmc#4 0x5636005a3760 in JSONRPC::CTCPServer::Process() xbmc/network/TCPServer.cpp:171:33 xbmc#5 0x5636005a6858 in non-virtual thunk to JSONRPC::CTCPServer::Process() xbmc/network/TCPServer.cpp xbmc#6 0x5635fca1fe32 in CThread::Action() xbmc/threads/Thread.cpp:283:5 xbmc#7 0x5635fca225f6 in CThread::Create(bool)::$_0::operator()(CThread*, std::promise<bool>) const xbmc/threads/Thread.cpp:152:18 xbmc#8 0x5635fca212d6 in void std::__invoke_impl<void, CThread::Create(bool)::$_0, CThread*, std::promise<bool>>(std::__invoke_other, CThread::Create(bool)::$_0&&, CThread*&&, std::promise<bool>&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/invoke.h:61:14 xbmc#9 0x5635fca20f06 in std::__invoke_result<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>::type std::__invoke<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>(CThread::Create(bool)::$_0&&, CThread*&&, std::promise<bool>&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/invoke.h:96:14 xbmc#10 0x5635fca20e3f in void std::thread::_Invoker<std::tuple<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>>::_M_invoke<0ul, 1ul, 2ul>(std::_Index_tuple<0ul, 1ul, 2ul>) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/std_thread.h:292:13 xbmc#11 0x5635fca20cb8 in std::thread::_Invoker<std::tuple<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>>::operator()() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/std_thread.h:299:11 xbmc#12 0x5635fca20888 in std::thread::_State_impl<std::thread::_Invoker<std::tuple<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>>>::_M_run() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/std_thread.h:244:13 xbmc#13 0x7f03890e1942 in execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:104:18 xbmc#14 0x7f038a88c9ea (/usr/lib/libc.so.6+0x8c9ea) (BuildId: 316d0d3666387f0e8fb98773f51aa1801027c5ab) xbmc#15 0x7f038a910dfb (/usr/lib/libc.so.6+0x110dfb) (BuildId: 316d0d3666387f0e8fb98773f51aa1801027c5ab) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior xbmc/network/websocket/WebSocket.cpp:107:14 in

…erateDevicesEx * Heap-use-after-free [1] happens when EnumerateDevicesEx calls `GetName` on the registry instance. The string view containing `m_name` in CPipewireGlobal has been already freed by the pipewire library in `connection_ensure_size` function [2]. * In order to mitigate the issue copy the strings returned from pipewire. [1]: ================================================================= ==14082==ERROR: AddressSanitizer: heap-use-after-free on address 0x633000010e60 at pc 0x7effc8461003 bp 0x7effa7bb1e50 sp 0x7effa7bb15f8 READ of size 55 at 0x633000010e60 thread T19 #0 0x7effc8461002 in __interceptor_memcpy /usr/src/debug/gcc/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:899 xbmc#1 0x7effc6f11222 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_mutate(unsigned long, unsigned long, char const*, unsigned long) (/usr/lib/libtinyxml.so.0+0xf222) (BuildId: 2f5d236264d4d695dbe432f41e1eb46c7bc2d5d4) xbmc#2 0x7effc575a8eb in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_replace(unsigned long, unsigned long, char const*, unsigned long) /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/bits/basic_string.tcc:543 xbmc#3 0x55921037c9e7 in std::enable_if<std::__and_<std::is_convertible<std::basic_string_view<char, std::char_traits<char> > const&, std::basic_string_view<char, std::char_traits<char> > >, std::__not_<std::is_convertible<std::basic_string_view<char, std::char_traits<char> > const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const*> >, std::__not_<std::is_convertible<std::basic_string_view<char, std::char_traits<char> > const&, char const*> > >::value, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&>::type std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::assign<std::basic_string_view<char, std::char_traits<char> > >(std::basic_string_view<char, std::char_traits<char> > const&) /usr/include/c++/13.2.1/bits/basic_string.h:1733 xbmc#4 0x55921037b622 in std::enable_if<std::__and_<std::is_convertible<std::basic_string_view<char, std::char_traits<char> > const&, std::basic_string_view<char, std::char_traits<char> > >, std::__not_<std::is_convertible<std::basic_string_view<char, std::char_traits<char> > const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const*> >, std::__not_<std::is_convertible<std::basic_string_view<char, std::char_traits<char> > const&, char const*> > >::value, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&>::type std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::operator=<std::basic_string_view<char, std::char_traits<char> > >(std::basic_string_view<char, std::char_traits<char> > const&) /usr/include/c++/13.2.1/bits/basic_string.h:925 xbmc#5 0x559213183577 in AE::SINK::CAESinkPipewire::EnumerateDevicesEx(std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool) /home/dobo/kodi/xbmc/xbmc/cores/AudioEngine/Sinks/pipewire/AESinkPipewire.cpp:310 xbmc#6 0x55921316198a in void std::__invoke_impl<void, void (*&)(std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool), std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool>(std::__invoke_other, void (*&)(std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool), std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool&&) (/usr/lib/kodi/kodi.bin+0x623998a) (BuildId: a994426076ec43899fd3927b99c3ccdf5393f60f) xbmc#7 0x55921316015a in std::enable_if<is_invocable_r_v<void, void (*&)(std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool), std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool>, void>::type std::__invoke_r<void, void (*&)(std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool), std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool>(void (*&)(std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool), std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool&&) /usr/include/c++/13.2.1/bits/invoke.h:111 xbmc#8 0x55921315befe in std::_Function_handler<void (std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool), void (*)(std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool)>::_M_invoke(std::_Any_data const&, std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool&&) /usr/include/c++/13.2.1/bits/std_function.h:290 xbmc#9 0x5592130a86bf in std::function<void (std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool)>::operator()(std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool) const /usr/include/c++/13.2.1/bits/std_function.h:591 xbmc#10 0x5592130a6e5a in AE::CAESinkFactory::EnumerateEx(std::vector<AE::AESinkInfo, std::allocator<AE::AESinkInfo> >&, bool, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/dobo/kodi/xbmc/xbmc/cores/AudioEngine/AESinkFactory.cpp:101 xbmc#11 0x559213110f45 in ActiveAE::CActiveAESink::EnumerateSinkList(bool, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >) /home/dobo/kodi/xbmc/xbmc/cores/AudioEngine/Engines/ActiveAE/ActiveAESink.cpp:702 xbmc#12 0x5592130bdfc2 in ActiveAE::CActiveAE::StateMachine(int, Actor::Protocol*, Actor::Message*) /home/dobo/kodi/xbmc/xbmc/cores/AudioEngine/Engines/ActiveAE/ActiveAE.cpp:517 xbmc#13 0x5592130c2baa in ActiveAE::CActiveAE::Process() /home/dobo/kodi/xbmc/xbmc/cores/AudioEngine/Engines/ActiveAE/ActiveAE.cpp:1070 xbmc#14 0x55921106f9e2 in CThread::Action() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:283 xbmc#15 0x55921106e300 in operator() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:152 xbmc#16 0x559211070410 in __invoke_impl<void, CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/13.2.1/bits/invoke.h:61 xbmc#17 0x5592110702c9 in __invoke<CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/13.2.1/bits/invoke.h:96 xbmc#18 0x5592110701fc in _M_invoke<0, 1, 2> /usr/include/c++/13.2.1/bits/std_thread.h:292 xbmc#19 0x559211070199 in operator() /usr/include/c++/13.2.1/bits/std_thread.h:299 xbmc#20 0x55921107017d in _M_run /usr/include/c++/13.2.1/bits/std_thread.h:244 xbmc#21 0x7effc56e1942 in execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:104 xbmc#22 0x7effc628c9ea (/usr/lib/libc.so.6+0x8c9ea) (BuildId: 316d0d3666387f0e8fb98773f51aa1801027c5ab) xbmc#23 0x7effc6310dfb (/usr/lib/libc.so.6+0x110dfb) (BuildId: 316d0d3666387f0e8fb98773f51aa1801027c5ab) 0x633000010e60 is located 67168 bytes inside of 98304-byte region [0x633000000800,0x633000018800) freed by thread T3 here: #0 0x7effc84e007a in __interceptor_realloc /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:85 xbmc#1 0x7effbee91c2f in connection_ensure_size ../pipewire/src/modules/module-protocol-native/connection.c:143 previously allocated by thread T3 here: #0 0x7effc84e007a in __interceptor_realloc /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:85 xbmc#1 0x7effbee91c2f in connection_ensure_size ../pipewire/src/modules/module-protocol-native/connection.c:143 Thread T19 created by T0 here: #0 0x7effc844a497 in __interceptor_pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:208 xbmc#1 0x7effc56e1a29 in __gthread_create /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:663 xbmc#2 0x7effc56e1a29 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:172 xbmc#3 0x55921106ee30 in CThread::Create(bool) /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:175 xbmc#4 0x5592130d96cd in ActiveAE::CActiveAE::Start() /home/dobo/kodi/xbmc/xbmc/cores/AudioEngine/Engines/ActiveAE/ActiveAE.cpp:2675 xbmc#5 0x5592117bc377 in CApplication::Initialize() /home/dobo/kodi/xbmc/xbmc/application/Application.cpp:610 xbmc#6 0x559211124646 in XBMC_Run /home/dobo/kodi/xbmc/xbmc/platform/xbmc.cpp:43 xbmc#7 0x55920fd30a70 in main /home/dobo/kodi/xbmc/xbmc/platform/posix/main.cpp:77 xbmc#8 0x7effc6227ccf (/usr/lib/libc.so.6+0x27ccf) (BuildId: 316d0d3666387f0e8fb98773f51aa1801027c5ab) Thread T3 created by T0 here: #0 0x7effc844a497 in __interceptor_pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:208 xbmc#1 0x7effc7e73e5f in impl_create ../pipewire/src/pipewire/thread.c:68 SUMMARY: AddressSanitizer: heap-use-after-free /usr/src/debug/gcc/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:899 in __interceptor_memcpy Shadow bytes around the buggy address: 0x633000010b80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x633000010c00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x633000010c80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x633000010d00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x633000010d80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x633000010e00: fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd 0x633000010e80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x633000010f00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x633000010f80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x633000011000: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x633000011080: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==14082==ABORTING [2]: https://github.com/PipeWire/pipewire/blob/b5c3f217926f9066a1afbee7eb20967dd6896c56/src/modules/module-protocol-native/connection.c#L143C8-L143C15

…temCurrentFile * There's a possibility of a race codition on CApplicationPlayerCallback::m_itemCurrentFile leading to heap-use-after-free reported by the address sanitizer [1]. * The crash happens when GUI_MSG_UPDATE_ITEM is being handled. CApplicationPlayerCallback::m_itemCurrentFile can be accessed concurrently by the main thread in CApplication::OnMessage and CApplicationPlayerCallback::OnPlayBackStarted in the video thread. Sometimes CApplicationPlayerCallback::OnPlayBackStarted is called first, resets the m_itemCurrentFile (and deallocates the object). Then CApplication::OnMessage tries to read it - this is where heap-use-after-free occurs. * In order to mitigate the issue introduce additional messages GUI_MSG_PLAYBACK_PAUSED, GUI_MSG_PLAYBACK_RESUMED, GUI_MSG_PLAYBACK_PAUSED and GUI_MSG_PLAYBACK_SPEED_CHANGED. Those messages are sent from the GUI thread to the main thread. That way the access to CApplicationPlayerCallback::m_itemCurrentFile is serialized (it will be accessed only from the main thread). * Fixes xbmc#23247. [1]: ================================================================= ==34632==ERROR: AddressSanitizer: heap-use-after-free on address 0x6070000ea040 at pc 0x7ff0eba5f427 bp 0x7ffc508e6f90 sp 0x7ffc508e6738 WRITE of size 65 at 0x6070000ea040 thread T0 #0 0x7ff0eba5f426 in __interceptor_memcpy /usr/src/debug/gcc/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:827 xbmc#1 0x7ff0ea8b1135 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_assign(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (/usr/lib/libtinyxml.so.0+0xf135) xbmc#2 0x7ff0e914c49d in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::assign(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/bits/basic_string.h:1571 xbmc#3 0x7ff0e914c49d in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::operator=(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/bits/basic_string.h:805 xbmc#4 0x55bf362b423b in CFileItem::SetDynPath(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/dobo/kodi/xbmc/xbmc/FileItem.cpp:2021 xbmc#5 0x55bf362af7bb in CFileItem::UpdateInfo(CFileItem const&, bool) /home/dobo/kodi/xbmc/xbmc/FileItem.cpp:1741 xbmc#6 0x55bf35d56d30 in CApplication::OnMessage(CGUIMessage&) /home/dobo/kodi/xbmc/xbmc/application/Application.cpp:2727 xbmc#7 0x55bf35b590ba in CGUIWindowManager::SendMessage(CGUIMessage&) /home/dobo/kodi/xbmc/xbmc/guilib/GUIWindowManager.cpp:499 xbmc#8 0x55bf35b65e30 in CGUIWindowManager::DispatchThreadMessages() /home/dobo/kodi/xbmc/xbmc/guilib/GUIWindowManager.cpp:1561 xbmc#9 0x55bf35d5bfe2 in CApplication::Process() /home/dobo/kodi/xbmc/xbmc/application/Application.cpp:3100 xbmc#10 0x55bf35d4c2e0 in CApplication::Run() /home/dobo/kodi/xbmc/xbmc/application/Application.cpp:1907 xbmc#11 0x55bf356ae727 in XBMC_Run /home/dobo/kodi/xbmc/xbmc/platform/xbmc.cpp:61 xbmc#12 0x55bf34321830 in main /home/dobo/kodi/xbmc/xbmc/platform/posix/main.cpp:71 xbmc#13 0x7ff0e9c9a78f (/usr/lib/libc.so.6+0x2378f) xbmc#14 0x7ff0e9c9a849 in __libc_start_main (/usr/lib/libc.so.6+0x23849) xbmc#15 0x55bf343213d4 in _start (/usr/lib/kodi/kodi.bin+0x2c263d4) 0x6070000ea040 is located 0 bytes inside of 66-byte region [0x6070000ea040,0x6070000ea082) freed by thread T62 here: #0 0x7ff0ebac11fa in operator delete(void*) /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_new_delete.cpp:152 xbmc#1 0x55bf3629cc1b in CFileItem::~CFileItem() /home/dobo/kodi/xbmc/xbmc/FileItem.cpp:439 xbmc#2 0x55bf3629ccbb in CFileItem::~CFileItem() /home/dobo/kodi/xbmc/xbmc/FileItem.cpp:439 xbmc#3 0x55bf3440220d in std::_Sp_counted_ptr<CFileItem*, (__gnu_cxx::_Lock_policy)2>::_M_dispose() /usr/include/c++/12.2.1/bits/shared_ptr_base.h:428 xbmc#4 0x55bf34321add in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() /usr/include/c++/12.2.1/bits/shared_ptr_base.h:346 xbmc#5 0x55bf34321e57 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() /usr/include/c++/12.2.1/bits/shared_ptr_base.h:1071 xbmc#6 0x55bf343f1309 in std::__shared_ptr<CFileItem, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() /usr/include/c++/12.2.1/bits/shared_ptr_base.h:1524 xbmc#7 0x55bf343f65f6 in std::enable_if<std::__sp_is_constructible<CFileItem, CFileItem>::value, void>::type std::__shared_ptr<CFileItem, (__gnu_cxx::_Lock_policy)2>::reset<CFileItem>(CFileItem*) (/usr/lib/kodi/kodi.bin+0x2cfb5f6) xbmc#8 0x55bf35da0e50 in CApplicationPlayerCallback::OnPlayBackStarted(CFileItem const&) /home/dobo/kodi/xbmc/xbmc/application/ApplicationPlayerCallback.cpp:84 xbmc#9 0x55bf34dbd001 in operator() /home/dobo/kodi/xbmc/xbmc/cores/VideoPlayer/VideoPlayer.cpp:2631 xbmc#10 0x55bf34de836b in DoWork /home/dobo/kodi/xbmc/xbmc/utils/JobManager.h:39 xbmc#11 0x55bf35422489 in CJobWorker::Process() /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:55 xbmc#12 0x55bf35608346 in CThread::Action() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:267 xbmc#13 0x55bf35606c3c in operator() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:138 xbmc#14 0x55bf35608dd0 in __invoke_impl<void, CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/12.2.1/bits/invoke.h:61 xbmc#15 0x55bf35608c89 in __invoke<CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/12.2.1/bits/invoke.h:96 xbmc#16 0x55bf35608bbc in _M_invoke<0, 1, 2> /usr/include/c++/12.2.1/bits/std_thread.h:258 xbmc#17 0x55bf35608b59 in operator() /usr/include/c++/12.2.1/bits/std_thread.h:265 xbmc#18 0x55bf35608b3d in _M_run /usr/include/c++/12.2.1/bits/std_thread.h:210 xbmc#19 0x7ff0e90d72c2 in execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:82 previously allocated by thread T62 here: #0 0x7ff0ebac0672 in operator new(unsigned long) /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_new_delete.cpp:95 xbmc#1 0x7ff0ea8b10fb in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_assign(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (/usr/lib/libtinyxml.so.0+0xf0fb) Thread T62 created by T46 here: #0 0x7ff0eba64207 in __interceptor_pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:207 xbmc#1 0x7ff0e90d73a9 in __gthread_create /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:663 xbmc#2 0x7ff0e90d73a9 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:147 xbmc#3 0x55bf356077d6 in CThread::Create(bool) /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:159 xbmc#4 0x55bf354221c2 in CJobWorker::CJobWorker(CJobManager*) /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:32 xbmc#5 0x55bf354261d2 in CJobManager::StartWorkers(CJob::PRIORITY) /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:288 xbmc#6 0x55bf35425693 in CJobManager::AddJob(CJob*, IJobCallback*, CJob::PRIORITY) /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:247 xbmc#7 0x55bf3542406d in CJobQueue::QueueNextJob() /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:147 xbmc#8 0x55bf354239ed in CJobQueue::AddJob(CJob*) /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:124 xbmc#9 0x55bf368a363b in void CJobQueue::Submit<CEventSource<PVR::PVREvent>::Publish<PVR::PVREvent>(PVR::PVREvent)::{lambda()xbmc#1}>(CEventSource<PVR::PVREvent>::Publish<PVR::PVREvent>(PVR::PVREvent)::{lambda()xbmc#1}&&) (/usr/lib/kodi/kodi.bin+0x51a863b) xbmc#10 0x55bf368a0d18 in void CEventSource<PVR::PVREvent>::Publish<PVR::PVREvent>(PVR::PVREvent) /home/dobo/kodi/xbmc/xbmc/utils/EventStream.h:80 xbmc#11 0x55bf3689b4db in PVR::CPVREpgContainer::UpdateEPG(bool) /home/dobo/kodi/xbmc/xbmc/pvr/epg/EpgContainer.cpp:805 xbmc#12 0x55bf36894d13 in PVR::CPVREpgContainer::Process() /home/dobo/kodi/xbmc/xbmc/pvr/epg/EpgContainer.cpp:346 xbmc#13 0x55bf35608346 in CThread::Action() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:267 xbmc#14 0x55bf35606c3c in operator() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:138 xbmc#15 0x55bf35608dd0 in __invoke_impl<void, CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/12.2.1/bits/invoke.h:61 xbmc#16 0x55bf35608c89 in __invoke<CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/12.2.1/bits/invoke.h:96 xbmc#17 0x55bf35608bbc in _M_invoke<0, 1, 2> /usr/include/c++/12.2.1/bits/std_thread.h:258 xbmc#18 0x55bf35608b59 in operator() /usr/include/c++/12.2.1/bits/std_thread.h:265 xbmc#19 0x55bf35608b3d in _M_run /usr/include/c++/12.2.1/bits/std_thread.h:210 xbmc#20 0x7ff0e90d72c2 in execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:82 Thread T46 created by T43 here: #0 0x7ff0eba64207 in __interceptor_pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:207 xbmc#1 0x7ff0e90d73a9 in __gthread_create /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:663 xbmc#2 0x7ff0e90d73a9 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:147 xbmc#3 0x55bf356077d6 in CThread::Create(bool) /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:159 xbmc#4 0x55bf36892a8a in PVR::CPVREpgContainer::Start() /home/dobo/kodi/xbmc/xbmc/pvr/epg/EpgContainer.cpp:153 xbmc#5 0x55bf36b1ae80 in PVR::CPVRManager::Process() /home/dobo/kodi/xbmc/xbmc/pvr/PVRManager.cpp:513 xbmc#6 0x55bf35608346 in CThread::Action() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:267 xbmc#7 0x55bf35606c3c in operator() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:138 xbmc#8 0x55bf35608dd0 in __invoke_impl<void, CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/12.2.1/bits/invoke.h:61 xbmc#9 0x55bf35608c89 in __invoke<CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/12.2.1/bits/invoke.h:96 xbmc#10 0x55bf35608bbc in _M_invoke<0, 1, 2> /usr/include/c++/12.2.1/bits/std_thread.h:258 xbmc#11 0x55bf35608b59 in operator() /usr/include/c++/12.2.1/bits/std_thread.h:265 xbmc#12 0x55bf35608b3d in _M_run /usr/include/c++/12.2.1/bits/std_thread.h:210 xbmc#13 0x7ff0e90d72c2 in execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:82 Thread T43 created by T24 here: #0 0x7ff0eba64207 in __interceptor_pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:207 xbmc#1 0x7ff0e90d73a9 in __gthread_create /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:663 xbmc#2 0x7ff0e90d73a9 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:147 xbmc#3 0x55bf356077d6 in CThread::Create(bool) /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:159 xbmc#4 0x55bf36b1a1f6 in PVR::CPVRManager::Start() /home/dobo/kodi/xbmc/xbmc/pvr/PVRManager.cpp:388 xbmc#5 0x55bf36a80919 in PVR::CPVRClients::UpdateClients(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, unsigned int) /home/dobo/kodi/xbmc/xbmc/pvr/addons/PVRClients.cpp:212 xbmc#6 0x55bf36a7e4e8 in PVR::CPVRClients::Start() /home/dobo/kodi/xbmc/xbmc/pvr/addons/PVRClients.cpp:59 xbmc#7 0x55bf36b19e06 in operator() /home/dobo/kodi/xbmc/xbmc/pvr/PVRManager.cpp:362 xbmc#8 0x55bf36b2c143 in DoWork /home/dobo/kodi/xbmc/xbmc/utils/JobManager.h:39 xbmc#9 0x55bf35422489 in CJobWorker::Process() /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:55 xbmc#10 0x55bf35608346 in CThread::Action() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:267 xbmc#11 0x55bf35606c3c in operator() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:138 xbmc#12 0x55bf35608dd0 in __invoke_impl<void, CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/12.2.1/bits/invoke.h:61 xbmc#13 0x55bf35608c89 in __invoke<CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/12.2.1/bits/invoke.h:96 xbmc#14 0x55bf35608bbc in _M_invoke<0, 1, 2> /usr/include/c++/12.2.1/bits/std_thread.h:258 xbmc#15 0x55bf35608b59 in operator() /usr/include/c++/12.2.1/bits/std_thread.h:265 xbmc#16 0x55bf35608b3d in _M_run /usr/include/c++/12.2.1/bits/std_thread.h:210 xbmc#17 0x7ff0e90d72c2 in execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:82 Thread T24 created by T0 here: #0 0x7ff0eba64207 in __interceptor_pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:207 xbmc#1 0x7ff0e90d73a9 in __gthread_create /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:663 xbmc#2 0x7ff0e90d73a9 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:147 xbmc#3 0x55bf356077d6 in CThread::Create(bool) /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:159 xbmc#4 0x55bf354221c2 in CJobWorker::CJobWorker(CJobManager*) /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:32 xbmc#5 0x55bf354261d2 in CJobManager::StartWorkers(CJob::PRIORITY) /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:288 xbmc#6 0x55bf35425693 in CJobManager::AddJob(CJob*, IJobCallback*, CJob::PRIORITY) /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:247 xbmc#7 0x55bf35d64c96 in Submit<CApplication::Initialize()::<lambda()> > /home/dobo/kodi/xbmc/xbmc/utils/JobManager.h:261 xbmc#8 0x55bf35d3f094 in CApplication::Initialize() /home/dobo/kodi/xbmc/xbmc/application/Application.cpp:655 xbmc#9 0x55bf356ae6b8 in XBMC_Run /home/dobo/kodi/xbmc/xbmc/platform/xbmc.cpp:43 xbmc#10 0x55bf34321830 in main /home/dobo/kodi/xbmc/xbmc/platform/posix/main.cpp:71 xbmc#11 0x7ff0e9c9a78f (/usr/lib/libc.so.6+0x2378f) SUMMARY: AddressSanitizer: heap-use-after-free /usr/src/debug/gcc/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:827 in __interceptor_memcpy Shadow bytes around the buggy address: 0x0c0e800153b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e800153c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e800153d0: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa 0x0c0e800153e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e800153f0: fa fa fa fa fa fa fa fa fa fa fd fd fd fd fd fd =>0x0c0e80015400: fd fd fd fa fa fa fa fa[fd]fd fd fd fd fd fd fd 0x0c0e80015410: fd fa fa fa fa fa fd fd fd fd fd fd fd fd fd fa 0x0c0e80015420: fa fa fa fa 00 00 00 00 00 00 00 00 00 fa fa fa 0x0c0e80015430: fa fa fd fd fd fd fd fd fd fd fd fa fa fa fa fa 0x0c0e80015440: fa fa fa fa fa fa fa fa fa fa fa fa fa fa 00 00 0x0c0e80015450: 00 00 00 00 00 00 00 fa fa fa fa fa fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==34632==ABORTING

To prevent the leaks the CInputStreamAddon instance takes ownership of the CDemuxStream objects created in the cb_get_stream_transfer callback. Example output of address sanitizer: Direct leak of 1776 byte(s) in 6 object(s) allocated from: #0 0x55dc6314f7e2 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xb4bc7e2) (BuildId: cbd496f42c6c4585c86580a090c0960e7fc39797) xbmc#1 0x55dc64549c39 in CInputStreamAddon::cb_get_stream_transfer(void*, int, INPUTSTREAM_INFO*) xbmc/cores/VideoPlayer/DVDInputStreams/InputStreamAddon.cpp:413:38 xbmc#2 0x???????????? in kodi::addon::CInstanceInputStream::ADDON_GetStream(AddonInstance_InputStream const*, int, INPUTSTREAM_INFO*, void**, void* (*)(void*, int, INPUTSTREAM_INFO*)) xbmc/addons/kodi-dev-kit/include/kodi/addon-instance/Inputstream.h:1888 xbmc#3 0x55dc645490bc in CInputStreamAddon::GetStream(int) const xbmc/cores/VideoPlayer/DVDInputStreams/InputStreamAddon.cpp:381:14 xbmc#4 0x55dc64548821 in CInputStreamAddon::GetStreams() const xbmc/cores/VideoPlayer/DVDInputStreams/InputStreamAddon.cpp:371:32 xbmc#5 0x55dc64548a76 in non-virtual thunk to CInputStreamAddon::GetStreams() const xbmc/cores/VideoPlayer/DVDInputStreams/InputStreamAddon.cpp xbmc#6 0x55dc646822e0 in CDVDDemuxClient::RequestStreams() xbmc/cores/VideoPlayer/DVDDemuxers/DVDDemuxClient.cpp:402:32 xbmc#7 0x55dc64681cd1 in CDVDDemuxClient::Open(std::shared_ptr<CDVDInputStream>) xbmc/cores/VideoPlayer/DVDDemuxers/DVDDemuxClient.cpp:76:3 xbmc#8 0x55dc64785ede in CDVDFactoryDemuxer::CreateDemuxer(std::shared_ptr<CDVDInputStream> const&, bool) xbmc/cores/VideoPlayer/DVDDemuxers/DVDFactoryDemuxer.cpp:58:17 xbmc#9 0x55dc64b065e9 in CVideoPlayer::OpenDemuxStream() xbmc/cores/VideoPlayer/VideoPlayer.cpp:830:22 xbmc#10 0x55dc64b2288f in CVideoPlayer::Prepare() xbmc/cores/VideoPlayer/VideoPlayer.cpp:1250:8 xbmc#11 0x55dc64b36b31 in CVideoPlayer::Process() xbmc/cores/VideoPlayer/VideoPlayer.cpp:1357:3 xbmc#12 0x55dc64b72298 in non-virtual thunk to CVideoPlayer::Process() xbmc/cores/VideoPlayer/VideoPlayer.cpp xbmc#13 0x55dc6626eda2 in CThread::Action() xbmc/threads/Thread.cpp:283:5 xbmc#14 0x55dc662715b9 in CThread::Create(bool)::$_0::operator()(CThread*, std::promise<bool>) const xbmc/threads/Thread.cpp:152:18 xbmc#15 0x55dc66270246 in void std::__invoke_impl<void, CThread::Create(bool)::$_0, CThread*, std::promise<bool>>(std::__invoke_other, CThread::Create(bool)::$_0&&, CThread*&&, std::promise<bool>&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/invoke.h:61:14 xbmc#16 0x55dc6626fe76 in std::__invoke_result<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>::type std::__invoke<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>(CThread::Create(bool)::$_0&&, CThread*&&, std::promise<bool>&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/invoke.h:96:14 xbmc#17 0x55dc6626fdaf in void std::thread::_Invoker<std::tuple<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>>::_M_invoke<0ul, 1ul, 2ul>(std::_Index_tuple<0ul, 1ul, 2ul>) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/std_thread.h:292:13 xbmc#18 0x55dc6626fc28 in std::thread::_Invoker<std::tuple<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>>::operator()() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/std_thread.h:299:11 xbmc#19 0x55dc6626f7f8 in std::thread::_State_impl<std::thread::_Invoker<std::tuple<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>>>::_M_run() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/std_thread.h:244:13 xbmc#20 0x7ff10cae1942 in execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:104:18

Fixes data race warings like this: ================== WARNING: ThreadSanitizer: data race (pid=45819) Read of size 8 at 0x7b1800272650 by thread T220: #0 std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>>, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>>>::_S_left(std::_Rb_tree_node_base*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_tree.h:782:45 xbmc#1 std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>>, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>>>::_M_lower_bound(std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>>*, std::_Rb_tree_node_base*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_tree.h:1953:21 xbmc#2 std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>>, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>>>::lower_bound(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_tree.h:1271:16 xbmc#3 std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, XFILE::CXbtManager::XBTFReader, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>>>::lower_bound(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_map.h:1309:21 xbmc#4 std::enable_if<is_constructible<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, XFILE::CXbtManager::XBTFReader>>::value, std::pair<std::_Rb_tree_iterator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>>, bool>>::type std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, XFILE::CXbtManager::XBTFReader, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>>>::insert<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, XFILE::CXbtManager::XBTFReader>>(std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, XFILE::CXbtManager::XBTFReader>&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_map.h:857:20 xbmc#5 XFILE::CXbtManager::ProcessFile[abi:cxx11](CURL const&) const xbmc/filesystem/XbtManager.cpp:115:61 xbmc#6 XFILE::CXbtManager::GetReader(CURL const&, std::shared_ptr<CXBTFReader>&) const xbmc/filesystem/XbtManager.cpp:47:20 xbmc#7 XFILE::CXbtFile::GetReader(CURL const&, std::shared_ptr<CXBTFReader>&) xbmc/filesystem/XbtFile.cpp:344:37 xbmc#8 XFILE::CXbtFile::GetReaderAndFile(CURL const&, std::shared_ptr<CXBTFReader>&, CXBTFFile&) xbmc/filesystem/XbtFile.cpp:349:8 xbmc#9 XFILE::CXbtFile::Open(CURL const&) xbmc/filesystem/XbtFile.cpp:49:8 xbmc#10 XFILE::CFile::Open(CURL const&, unsigned int) xbmc/filesystem/File.cpp:331:21 xbmc#11 XFILE::CFile::Open(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, unsigned int) xbmc/filesystem/File.cpp:242:10 xbmc#12 XFILE::COverrideFile::Open(CURL const&) xbmc/filesystem/OverrideFile.cpp:32:17 xbmc#13 XFILE::CFile::Open(CURL const&, unsigned int) xbmc/filesystem/File.cpp:331:21 xbmc#14 XFILE::CFile::LoadFile(CURL const&, std::vector<unsigned char, std::allocator<unsigned char>>&) xbmc/filesystem/File.cpp:994:8 xbmc#15 XFILE::CFile::LoadFile(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::vector<unsigned char, std::allocator<unsigned char>>&) xbmc/filesystem/File.cpp:983:10 xbmc#16 CTexture::LoadFromFileInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, unsigned int, unsigned int, bool, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/Texture.cpp:264:12 xbmc#17 CTexture::LoadFromFile(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, unsigned int, unsigned int, bool, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/Texture.cpp:221:16 xbmc#18 CImageLoader::DoWork() xbmc/GUILargeTextureManager.cpp:54:9 xbmc#19 CJobWorker::Process() xbmc/utils/JobManager.cpp:55:22 xbmc#20 CThread::Action() xbmc/threads/Thread.cpp:283:5 xbmc#21 CThread::Create(bool)::$_0::operator()(CThread*, std::promise<bool>) const xbmc/threads/Thread.cpp:152:18 xbmc#22 void std::__invoke_impl<void, CThread::Create(bool)::$_0, CThread*, std::promise<bool>>(std::__invoke_other, CThread::Create(bool)::$_0&&, CThread*&&, std::promise<bool>&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/invoke.h:61:14 xbmc#23 std::__invoke_result<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>::type std::__invoke<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>(CThread::Create(bool)::$_0&&, CThread*&&, std::promise<bool>&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/invoke.h:96:14 xbmc#24 void std::thread::_Invoker<std::tuple<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>>::_M_invoke<0ul, 1ul, 2ul>(std::_Index_tuple<0ul, 1ul, 2ul>) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/std_thread.h:292:13 xbmc#25 std::thread::_Invoker<std::tuple<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>>::operator()() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/std_thread.h:299:11 xbmc#26 std::thread::_State_impl<std::thread::_Invoker<std::tuple<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>>>::_M_run() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/std_thread.h:244:13 xbmc#27 execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:104:18 Previous write of size 8 at 0x7b1800272650 by thread T219: #0 operator new(unsigned long) <null> xbmc#1 std::__new_allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>>>::allocate(unsigned long, void const*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/new_allocator.h:147:27 xbmc#2 std::allocator_traits<std::allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>>>>::allocate(std::allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>>>&, unsigned long) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/alloc_traits.h:482:20 xbmc#3 std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>>, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>>>::_M_get_node() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_tree.h:563:16 xbmc#4 std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>>* std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>>, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>>>::_M_create_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, XFILE::CXbtManager::XBTFReader>>(std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, XFILE::CXbtManager::XBTFReader>&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_tree.h:613:23 xbmc#5 std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>>, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>>>::_Auto_node::_Auto_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, XFILE::CXbtManager::XBTFReader>>(std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>>, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>>>&, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, XFILE::CXbtManager::XBTFReader>&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_tree.h:1637:18 xbmc#6 std::_Rb_tree_iterator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>> std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>>, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>>>::_M_emplace_hint_unique<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, XFILE::CXbtManager::XBTFReader>>(std::_Rb_tree_const_iterator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>>, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, XFILE::CXbtManager::XBTFReader>&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_tree.h:2462:13 xbmc#7 std::_Rb_tree_iterator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>> std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, XFILE::CXbtManager::XBTFReader, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>>>::emplace_hint<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, XFILE::CXbtManager::XBTFReader>>(std::_Rb_tree_const_iterator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>>, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, XFILE::CXbtManager::XBTFReader>&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_map.h:640:16 xbmc#8 std::enable_if<is_constructible<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, XFILE::CXbtManager::XBTFReader>>::value, std::pair<std::_Rb_tree_iterator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>>, bool>>::type std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, XFILE::CXbtManager::XBTFReader, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>>>::insert<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, XFILE::CXbtManager::XBTFReader>>(std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, XFILE::CXbtManager::XBTFReader>&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_map.h:860:15 xbmc#9 XFILE::CXbtManager::ProcessFile[abi:cxx11](CURL const&) const xbmc/filesystem/XbtManager.cpp:115:61 xbmc#10 XFILE::CXbtManager::GetReader(CURL const&, std::shared_ptr<CXBTFReader>&) const xbmc/filesystem/XbtManager.cpp:47:20 xbmc#11 XFILE::CXbtFile::GetReader(CURL const&, std::shared_ptr<CXBTFReader>&) xbmc/filesystem/XbtFile.cpp:344:37 xbmc#12 XFILE::CXbtFile::GetReaderAndFile(CURL const&, std::shared_ptr<CXBTFReader>&, CXBTFFile&) xbmc/filesystem/XbtFile.cpp:349:8 xbmc#13 XFILE::CXbtFile::Open(CURL const&) xbmc/filesystem/XbtFile.cpp:49:8 xbmc#14 XFILE::CFile::Open(CURL const&, unsigned int) xbmc/filesystem/File.cpp:331:21 xbmc#15 XFILE::CFile::Open(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, unsigned int) xbmc/filesystem/File.cpp:242:10 xbmc#16 XFILE::COverrideFile::Open(CURL const&) xbmc/filesystem/OverrideFile.cpp:32:17 xbmc#17 XFILE::CFile::Open(CURL const&, unsigned int) xbmc/filesystem/File.cpp:331:21 xbmc#18 XFILE::CFile::LoadFile(CURL const&, std::vector<unsigned char, std::allocator<unsigned char>>&) xbmc/filesystem/File.cpp:994:8 xbmc#19 XFILE::CFile::LoadFile(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::vector<unsigned char, std::allocator<unsigned char>>&) xbmc/filesystem/File.cpp:983:10 xbmc#20 CTexture::LoadFromFileInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, unsigned int, unsigned int, bool, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/Texture.cpp:264:12 xbmc#21 CTexture::LoadFromFile(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, unsigned int, unsigned int, bool, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/Texture.cpp:221:16 xbmc#22 CImageLoader::DoWork() xbmc/GUILargeTextureManager.cpp:54:9 xbmc#23 CJobWorker::Process() xbmc/utils/JobManager.cpp:55:22 xbmc#24 CThread::Action() xbmc/threads/Thread.cpp:283:5 xbmc#25 CThread::Create(bool)::$_0::operator()(CThread*, std::promise<bool>) const xbmc/threads/Thread.cpp:152:18 xbmc#26 void std::__invoke_impl<void, CThread::Create(bool)::$_0, CThread*, std::promise<bool>>(std::__invoke_other, CThread::Create(bool)::$_0&&, CThread*&&, std::promise<bool>&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/invoke.h:61:14 xbmc#27 std::__invoke_result<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>::type std::__invoke<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>(CThread::Create(bool)::$_0&&, CThread*&&, std::promise<bool>&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/invoke.h:96:14 xbmc#28 void std::thread::_Invoker<std::tuple<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>>::_M_invoke<0ul, 1ul, 2ul>(std::_Index_tuple<0ul, 1ul, 2ul>) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/std_thread.h:292:13 xbmc#29 std::thread::_Invoker<std::tuple<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>>::operator()() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/std_thread.h:299:11 xbmc#30 std::thread::_State_impl<std::thread::_Invoker<std::tuple<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>>>::_M_run() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/std_thread.h:244:13 xbmc#31 execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:104:18 [...] SUMMARY: ThreadSanitizer: data race /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_tree.h:782:45 in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>>, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, XFILE::CXbtManager::XBTFReader>>>::_S_left(std::_Rb_tree_node_base*) ==================

Only remove the child if the node is actually a child. ==51989==ERROR: AddressSanitizer: heap-use-after-free on address 0x511003b69210 at pc 0x5ce4b249275e bp 0x7fff43e1d430 sp 0x7fff43e1d428 READ of size 8 at 0x511003b69210 thread T0 #0 0x5ce4b249275d in TiXmlAttributeSet::First() /usr/include/tinyxml.h:915:50 xbmc#1 0x5ce4b2492098 in TiXmlElement::FirstAttribute() /usr/include/tinyxml.h:1087:61 xbmc#2 0x5ce4b2bb091e in CGUIIncludes::ResolveParametersForNode(TiXmlElement*, std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>>> const&) xbmc/guilib/GUIIncludes.cpp:586:37 xbmc#3 0x5ce4b2bae9bb in CGUIIncludes::ResolveIncludes(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:485:9 xbmc#4 0x5ce4b2ba8eaf in CGUIIncludes::Resolve(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:312:3 xbmc#5 0x5ce4b2ba8fce in CGUIIncludes::Resolve(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:318:5 xbmc#6 0x5ce4b3e808d3 in ADDON::CSkinInfo::ResolveIncludes(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/addons/Skin.cpp:307:14 xbmc#7 0x5ce4b2e00084 in CGUIWindow::Prepare(std::unique_ptr<TiXmlElement, std::default_delete<TiXmlElement>> const&) xbmc/guilib/GUIWindow.cpp:168:15 xbmc#8 0x5ce4b2dff45e in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:15 xbmc#9 0x5ce4b2dfd540 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14 xbmc#10 0x5ce4b2e1cac5 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7 xbmc#11 0x5ce4b2e14c77 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52 xbmc#12 0x5ce4b19ce9d2 in CGUIWindowHome::OnMessage(CGUIMessage&) xbmc/windows/GUIWindowHome.cpp:182:22 xbmc#13 0x5ce4b2e613a1 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15 xbmc#14 0x5ce4b2e5ce3c in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5 xbmc#15 0x5ce4b683ad63 in int (anonymous namespace)::ActivateWindow<true>(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/GUIBuiltins.cpp:109:52 xbmc#16 0x5ce4b6822865 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 xbmc#17 0x5ce4b34047ff in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 xbmc#18 0x5ce4b3400a16 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 xbmc#19 0x5ce4b34058a0 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp xbmc#20 0x5ce4b2e52261 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 xbmc#21 0x5ce4b2e7cc7f in CGUIWindowManager::DispatchThreadMessages() xbmc/guilib/GUIWindowManager.cpp:1572:7 xbmc#22 0x5ce4b3405bfa in CApplication::Process() xbmc/application/Application.cpp:3139:48 xbmc#23 0x5ce4b33ddc98 in CApplication::Run() xbmc/application/Application.cpp:1855:5 xbmc#24 0x5ce4b251b323 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 xbmc#25 0x5ce4af14af0f in main xbmc/platform/posix/main.cpp:70:16 xbmc#26 0x76d804243ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) xbmc#27 0x76d804243d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) xbmc#28 0x5ce4af010b94 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa317b94) (BuildId: 923aa634157be6adc50052366abd3ca0edfeffc0) 0x511003b69210 is located 208 bytes inside of 216-byte region [0x511003b69140,0x511003b69218) freed by thread T0 here: #0 0x5ce4af148d72 in operator delete(void*, unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44fd72) (BuildId: 923aa634157be6adc50052366abd3ca0edfeffc0) xbmc#1 0x76d80670ea48 in TiXmlNode::RemoveChild(TiXmlNode*) (/usr/lib/libtinyxml.so.0+0x8a48) (BuildId: 2f5d236264d4d695dbe432f41e1eb46c7bc2d5d4) xbmc#2 0x5ce4b2bae9a3 in CGUIIncludes::ResolveIncludes(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:482:9 xbmc#3 0x5ce4b2ba8eaf in CGUIIncludes::Resolve(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:312:3 xbmc#4 0x5ce4b2ba8fce in CGUIIncludes::Resolve(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:318:5 xbmc#5 0x5ce4b3e808d3 in ADDON::CSkinInfo::ResolveIncludes(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/addons/Skin.cpp:307:14 xbmc#6 0x5ce4b2e00084 in CGUIWindow::Prepare(std::unique_ptr<TiXmlElement, std::default_delete<TiXmlElement>> const&) xbmc/guilib/GUIWindow.cpp:168:15 xbmc#7 0x5ce4b2dff45e in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:15 xbmc#8 0x5ce4b2dfd540 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14 xbmc#9 0x5ce4b2e1cac5 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7 xbmc#10 0x5ce4b2e14c77 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52 xbmc#11 0x5ce4b19ce9d2 in CGUIWindowHome::OnMessage(CGUIMessage&) xbmc/windows/GUIWindowHome.cpp:182:22 xbmc#12 0x5ce4b2e613a1 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15 xbmc#13 0x5ce4b2e5ce3c in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5 xbmc#14 0x5ce4b683ad63 in int (anonymous namespace)::ActivateWindow<true>(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/GUIBuiltins.cpp:109:52 xbmc#15 0x5ce4b6822865 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 xbmc#16 0x5ce4b34047ff in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 xbmc#17 0x5ce4b3400a16 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 xbmc#18 0x5ce4b34058a0 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp xbmc#19 0x5ce4b2e52261 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 xbmc#20 0x5ce4b2e7cc7f in CGUIWindowManager::DispatchThreadMessages() xbmc/guilib/GUIWindowManager.cpp:1572:7 xbmc#21 0x5ce4b3405bfa in CApplication::Process() xbmc/application/Application.cpp:3139:48 xbmc#22 0x5ce4b33ddc98 in CApplication::Run() xbmc/application/Application.cpp:1855:5 xbmc#23 0x5ce4b251b323 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 xbmc#24 0x5ce4af14af0f in main xbmc/platform/posix/main.cpp:70:16 xbmc#25 0x76d804243ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) previously allocated by thread T0 here: #0 0x5ce4af147e12 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44ee12) (BuildId: 923aa634157be6adc50052366abd3ca0edfeffc0) xbmc#1 0x76d806711497 in TiXmlElement::Clone() const (/usr/lib/libtinyxml.so.0+0xb497) (BuildId: 2f5d236264d4d695dbe432f41e1eb46c7bc2d5d4) SUMMARY: AddressSanitizer: heap-use-after-free /usr/include/tinyxml.h:915:50 in TiXmlAttributeSet::First() Shadow bytes around the buggy address: 0x511003b68f80: 00 00 00 fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69100: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x511003b69180: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x511003b69200: fd fd[fd]fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69280: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69300: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69380: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69400: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69480: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==51989==ABORTING

See comment in code for information. ==30885==ERROR: AddressSanitizer: heap-use-after-free on address 0x51800050bbe8 at pc 0x56aa085d20db bp 0x7ffd92777f50 sp 0x7ffd92777f48 READ of size 1 at 0x51800050bbe8 thread T0 #0 0x56aa085d20da in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:86:9 xbmc#1 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40 xbmc#2 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27 xbmc#3 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28 xbmc#4 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29 xbmc#5 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 xbmc#6 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 xbmc#7 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 xbmc#8 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 xbmc#9 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 xbmc#10 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 xbmc#11 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 xbmc#12 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 xbmc#13 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 xbmc#14 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 xbmc#15 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 xbmc#16 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 xbmc#17 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 xbmc#18 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) xbmc#19 0x7517fb043d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) xbmc#20 0x56aa04d91c54 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa317c54) (BuildId: 7f84180dd757174de6de03b115843129667234d3) 0x51800050bbe8 is located 872 bytes inside of 880-byte region [0x51800050b880,0x51800050bbf0) freed by thread T0 here: #0 0x56aa04ec996a in operator delete(void*) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44f96a) (BuildId: 7f84180dd757174de6de03b115843129667234d3) xbmc#1 0x56aa08ae24d1 in CGUIStaticItem::~CGUIStaticItem() xbmc/guilib/GUIStaticItem.h:55:38 xbmc#2 0x56aa05922763 in std::_Sp_counted_ptr<CGUIStaticItem*, (__gnu_cxx::_Lock_policy)2>::_M_dispose() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:428:9 xbmc#3 0x56aa04ecd0bc in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:346:8 xbmc#4 0x56aa04eccca9 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1071:11 xbmc#5 0x56aa050d1c6c in std::__shared_ptr<CGUIListItem, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1524:31 xbmc#6 0x56aa050c6ee8 in std::shared_ptr<CGUIListItem>::~shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr.h:175:11 xbmc#7 0x56aa08465110 in void std::_Destroy<std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:151:19 xbmc#8 0x56aa0846505e in void std::_Destroy_aux<false>::__destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:163:6 xbmc#9 0x56aa08465024 in void std::_Destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:195:7 xbmc#10 0x56aa084a624b in void std::_Destroy<std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*, std::allocator<std::shared_ptr<CGUIListItem>>&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/alloc_traits.h:947:7 xbmc#11 0x56aa084a624b in std::vector<std::shared_ptr<CGUIListItem>, std::allocator<std::shared_ptr<CGUIListItem>>>::~vector() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_vector.h:732:2 xbmc#12 0x56aa086169e5 in CGUIBaseContainer::~CGUIBaseContainer() xbmc/guilib/GUIBaseContainer.cpp:117:1 xbmc#13 0x56aa08c4a148 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59 xbmc#14 0x56aa08c4a198 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59 xbmc#15 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 xbmc#16 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 xbmc#17 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 xbmc#18 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 xbmc#19 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 xbmc#20 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 xbmc#21 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 xbmc#22 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 xbmc#23 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 xbmc#24 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 xbmc#25 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 xbmc#26 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 xbmc#27 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 xbmc#28 0x56aa08b9f39d in CGUIWindow::ClearAll() xbmc/guilib/GUIWindow.cpp:816:21 xbmc#29 0x56aa08b9ed97 in CGUIWindow::FreeResources(bool) xbmc/guilib/GUIWindow.cpp:799:53 xbmc#30 0x56aa08bf8e34 in CGUIWindowManager::DeInitialize() xbmc/guilib/GUIWindowManager.cpp:1452:14 xbmc#31 0x56aa09264d22 in CApplicationSkinHandling::UnloadSkin() xbmc/application/ApplicationSkinHandling.cpp:235:29 xbmc#32 0x56aa0925e0fd in CApplicationSkinHandling::LoadSkin(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/application/ApplicationSkinHandling.cpp:111:3 xbmc#33 0x56aa0926a8e6 in CApplicationSkinHandling::ReloadSkin(bool) xbmc/application/ApplicationSkinHandling.cpp:390:7 xbmc#34 0x56aa0c635399 in ReloadSkin(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/SkinBuiltins.cpp:46:12 xbmc#35 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 xbmc#36 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 xbmc#37 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 xbmc#38 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp xbmc#39 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 xbmc#40 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52 xbmc#41 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40 xbmc#42 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27 xbmc#43 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28 xbmc#44 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29 xbmc#45 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 xbmc#46 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 xbmc#47 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 xbmc#48 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 xbmc#49 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 xbmc#50 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 xbmc#51 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 xbmc#52 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 xbmc#53 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 xbmc#54 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 xbmc#55 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 xbmc#56 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 xbmc#57 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 xbmc#58 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) previously allocated by thread T0 here: #0 0x56aa04ec8ed2 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44eed2) (BuildId: 7f84180dd757174de6de03b115843129667234d3) xbmc#1 0x56aa084b3183 in CStaticListProvider::CStaticListProvider(TiXmlElement const*, int) xbmc/guilib/listproviders/StaticProvider.cpp:28:33 xbmc#2 0x56aa0849c590 in std::__detail::_MakeUniq<CStaticListProvider>::__single_object std::make_unique<CStaticListProvider, TiXmlElement const*, int&>(TiXmlElement const*&&, int&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/unique_ptr.h:1070:34 xbmc#3 0x56aa0849bac7 in IListProvider::CreateSingle(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:34:12 xbmc#4 0x56aa0849b582 in IListProvider::Create(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:25:12 xbmc#5 0x56aa0864bbe8 in CGUIBaseContainer::LoadListProvider(TiXmlElement*, int, bool) xbmc/guilib/GUIBaseContainer.cpp:1282:20 xbmc#6 0x56aa0871b1c3 in CGUIControlFactory::Create(int, CRectGen<float> const&, TiXmlElement*, bool) xbmc/guilib/GUIControlFactory.cpp:1543:17 xbmc#7 0x56aa08b884c4 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:281:38 xbmc#8 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 xbmc#9 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 xbmc#10 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 xbmc#11 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 xbmc#12 0x56aa08b87cf6 in CGUIWindow::Load(TiXmlElement*) xbmc/guilib/GUIWindow.cpp:264:11 xbmc#13 0x56aa08b80657 in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:10 xbmc#14 0x56aa08b7e6c0 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14 xbmc#15 0x56aa08b9dc45 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7 xbmc#16 0x56aa08b95df7 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52 xbmc#17 0x56aa08be2521 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15 xbmc#18 0x56aa08bddfbc in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5 xbmc#19 0x56aa0c5b75f3 in int (anonymous namespace)::ActivateWindow<false>(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/GUIBuiltins.cpp:109:52 xbmc#20 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 xbmc#21 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 xbmc#22 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 xbmc#23 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp xbmc#24 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 xbmc#25 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52 xbmc#26 0x56aa0867f896 in CGUIButtonControl::OnClick() xbmc/guilib/GUIButtonControl.cpp:393:16 xbmc#27 0x56aa08677e86 in CGUIButtonControl::OnAction(CAction const&) xbmc/guilib/GUIButtonControl.cpp:212:5 xbmc#28 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 xbmc#29 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 xbmc#30 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 xbmc#31 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 xbmc#32 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 xbmc#33 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 xbmc#34 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 xbmc#35 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 xbmc#36 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 xbmc#37 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 xbmc#38 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 xbmc#39 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 xbmc#40 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 xbmc#41 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) SUMMARY: AddressSanitizer: heap-use-after-free xbmc/guilib/GUIAction.cpp:86:9 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const Shadow bytes around the buggy address: 0x51800050b900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050b980: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050ba00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050ba80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050bb00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x51800050bb80: fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fa fa 0x51800050bc00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x51800050bc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050bd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050bd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==30885==ABORTING

Only remove the child if the node is actually a child. ==51989==ERROR: AddressSanitizer: heap-use-after-free on address 0x511003b69210 at pc 0x5ce4b249275e bp 0x7fff43e1d430 sp 0x7fff43e1d428 READ of size 8 at 0x511003b69210 thread T0 #0 0x5ce4b249275d in TiXmlAttributeSet::First() /usr/include/tinyxml.h:915:50 xbmc#1 0x5ce4b2492098 in TiXmlElement::FirstAttribute() /usr/include/tinyxml.h:1087:61 xbmc#2 0x5ce4b2bb091e in CGUIIncludes::ResolveParametersForNode(TiXmlElement*, std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>>> const&) xbmc/guilib/GUIIncludes.cpp:586:37 xbmc#3 0x5ce4b2bae9bb in CGUIIncludes::ResolveIncludes(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:485:9 xbmc#4 0x5ce4b2ba8eaf in CGUIIncludes::Resolve(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:312:3 xbmc#5 0x5ce4b2ba8fce in CGUIIncludes::Resolve(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:318:5 xbmc#6 0x5ce4b3e808d3 in ADDON::CSkinInfo::ResolveIncludes(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/addons/Skin.cpp:307:14 xbmc#7 0x5ce4b2e00084 in CGUIWindow::Prepare(std::unique_ptr<TiXmlElement, std::default_delete<TiXmlElement>> const&) xbmc/guilib/GUIWindow.cpp:168:15 xbmc#8 0x5ce4b2dff45e in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:15 xbmc#9 0x5ce4b2dfd540 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14 xbmc#10 0x5ce4b2e1cac5 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7 xbmc#11 0x5ce4b2e14c77 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52 xbmc#12 0x5ce4b19ce9d2 in CGUIWindowHome::OnMessage(CGUIMessage&) xbmc/windows/GUIWindowHome.cpp:182:22 xbmc#13 0x5ce4b2e613a1 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15 xbmc#14 0x5ce4b2e5ce3c in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5 xbmc#15 0x5ce4b683ad63 in int (anonymous namespace)::ActivateWindow<true>(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/GUIBuiltins.cpp:109:52 xbmc#16 0x5ce4b6822865 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 xbmc#17 0x5ce4b34047ff in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 xbmc#18 0x5ce4b3400a16 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 xbmc#19 0x5ce4b34058a0 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp xbmc#20 0x5ce4b2e52261 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 xbmc#21 0x5ce4b2e7cc7f in CGUIWindowManager::DispatchThreadMessages() xbmc/guilib/GUIWindowManager.cpp:1572:7 xbmc#22 0x5ce4b3405bfa in CApplication::Process() xbmc/application/Application.cpp:3139:48 xbmc#23 0x5ce4b33ddc98 in CApplication::Run() xbmc/application/Application.cpp:1855:5 xbmc#24 0x5ce4b251b323 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 xbmc#25 0x5ce4af14af0f in main xbmc/platform/posix/main.cpp:70:16 xbmc#26 0x76d804243ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) xbmc#27 0x76d804243d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) xbmc#28 0x5ce4af010b94 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa317b94) (BuildId: 923aa634157be6adc50052366abd3ca0edfeffc0) 0x511003b69210 is located 208 bytes inside of 216-byte region [0x511003b69140,0x511003b69218) freed by thread T0 here: #0 0x5ce4af148d72 in operator delete(void*, unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44fd72) (BuildId: 923aa634157be6adc50052366abd3ca0edfeffc0) xbmc#1 0x76d80670ea48 in TiXmlNode::RemoveChild(TiXmlNode*) (/usr/lib/libtinyxml.so.0+0x8a48) (BuildId: 2f5d236264d4d695dbe432f41e1eb46c7bc2d5d4) xbmc#2 0x5ce4b2bae9a3 in CGUIIncludes::ResolveIncludes(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:482:9 xbmc#3 0x5ce4b2ba8eaf in CGUIIncludes::Resolve(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:312:3 xbmc#4 0x5ce4b2ba8fce in CGUIIncludes::Resolve(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:318:5 xbmc#5 0x5ce4b3e808d3 in ADDON::CSkinInfo::ResolveIncludes(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/addons/Skin.cpp:307:14 xbmc#6 0x5ce4b2e00084 in CGUIWindow::Prepare(std::unique_ptr<TiXmlElement, std::default_delete<TiXmlElement>> const&) xbmc/guilib/GUIWindow.cpp:168:15 xbmc#7 0x5ce4b2dff45e in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:15 xbmc#8 0x5ce4b2dfd540 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14 xbmc#9 0x5ce4b2e1cac5 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7 xbmc#10 0x5ce4b2e14c77 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52 xbmc#11 0x5ce4b19ce9d2 in CGUIWindowHome::OnMessage(CGUIMessage&) xbmc/windows/GUIWindowHome.cpp:182:22 xbmc#12 0x5ce4b2e613a1 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15 xbmc#13 0x5ce4b2e5ce3c in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5 xbmc#14 0x5ce4b683ad63 in int (anonymous namespace)::ActivateWindow<true>(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/GUIBuiltins.cpp:109:52 xbmc#15 0x5ce4b6822865 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 xbmc#16 0x5ce4b34047ff in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 xbmc#17 0x5ce4b3400a16 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 xbmc#18 0x5ce4b34058a0 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp xbmc#19 0x5ce4b2e52261 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 xbmc#20 0x5ce4b2e7cc7f in CGUIWindowManager::DispatchThreadMessages() xbmc/guilib/GUIWindowManager.cpp:1572:7 xbmc#21 0x5ce4b3405bfa in CApplication::Process() xbmc/application/Application.cpp:3139:48 xbmc#22 0x5ce4b33ddc98 in CApplication::Run() xbmc/application/Application.cpp:1855:5 xbmc#23 0x5ce4b251b323 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 xbmc#24 0x5ce4af14af0f in main xbmc/platform/posix/main.cpp:70:16 xbmc#25 0x76d804243ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) previously allocated by thread T0 here: #0 0x5ce4af147e12 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44ee12) (BuildId: 923aa634157be6adc50052366abd3ca0edfeffc0) xbmc#1 0x76d806711497 in TiXmlElement::Clone() const (/usr/lib/libtinyxml.so.0+0xb497) (BuildId: 2f5d236264d4d695dbe432f41e1eb46c7bc2d5d4) SUMMARY: AddressSanitizer: heap-use-after-free /usr/include/tinyxml.h:915:50 in TiXmlAttributeSet::First() Shadow bytes around the buggy address: 0x511003b68f80: 00 00 00 fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69100: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x511003b69180: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x511003b69200: fd fd[fd]fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69280: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69300: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69380: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69400: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69480: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==51989==ABORTING (cherry picked from commit 52988c9)

See comment in code for information. ==30885==ERROR: AddressSanitizer: heap-use-after-free on address 0x51800050bbe8 at pc 0x56aa085d20db bp 0x7ffd92777f50 sp 0x7ffd92777f48 READ of size 1 at 0x51800050bbe8 thread T0 #0 0x56aa085d20da in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:86:9 xbmc#1 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40 xbmc#2 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27 xbmc#3 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28 xbmc#4 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29 xbmc#5 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 xbmc#6 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 xbmc#7 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 xbmc#8 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 xbmc#9 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 xbmc#10 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 xbmc#11 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 xbmc#12 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 xbmc#13 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 xbmc#14 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 xbmc#15 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 xbmc#16 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 xbmc#17 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 xbmc#18 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) xbmc#19 0x7517fb043d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) xbmc#20 0x56aa04d91c54 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa317c54) (BuildId: 7f84180dd757174de6de03b115843129667234d3) 0x51800050bbe8 is located 872 bytes inside of 880-byte region [0x51800050b880,0x51800050bbf0) freed by thread T0 here: #0 0x56aa04ec996a in operator delete(void*) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44f96a) (BuildId: 7f84180dd757174de6de03b115843129667234d3) xbmc#1 0x56aa08ae24d1 in CGUIStaticItem::~CGUIStaticItem() xbmc/guilib/GUIStaticItem.h:55:38 xbmc#2 0x56aa05922763 in std::_Sp_counted_ptr<CGUIStaticItem*, (__gnu_cxx::_Lock_policy)2>::_M_dispose() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:428:9 xbmc#3 0x56aa04ecd0bc in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:346:8 xbmc#4 0x56aa04eccca9 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1071:11 xbmc#5 0x56aa050d1c6c in std::__shared_ptr<CGUIListItem, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1524:31 xbmc#6 0x56aa050c6ee8 in std::shared_ptr<CGUIListItem>::~shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr.h:175:11 xbmc#7 0x56aa08465110 in void std::_Destroy<std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:151:19 xbmc#8 0x56aa0846505e in void std::_Destroy_aux<false>::__destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:163:6 xbmc#9 0x56aa08465024 in void std::_Destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:195:7 xbmc#10 0x56aa084a624b in void std::_Destroy<std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*, std::allocator<std::shared_ptr<CGUIListItem>>&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/alloc_traits.h:947:7 xbmc#11 0x56aa084a624b in std::vector<std::shared_ptr<CGUIListItem>, std::allocator<std::shared_ptr<CGUIListItem>>>::~vector() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_vector.h:732:2 xbmc#12 0x56aa086169e5 in CGUIBaseContainer::~CGUIBaseContainer() xbmc/guilib/GUIBaseContainer.cpp:117:1 xbmc#13 0x56aa08c4a148 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59 xbmc#14 0x56aa08c4a198 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59 xbmc#15 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 xbmc#16 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 xbmc#17 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 xbmc#18 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 xbmc#19 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 xbmc#20 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 xbmc#21 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 xbmc#22 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 xbmc#23 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 xbmc#24 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 xbmc#25 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 xbmc#26 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 xbmc#27 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 xbmc#28 0x56aa08b9f39d in CGUIWindow::ClearAll() xbmc/guilib/GUIWindow.cpp:816:21 xbmc#29 0x56aa08b9ed97 in CGUIWindow::FreeResources(bool) xbmc/guilib/GUIWindow.cpp:799:53 xbmc#30 0x56aa08bf8e34 in CGUIWindowManager::DeInitialize() xbmc/guilib/GUIWindowManager.cpp:1452:14 xbmc#31 0x56aa09264d22 in CApplicationSkinHandling::UnloadSkin() xbmc/application/ApplicationSkinHandling.cpp:235:29 xbmc#32 0x56aa0925e0fd in CApplicationSkinHandling::LoadSkin(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/application/ApplicationSkinHandling.cpp:111:3 xbmc#33 0x56aa0926a8e6 in CApplicationSkinHandling::ReloadSkin(bool) xbmc/application/ApplicationSkinHandling.cpp:390:7 xbmc#34 0x56aa0c635399 in ReloadSkin(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/SkinBuiltins.cpp:46:12 xbmc#35 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 xbmc#36 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 xbmc#37 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 xbmc#38 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp xbmc#39 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 xbmc#40 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52 xbmc#41 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40 xbmc#42 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27 xbmc#43 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28 xbmc#44 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29 xbmc#45 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 xbmc#46 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 xbmc#47 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 xbmc#48 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 xbmc#49 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 xbmc#50 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 xbmc#51 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 xbmc#52 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 xbmc#53 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 xbmc#54 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 xbmc#55 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 xbmc#56 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 xbmc#57 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 xbmc#58 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) previously allocated by thread T0 here: #0 0x56aa04ec8ed2 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44eed2) (BuildId: 7f84180dd757174de6de03b115843129667234d3) xbmc#1 0x56aa084b3183 in CStaticListProvider::CStaticListProvider(TiXmlElement const*, int) xbmc/guilib/listproviders/StaticProvider.cpp:28:33 xbmc#2 0x56aa0849c590 in std::__detail::_MakeUniq<CStaticListProvider>::__single_object std::make_unique<CStaticListProvider, TiXmlElement const*, int&>(TiXmlElement const*&&, int&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/unique_ptr.h:1070:34 xbmc#3 0x56aa0849bac7 in IListProvider::CreateSingle(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:34:12 xbmc#4 0x56aa0849b582 in IListProvider::Create(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:25:12 xbmc#5 0x56aa0864bbe8 in CGUIBaseContainer::LoadListProvider(TiXmlElement*, int, bool) xbmc/guilib/GUIBaseContainer.cpp:1282:20 xbmc#6 0x56aa0871b1c3 in CGUIControlFactory::Create(int, CRectGen<float> const&, TiXmlElement*, bool) xbmc/guilib/GUIControlFactory.cpp:1543:17 xbmc#7 0x56aa08b884c4 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:281:38 xbmc#8 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 xbmc#9 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 xbmc#10 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 xbmc#11 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 xbmc#12 0x56aa08b87cf6 in CGUIWindow::Load(TiXmlElement*) xbmc/guilib/GUIWindow.cpp:264:11 xbmc#13 0x56aa08b80657 in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:10 xbmc#14 0x56aa08b7e6c0 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14 xbmc#15 0x56aa08b9dc45 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7 xbmc#16 0x56aa08b95df7 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52 xbmc#17 0x56aa08be2521 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15 xbmc#18 0x56aa08bddfbc in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5 xbmc#19 0x56aa0c5b75f3 in int (anonymous namespace)::ActivateWindow<false>(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/GUIBuiltins.cpp:109:52 xbmc#20 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 xbmc#21 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 xbmc#22 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 xbmc#23 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp xbmc#24 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 xbmc#25 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52 xbmc#26 0x56aa0867f896 in CGUIButtonControl::OnClick() xbmc/guilib/GUIButtonControl.cpp:393:16 xbmc#27 0x56aa08677e86 in CGUIButtonControl::OnAction(CAction const&) xbmc/guilib/GUIButtonControl.cpp:212:5 xbmc#28 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 xbmc#29 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 xbmc#30 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 xbmc#31 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 xbmc#32 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 xbmc#33 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 xbmc#34 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 xbmc#35 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 xbmc#36 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 xbmc#37 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 xbmc#38 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 xbmc#39 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 xbmc#40 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 xbmc#41 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) SUMMARY: AddressSanitizer: heap-use-after-free xbmc/guilib/GUIAction.cpp:86:9 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const Shadow bytes around the buggy address: 0x51800050b900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050b980: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050ba00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050ba80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050bb00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x51800050bb80: fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fa fa 0x51800050bc00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x51800050bc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050bd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050bd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==30885==ABORTING (cherry picked from commit 9e4cfd2)

Only remove the child if the node is actually a child. ==51989==ERROR: AddressSanitizer: heap-use-after-free on address 0x511003b69210 at pc 0x5ce4b249275e bp 0x7fff43e1d430 sp 0x7fff43e1d428 READ of size 8 at 0x511003b69210 thread T0 #0 0x5ce4b249275d in TiXmlAttributeSet::First() /usr/include/tinyxml.h:915:50 xbmc#1 0x5ce4b2492098 in TiXmlElement::FirstAttribute() /usr/include/tinyxml.h:1087:61 xbmc#2 0x5ce4b2bb091e in CGUIIncludes::ResolveParametersForNode(TiXmlElement*, std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>>> const&) xbmc/guilib/GUIIncludes.cpp:586:37 xbmc#3 0x5ce4b2bae9bb in CGUIIncludes::ResolveIncludes(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:485:9 xbmc#4 0x5ce4b2ba8eaf in CGUIIncludes::Resolve(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:312:3 xbmc#5 0x5ce4b2ba8fce in CGUIIncludes::Resolve(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:318:5 xbmc#6 0x5ce4b3e808d3 in ADDON::CSkinInfo::ResolveIncludes(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/addons/Skin.cpp:307:14 xbmc#7 0x5ce4b2e00084 in CGUIWindow::Prepare(std::unique_ptr<TiXmlElement, std::default_delete<TiXmlElement>> const&) xbmc/guilib/GUIWindow.cpp:168:15 xbmc#8 0x5ce4b2dff45e in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:15 xbmc#9 0x5ce4b2dfd540 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14 xbmc#10 0x5ce4b2e1cac5 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7 xbmc#11 0x5ce4b2e14c77 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52 xbmc#12 0x5ce4b19ce9d2 in CGUIWindowHome::OnMessage(CGUIMessage&) xbmc/windows/GUIWindowHome.cpp:182:22 xbmc#13 0x5ce4b2e613a1 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15 xbmc#14 0x5ce4b2e5ce3c in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5 xbmc#15 0x5ce4b683ad63 in int (anonymous namespace)::ActivateWindow<true>(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/GUIBuiltins.cpp:109:52 xbmc#16 0x5ce4b6822865 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 xbmc#17 0x5ce4b34047ff in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 xbmc#18 0x5ce4b3400a16 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 xbmc#19 0x5ce4b34058a0 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp xbmc#20 0x5ce4b2e52261 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 xbmc#21 0x5ce4b2e7cc7f in CGUIWindowManager::DispatchThreadMessages() xbmc/guilib/GUIWindowManager.cpp:1572:7 xbmc#22 0x5ce4b3405bfa in CApplication::Process() xbmc/application/Application.cpp:3139:48 xbmc#23 0x5ce4b33ddc98 in CApplication::Run() xbmc/application/Application.cpp:1855:5 xbmc#24 0x5ce4b251b323 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 xbmc#25 0x5ce4af14af0f in main xbmc/platform/posix/main.cpp:70:16 xbmc#26 0x76d804243ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) xbmc#27 0x76d804243d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) xbmc#28 0x5ce4af010b94 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa317b94) (BuildId: 923aa634157be6adc50052366abd3ca0edfeffc0) 0x511003b69210 is located 208 bytes inside of 216-byte region [0x511003b69140,0x511003b69218) freed by thread T0 here: #0 0x5ce4af148d72 in operator delete(void*, unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44fd72) (BuildId: 923aa634157be6adc50052366abd3ca0edfeffc0) xbmc#1 0x76d80670ea48 in TiXmlNode::RemoveChild(TiXmlNode*) (/usr/lib/libtinyxml.so.0+0x8a48) (BuildId: 2f5d236264d4d695dbe432f41e1eb46c7bc2d5d4) xbmc#2 0x5ce4b2bae9a3 in CGUIIncludes::ResolveIncludes(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:482:9 xbmc#3 0x5ce4b2ba8eaf in CGUIIncludes::Resolve(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:312:3 xbmc#4 0x5ce4b2ba8fce in CGUIIncludes::Resolve(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:318:5 xbmc#5 0x5ce4b3e808d3 in ADDON::CSkinInfo::ResolveIncludes(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/addons/Skin.cpp:307:14 xbmc#6 0x5ce4b2e00084 in CGUIWindow::Prepare(std::unique_ptr<TiXmlElement, std::default_delete<TiXmlElement>> const&) xbmc/guilib/GUIWindow.cpp:168:15 xbmc#7 0x5ce4b2dff45e in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:15 xbmc#8 0x5ce4b2dfd540 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14 xbmc#9 0x5ce4b2e1cac5 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7 xbmc#10 0x5ce4b2e14c77 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52 xbmc#11 0x5ce4b19ce9d2 in CGUIWindowHome::OnMessage(CGUIMessage&) xbmc/windows/GUIWindowHome.cpp:182:22 xbmc#12 0x5ce4b2e613a1 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15 xbmc#13 0x5ce4b2e5ce3c in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5 xbmc#14 0x5ce4b683ad63 in int (anonymous namespace)::ActivateWindow<true>(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/GUIBuiltins.cpp:109:52 xbmc#15 0x5ce4b6822865 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 xbmc#16 0x5ce4b34047ff in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 xbmc#17 0x5ce4b3400a16 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 xbmc#18 0x5ce4b34058a0 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp xbmc#19 0x5ce4b2e52261 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 xbmc#20 0x5ce4b2e7cc7f in CGUIWindowManager::DispatchThreadMessages() xbmc/guilib/GUIWindowManager.cpp:1572:7 xbmc#21 0x5ce4b3405bfa in CApplication::Process() xbmc/application/Application.cpp:3139:48 xbmc#22 0x5ce4b33ddc98 in CApplication::Run() xbmc/application/Application.cpp:1855:5 xbmc#23 0x5ce4b251b323 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 xbmc#24 0x5ce4af14af0f in main xbmc/platform/posix/main.cpp:70:16 xbmc#25 0x76d804243ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) previously allocated by thread T0 here: #0 0x5ce4af147e12 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44ee12) (BuildId: 923aa634157be6adc50052366abd3ca0edfeffc0) xbmc#1 0x76d806711497 in TiXmlElement::Clone() const (/usr/lib/libtinyxml.so.0+0xb497) (BuildId: 2f5d236264d4d695dbe432f41e1eb46c7bc2d5d4) SUMMARY: AddressSanitizer: heap-use-after-free /usr/include/tinyxml.h:915:50 in TiXmlAttributeSet::First() Shadow bytes around the buggy address: 0x511003b68f80: 00 00 00 fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69100: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x511003b69180: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x511003b69200: fd fd[fd]fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69280: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69300: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69380: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69400: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69480: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==51989==ABORTING

See comment in code for information. ==30885==ERROR: AddressSanitizer: heap-use-after-free on address 0x51800050bbe8 at pc 0x56aa085d20db bp 0x7ffd92777f50 sp 0x7ffd92777f48 READ of size 1 at 0x51800050bbe8 thread T0 #0 0x56aa085d20da in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:86:9 xbmc#1 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40 xbmc#2 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27 xbmc#3 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28 xbmc#4 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29 xbmc#5 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 xbmc#6 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 xbmc#7 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 xbmc#8 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 xbmc#9 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 xbmc#10 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 xbmc#11 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 xbmc#12 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 xbmc#13 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 xbmc#14 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 xbmc#15 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 xbmc#16 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 xbmc#17 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 xbmc#18 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) xbmc#19 0x7517fb043d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) xbmc#20 0x56aa04d91c54 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa317c54) (BuildId: 7f84180dd757174de6de03b115843129667234d3) 0x51800050bbe8 is located 872 bytes inside of 880-byte region [0x51800050b880,0x51800050bbf0) freed by thread T0 here: #0 0x56aa04ec996a in operator delete(void*) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44f96a) (BuildId: 7f84180dd757174de6de03b115843129667234d3) xbmc#1 0x56aa08ae24d1 in CGUIStaticItem::~CGUIStaticItem() xbmc/guilib/GUIStaticItem.h:55:38 xbmc#2 0x56aa05922763 in std::_Sp_counted_ptr<CGUIStaticItem*, (__gnu_cxx::_Lock_policy)2>::_M_dispose() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:428:9 xbmc#3 0x56aa04ecd0bc in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:346:8 xbmc#4 0x56aa04eccca9 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1071:11 xbmc#5 0x56aa050d1c6c in std::__shared_ptr<CGUIListItem, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1524:31 xbmc#6 0x56aa050c6ee8 in std::shared_ptr<CGUIListItem>::~shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr.h:175:11 xbmc#7 0x56aa08465110 in void std::_Destroy<std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:151:19 xbmc#8 0x56aa0846505e in void std::_Destroy_aux<false>::__destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:163:6 xbmc#9 0x56aa08465024 in void std::_Destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:195:7 xbmc#10 0x56aa084a624b in void std::_Destroy<std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*, std::allocator<std::shared_ptr<CGUIListItem>>&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/alloc_traits.h:947:7 xbmc#11 0x56aa084a624b in std::vector<std::shared_ptr<CGUIListItem>, std::allocator<std::shared_ptr<CGUIListItem>>>::~vector() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_vector.h:732:2 xbmc#12 0x56aa086169e5 in CGUIBaseContainer::~CGUIBaseContainer() xbmc/guilib/GUIBaseContainer.cpp:117:1 xbmc#13 0x56aa08c4a148 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59 xbmc#14 0x56aa08c4a198 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59 xbmc#15 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 xbmc#16 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 xbmc#17 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 xbmc#18 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 xbmc#19 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 xbmc#20 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 xbmc#21 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 xbmc#22 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 xbmc#23 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 xbmc#24 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 xbmc#25 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 xbmc#26 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 xbmc#27 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 xbmc#28 0x56aa08b9f39d in CGUIWindow::ClearAll() xbmc/guilib/GUIWindow.cpp:816:21 xbmc#29 0x56aa08b9ed97 in CGUIWindow::FreeResources(bool) xbmc/guilib/GUIWindow.cpp:799:53 xbmc#30 0x56aa08bf8e34 in CGUIWindowManager::DeInitialize() xbmc/guilib/GUIWindowManager.cpp:1452:14 xbmc#31 0x56aa09264d22 in CApplicationSkinHandling::UnloadSkin() xbmc/application/ApplicationSkinHandling.cpp:235:29 xbmc#32 0x56aa0925e0fd in CApplicationSkinHandling::LoadSkin(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/application/ApplicationSkinHandling.cpp:111:3 xbmc#33 0x56aa0926a8e6 in CApplicationSkinHandling::ReloadSkin(bool) xbmc/application/ApplicationSkinHandling.cpp:390:7 xbmc#34 0x56aa0c635399 in ReloadSkin(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/SkinBuiltins.cpp:46:12 xbmc#35 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 xbmc#36 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 xbmc#37 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 xbmc#38 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp xbmc#39 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 xbmc#40 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52 xbmc#41 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40 xbmc#42 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27 xbmc#43 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28 xbmc#44 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29 xbmc#45 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 xbmc#46 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 xbmc#47 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 xbmc#48 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 xbmc#49 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 xbmc#50 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 xbmc#51 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 xbmc#52 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 xbmc#53 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 xbmc#54 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 xbmc#55 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 xbmc#56 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 xbmc#57 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 xbmc#58 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) previously allocated by thread T0 here: #0 0x56aa04ec8ed2 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44eed2) (BuildId: 7f84180dd757174de6de03b115843129667234d3) xbmc#1 0x56aa084b3183 in CStaticListProvider::CStaticListProvider(TiXmlElement const*, int) xbmc/guilib/listproviders/StaticProvider.cpp:28:33 xbmc#2 0x56aa0849c590 in std::__detail::_MakeUniq<CStaticListProvider>::__single_object std::make_unique<CStaticListProvider, TiXmlElement const*, int&>(TiXmlElement const*&&, int&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/unique_ptr.h:1070:34 xbmc#3 0x56aa0849bac7 in IListProvider::CreateSingle(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:34:12 xbmc#4 0x56aa0849b582 in IListProvider::Create(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:25:12 xbmc#5 0x56aa0864bbe8 in CGUIBaseContainer::LoadListProvider(TiXmlElement*, int, bool) xbmc/guilib/GUIBaseContainer.cpp:1282:20 xbmc#6 0x56aa0871b1c3 in CGUIControlFactory::Create(int, CRectGen<float> const&, TiXmlElement*, bool) xbmc/guilib/GUIControlFactory.cpp:1543:17 xbmc#7 0x56aa08b884c4 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:281:38 xbmc#8 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 xbmc#9 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 xbmc#10 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 xbmc#11 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 xbmc#12 0x56aa08b87cf6 in CGUIWindow::Load(TiXmlElement*) xbmc/guilib/GUIWindow.cpp:264:11 xbmc#13 0x56aa08b80657 in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:10 xbmc#14 0x56aa08b7e6c0 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14 xbmc#15 0x56aa08b9dc45 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7 xbmc#16 0x56aa08b95df7 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52 xbmc#17 0x56aa08be2521 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15 xbmc#18 0x56aa08bddfbc in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5 xbmc#19 0x56aa0c5b75f3 in int (anonymous namespace)::ActivateWindow<false>(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/GUIBuiltins.cpp:109:52 xbmc#20 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 xbmc#21 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 xbmc#22 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 xbmc#23 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp xbmc#24 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 xbmc#25 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52 xbmc#26 0x56aa0867f896 in CGUIButtonControl::OnClick() xbmc/guilib/GUIButtonControl.cpp:393:16 xbmc#27 0x56aa08677e86 in CGUIButtonControl::OnAction(CAction const&) xbmc/guilib/GUIButtonControl.cpp:212:5 xbmc#28 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 xbmc#29 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 xbmc#30 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 xbmc#31 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 xbmc#32 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 xbmc#33 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 xbmc#34 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 xbmc#35 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 xbmc#36 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 xbmc#37 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 xbmc#38 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 xbmc#39 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 xbmc#40 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 xbmc#41 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) SUMMARY: AddressSanitizer: heap-use-after-free xbmc/guilib/GUIAction.cpp:86:9 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const Shadow bytes around the buggy address: 0x51800050b900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050b980: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050ba00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050ba80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050bb00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x51800050bb80: fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fa fa 0x51800050bc00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x51800050bc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050bd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050bd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==30885==ABORTING

Only remove the child if the node is actually a child. ==51989==ERROR: AddressSanitizer: heap-use-after-free on address 0x511003b69210 at pc 0x5ce4b249275e bp 0x7fff43e1d430 sp 0x7fff43e1d428 READ of size 8 at 0x511003b69210 thread T0 #0 0x5ce4b249275d in TiXmlAttributeSet::First() /usr/include/tinyxml.h:915:50 xbmc#1 0x5ce4b2492098 in TiXmlElement::FirstAttribute() /usr/include/tinyxml.h:1087:61 xbmc#2 0x5ce4b2bb091e in CGUIIncludes::ResolveParametersForNode(TiXmlElement*, std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>>> const&) xbmc/guilib/GUIIncludes.cpp:586:37 xbmc#3 0x5ce4b2bae9bb in CGUIIncludes::ResolveIncludes(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:485:9 xbmc#4 0x5ce4b2ba8eaf in CGUIIncludes::Resolve(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:312:3 xbmc#5 0x5ce4b2ba8fce in CGUIIncludes::Resolve(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:318:5 xbmc#6 0x5ce4b3e808d3 in ADDON::CSkinInfo::ResolveIncludes(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/addons/Skin.cpp:307:14 xbmc#7 0x5ce4b2e00084 in CGUIWindow::Prepare(std::unique_ptr<TiXmlElement, std::default_delete<TiXmlElement>> const&) xbmc/guilib/GUIWindow.cpp:168:15 xbmc#8 0x5ce4b2dff45e in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:15 xbmc#9 0x5ce4b2dfd540 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14 xbmc#10 0x5ce4b2e1cac5 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7 xbmc#11 0x5ce4b2e14c77 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52 xbmc#12 0x5ce4b19ce9d2 in CGUIWindowHome::OnMessage(CGUIMessage&) xbmc/windows/GUIWindowHome.cpp:182:22 xbmc#13 0x5ce4b2e613a1 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15 xbmc#14 0x5ce4b2e5ce3c in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5 xbmc#15 0x5ce4b683ad63 in int (anonymous namespace)::ActivateWindow<true>(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/GUIBuiltins.cpp:109:52 xbmc#16 0x5ce4b6822865 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 xbmc#17 0x5ce4b34047ff in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 xbmc#18 0x5ce4b3400a16 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 xbmc#19 0x5ce4b34058a0 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp xbmc#20 0x5ce4b2e52261 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 xbmc#21 0x5ce4b2e7cc7f in CGUIWindowManager::DispatchThreadMessages() xbmc/guilib/GUIWindowManager.cpp:1572:7 xbmc#22 0x5ce4b3405bfa in CApplication::Process() xbmc/application/Application.cpp:3139:48 xbmc#23 0x5ce4b33ddc98 in CApplication::Run() xbmc/application/Application.cpp:1855:5 xbmc#24 0x5ce4b251b323 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 xbmc#25 0x5ce4af14af0f in main xbmc/platform/posix/main.cpp:70:16 xbmc#26 0x76d804243ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) xbmc#27 0x76d804243d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) xbmc#28 0x5ce4af010b94 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa317b94) (BuildId: 923aa634157be6adc50052366abd3ca0edfeffc0) 0x511003b69210 is located 208 bytes inside of 216-byte region [0x511003b69140,0x511003b69218) freed by thread T0 here: #0 0x5ce4af148d72 in operator delete(void*, unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44fd72) (BuildId: 923aa634157be6adc50052366abd3ca0edfeffc0) xbmc#1 0x76d80670ea48 in TiXmlNode::RemoveChild(TiXmlNode*) (/usr/lib/libtinyxml.so.0+0x8a48) (BuildId: 2f5d236264d4d695dbe432f41e1eb46c7bc2d5d4) xbmc#2 0x5ce4b2bae9a3 in CGUIIncludes::ResolveIncludes(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:482:9 xbmc#3 0x5ce4b2ba8eaf in CGUIIncludes::Resolve(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:312:3 xbmc#4 0x5ce4b2ba8fce in CGUIIncludes::Resolve(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:318:5 xbmc#5 0x5ce4b3e808d3 in ADDON::CSkinInfo::ResolveIncludes(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/addons/Skin.cpp:307:14 xbmc#6 0x5ce4b2e00084 in CGUIWindow::Prepare(std::unique_ptr<TiXmlElement, std::default_delete<TiXmlElement>> const&) xbmc/guilib/GUIWindow.cpp:168:15 xbmc#7 0x5ce4b2dff45e in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:15 xbmc#8 0x5ce4b2dfd540 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14 xbmc#9 0x5ce4b2e1cac5 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7 xbmc#10 0x5ce4b2e14c77 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52 xbmc#11 0x5ce4b19ce9d2 in CGUIWindowHome::OnMessage(CGUIMessage&) xbmc/windows/GUIWindowHome.cpp:182:22 xbmc#12 0x5ce4b2e613a1 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15 xbmc#13 0x5ce4b2e5ce3c in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5 xbmc#14 0x5ce4b683ad63 in int (anonymous namespace)::ActivateWindow<true>(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/GUIBuiltins.cpp:109:52 xbmc#15 0x5ce4b6822865 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 xbmc#16 0x5ce4b34047ff in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 xbmc#17 0x5ce4b3400a16 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 xbmc#18 0x5ce4b34058a0 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp xbmc#19 0x5ce4b2e52261 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 xbmc#20 0x5ce4b2e7cc7f in CGUIWindowManager::DispatchThreadMessages() xbmc/guilib/GUIWindowManager.cpp:1572:7 xbmc#21 0x5ce4b3405bfa in CApplication::Process() xbmc/application/Application.cpp:3139:48 xbmc#22 0x5ce4b33ddc98 in CApplication::Run() xbmc/application/Application.cpp:1855:5 xbmc#23 0x5ce4b251b323 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 xbmc#24 0x5ce4af14af0f in main xbmc/platform/posix/main.cpp:70:16 xbmc#25 0x76d804243ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) previously allocated by thread T0 here: #0 0x5ce4af147e12 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44ee12) (BuildId: 923aa634157be6adc50052366abd3ca0edfeffc0) xbmc#1 0x76d806711497 in TiXmlElement::Clone() const (/usr/lib/libtinyxml.so.0+0xb497) (BuildId: 2f5d236264d4d695dbe432f41e1eb46c7bc2d5d4) SUMMARY: AddressSanitizer: heap-use-after-free /usr/include/tinyxml.h:915:50 in TiXmlAttributeSet::First() Shadow bytes around the buggy address: 0x511003b68f80: 00 00 00 fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69100: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x511003b69180: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x511003b69200: fd fd[fd]fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69280: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69300: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69380: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69400: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69480: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==51989==ABORTING

See comment in code for information. ==30885==ERROR: AddressSanitizer: heap-use-after-free on address 0x51800050bbe8 at pc 0x56aa085d20db bp 0x7ffd92777f50 sp 0x7ffd92777f48 READ of size 1 at 0x51800050bbe8 thread T0 #0 0x56aa085d20da in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:86:9 xbmc#1 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40 xbmc#2 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27 xbmc#3 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28 xbmc#4 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29 xbmc#5 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 xbmc#6 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 xbmc#7 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 xbmc#8 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 xbmc#9 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 xbmc#10 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 xbmc#11 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 xbmc#12 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 xbmc#13 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 xbmc#14 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 xbmc#15 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 xbmc#16 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 xbmc#17 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 xbmc#18 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) xbmc#19 0x7517fb043d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) xbmc#20 0x56aa04d91c54 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa317c54) (BuildId: 7f84180dd757174de6de03b115843129667234d3) 0x51800050bbe8 is located 872 bytes inside of 880-byte region [0x51800050b880,0x51800050bbf0) freed by thread T0 here: #0 0x56aa04ec996a in operator delete(void*) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44f96a) (BuildId: 7f84180dd757174de6de03b115843129667234d3) xbmc#1 0x56aa08ae24d1 in CGUIStaticItem::~CGUIStaticItem() xbmc/guilib/GUIStaticItem.h:55:38 xbmc#2 0x56aa05922763 in std::_Sp_counted_ptr<CGUIStaticItem*, (__gnu_cxx::_Lock_policy)2>::_M_dispose() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:428:9 xbmc#3 0x56aa04ecd0bc in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:346:8 xbmc#4 0x56aa04eccca9 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1071:11 xbmc#5 0x56aa050d1c6c in std::__shared_ptr<CGUIListItem, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1524:31 xbmc#6 0x56aa050c6ee8 in std::shared_ptr<CGUIListItem>::~shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr.h:175:11 xbmc#7 0x56aa08465110 in void std::_Destroy<std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:151:19 xbmc#8 0x56aa0846505e in void std::_Destroy_aux<false>::__destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:163:6 xbmc#9 0x56aa08465024 in void std::_Destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:195:7 xbmc#10 0x56aa084a624b in void std::_Destroy<std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*, std::allocator<std::shared_ptr<CGUIListItem>>&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/alloc_traits.h:947:7 xbmc#11 0x56aa084a624b in std::vector<std::shared_ptr<CGUIListItem>, std::allocator<std::shared_ptr<CGUIListItem>>>::~vector() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_vector.h:732:2 xbmc#12 0x56aa086169e5 in CGUIBaseContainer::~CGUIBaseContainer() xbmc/guilib/GUIBaseContainer.cpp:117:1 xbmc#13 0x56aa08c4a148 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59 xbmc#14 0x56aa08c4a198 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59 xbmc#15 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 xbmc#16 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 xbmc#17 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 xbmc#18 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 xbmc#19 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 xbmc#20 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 xbmc#21 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 xbmc#22 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 xbmc#23 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 xbmc#24 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 xbmc#25 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 xbmc#26 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 xbmc#27 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 xbmc#28 0x56aa08b9f39d in CGUIWindow::ClearAll() xbmc/guilib/GUIWindow.cpp:816:21 xbmc#29 0x56aa08b9ed97 in CGUIWindow::FreeResources(bool) xbmc/guilib/GUIWindow.cpp:799:53 xbmc#30 0x56aa08bf8e34 in CGUIWindowManager::DeInitialize() xbmc/guilib/GUIWindowManager.cpp:1452:14 xbmc#31 0x56aa09264d22 in CApplicationSkinHandling::UnloadSkin() xbmc/application/ApplicationSkinHandling.cpp:235:29 xbmc#32 0x56aa0925e0fd in CApplicationSkinHandling::LoadSkin(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/application/ApplicationSkinHandling.cpp:111:3 xbmc#33 0x56aa0926a8e6 in CApplicationSkinHandling::ReloadSkin(bool) xbmc/application/ApplicationSkinHandling.cpp:390:7 xbmc#34 0x56aa0c635399 in ReloadSkin(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/SkinBuiltins.cpp:46:12 xbmc#35 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 xbmc#36 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 xbmc#37 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 xbmc#38 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp xbmc#39 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 xbmc#40 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52 xbmc#41 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40 xbmc#42 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27 xbmc#43 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28 xbmc#44 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29 xbmc#45 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 xbmc#46 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 xbmc#47 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 xbmc#48 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 xbmc#49 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 xbmc#50 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 xbmc#51 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 xbmc#52 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 xbmc#53 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 xbmc#54 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 xbmc#55 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 xbmc#56 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 xbmc#57 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 xbmc#58 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) previously allocated by thread T0 here: #0 0x56aa04ec8ed2 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44eed2) (BuildId: 7f84180dd757174de6de03b115843129667234d3) xbmc#1 0x56aa084b3183 in CStaticListProvider::CStaticListProvider(TiXmlElement const*, int) xbmc/guilib/listproviders/StaticProvider.cpp:28:33 xbmc#2 0x56aa0849c590 in std::__detail::_MakeUniq<CStaticListProvider>::__single_object std::make_unique<CStaticListProvider, TiXmlElement const*, int&>(TiXmlElement const*&&, int&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/unique_ptr.h:1070:34 xbmc#3 0x56aa0849bac7 in IListProvider::CreateSingle(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:34:12 xbmc#4 0x56aa0849b582 in IListProvider::Create(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:25:12 xbmc#5 0x56aa0864bbe8 in CGUIBaseContainer::LoadListProvider(TiXmlElement*, int, bool) xbmc/guilib/GUIBaseContainer.cpp:1282:20 xbmc#6 0x56aa0871b1c3 in CGUIControlFactory::Create(int, CRectGen<float> const&, TiXmlElement*, bool) xbmc/guilib/GUIControlFactory.cpp:1543:17 xbmc#7 0x56aa08b884c4 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:281:38 xbmc#8 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 xbmc#9 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 xbmc#10 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 xbmc#11 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 xbmc#12 0x56aa08b87cf6 in CGUIWindow::Load(TiXmlElement*) xbmc/guilib/GUIWindow.cpp:264:11 xbmc#13 0x56aa08b80657 in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:10 xbmc#14 0x56aa08b7e6c0 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14 xbmc#15 0x56aa08b9dc45 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7 xbmc#16 0x56aa08b95df7 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52 xbmc#17 0x56aa08be2521 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15 xbmc#18 0x56aa08bddfbc in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5 xbmc#19 0x56aa0c5b75f3 in int (anonymous namespace)::ActivateWindow<false>(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/GUIBuiltins.cpp:109:52 xbmc#20 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 xbmc#21 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 xbmc#22 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 xbmc#23 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp xbmc#24 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 xbmc#25 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52 xbmc#26 0x56aa0867f896 in CGUIButtonControl::OnClick() xbmc/guilib/GUIButtonControl.cpp:393:16 xbmc#27 0x56aa08677e86 in CGUIButtonControl::OnAction(CAction const&) xbmc/guilib/GUIButtonControl.cpp:212:5 xbmc#28 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 xbmc#29 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 xbmc#30 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 xbmc#31 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 xbmc#32 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 xbmc#33 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 xbmc#34 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 xbmc#35 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 xbmc#36 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 xbmc#37 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 xbmc#38 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 xbmc#39 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 xbmc#40 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 xbmc#41 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) SUMMARY: AddressSanitizer: heap-use-after-free xbmc/guilib/GUIAction.cpp:86:9 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const Shadow bytes around the buggy address: 0x51800050b900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050b980: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050ba00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050ba80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050bb00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x51800050bb80: fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fa fa 0x51800050bc00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x51800050bc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050bd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050bd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==30885==ABORTING

When using a skin that doesn't provide a CGUIEditControl, GUIDialogSettingsBase creates its own. When switching to a skin that does provide one, it loads it from the skin, overwrites the pointer to its own edit control (memory leak!) but still thinks it owns the control because m_newOriginalEdit is true. In DeleteControls() it then deletes the edit control that it doesn't own. Cleaning up and resetting the flag in FreeControls() solves the problem. ASAN error: ==29999==ERROR: AddressSanitizer: heap-use-after-free on address 0x51d0015bd080 at pc 0x5dcd1a23e410 bp 0x7ffe96645b50 sp 0x7ffe96645b48 READ of size 8 at 0x51d0015bd080 thread T0 #0 0x5dcd1a23e40f in CGUIDialogSettingsBase::DeleteControls() xbmc/settings/dialogs/GUIDialogSettingsBase.cpp:476:5 xbmc#1 0x5dcd1a22b1c0 in CGUIDialogSettingsBase::~CGUIDialogSettingsBase() xbmc/settings/dialogs/GUIDialogSettingsBase.cpp:77:3 xbmc#2 0x5dcd1a27e8a8 in CGUIDialogSettingsManagerBase::~CGUIDialogSettingsManagerBase() xbmc/settings/dialogs/GUIDialogSettingsManagerBase.cpp:19:63 xbmc#3 0x5dcd19fee328 in CGUIWindowSettingsCategory::~CGUIWindowSettingsCategory() xbmc/settings/windows/GUIWindowSettingsCategory.cpp:66:57 xbmc#4 0x5dcd19fee438 in CGUIWindowSettingsCategory::~CGUIWindowSettingsCategory() xbmc/settings/windows/GUIWindowSettingsCategory.cpp:66:57 xbmc#5 0x5dcd1899e2ea in CGUIWindowManager::DestroyWindow(int) xbmc/guilib/GUIWindowManager.cpp:489:5 xbmc#6 0x5dcd1899d5bd in CGUIWindowManager::DestroyWindows() xbmc/guilib/GUIWindowManager.cpp:459:5 xbmc#7 0x5dcd18f2e94e in CApplication::Cleanup() xbmc/application/Application.cpp:1917:34 xbmc#8 0x5dcd18f2d405 in CApplication::Run() xbmc/application/Application.cpp:1876:3 xbmc#9 0x5dcd1806a143 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 xbmc#10 0x5dcd14c97b2f in main xbmc/platform/posix/main.cpp:70:16 xbmc#11 0x7fb259c43ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) xbmc#12 0x7fb259c43d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) xbmc#13 0x5dcd14b5d7b4 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa3197b4) (BuildId: e4bf2336bbd9ba3ae66ffab4d8a0bca77c50c089) 0x51d0015bd080 is located 0 bytes inside of 2096-byte region [0x51d0015bd080,0x51d0015bd8b0) freed by thread T0 here: #0 0x5dcd14c954ca in operator delete(void*) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa4514ca) (BuildId: e4bf2336bbd9ba3ae66ffab4d8a0bca77c50c089) xbmc#1 0x5dcd18582f01 in CGUIEditControl::~CGUIEditControl() xbmc/guilib/GUIEditControl.cpp:106:39 xbmc#2 0x5dcd18526695 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 xbmc#3 0x5dcd1896d04d in CGUIWindow::ClearAll() xbmc/guilib/GUIWindow.cpp:816:21 xbmc#4 0x5dcd1896ca47 in CGUIWindow::FreeResources(bool) xbmc/guilib/GUIWindow.cpp:799:53 xbmc#5 0x5dcd189c6ae4 in CGUIWindowManager::DeInitialize() xbmc/guilib/GUIWindowManager.cpp:1452:14 xbmc#6 0x5dcd190329d2 in CApplicationSkinHandling::UnloadSkin() xbmc/application/ApplicationSkinHandling.cpp:235:29 xbmc#7 0x5dcd18f2dd81 in CApplication::Cleanup() xbmc/application/Application.cpp:1895:47 xbmc#8 0x5dcd18f2d405 in CApplication::Run() xbmc/application/Application.cpp:1876:3 xbmc#9 0x5dcd1806a143 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 xbmc#10 0x5dcd14c97b2f in main xbmc/platform/posix/main.cpp:70:16 xbmc#11 0x7fb259c43ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) previously allocated by thread T0 here: #0 0x5dcd14c94a32 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa450a32) (BuildId: e4bf2336bbd9ba3ae66ffab4d8a0bca77c50c089) xbmc#1 0x5dcd184dd051 in CGUIControlFactory::Create(int, CRectGen<float> const&, TiXmlElement*, bool) xbmc/guilib/GUIControlFactory.cpp:1298:17 xbmc#2 0x5dcd18956174 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:281:38 xbmc#3 0x5dcd189559a6 in CGUIWindow::Load(TiXmlElement*) xbmc/guilib/GUIWindow.cpp:264:11 xbmc#4 0x5dcd18578d5a in CGUIDialog::Load(TiXmlElement*) xbmc/guilib/GUIDialog.cpp:39:22 xbmc#5 0x5dcd1894e307 in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:10 xbmc#6 0x5dcd1894c370 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14 xbmc#7 0x5dcd1896b8f5 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7 xbmc#8 0x5dcd18963aa7 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52 xbmc#9 0x5dcd1857a996 in CGUIDialog::OnMessage(CGUIMessage&) xbmc/guilib/GUIDialog.cpp:93:19 xbmc#10 0x5dcd1a2332c2 in CGUIDialogSettingsBase::OnMessage(CGUIMessage&) xbmc/settings/dialogs/GUIDialogSettingsBase.cpp:264:22 xbmc#11 0x5dcd19feeab3 in CGUIWindowSettingsCategory::OnMessage(CGUIMessage&) xbmc/settings/windows/GUIWindowSettingsCategory.cpp:75:38 xbmc#12 0x5dcd189b01d1 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15 xbmc#13 0x5dcd189abc6c in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5 xbmc#14 0x5dcd189a9ac5 in CGUIWindowManager::ActivateWindow(int, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindowManager.cpp:779:3 xbmc#15 0x5dcd19030b15 in CApplicationSkinHandling::LoadSkin(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/application/ApplicationSkinHandling.cpp:186:50 xbmc#16 0x5dcd19038596 in CApplicationSkinHandling::ReloadSkin(bool) xbmc/application/ApplicationSkinHandling.cpp:390:7 xbmc#17 0x5dcd1c404429 in ReloadSkin(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/SkinBuiltins.cpp:46:12 xbmc#18 0x5dcd1c372a75 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 xbmc#19 0x5dcd18f1bf6a in CApplication::OnApplicationMessage(KODI::MESSAGING::ThreadMessage*) xbmc/application/Application.cpp:1577:30 xbmc#20 0x5dcd18f27390 in non-virtual thunk to CApplication::OnApplicationMessage(KODI::MESSAGING::ThreadMessage*) xbmc/application/Application.cpp xbmc#21 0x5dcd181b400d in KODI::MESSAGING::CApplicationMessenger::ProcessMessage(KODI::MESSAGING::ThreadMessage*) xbmc/messaging/ApplicationMessenger.cpp:244:17 xbmc#22 0x5dcd181b6325 in KODI::MESSAGING::CApplicationMessenger::ProcessMessages() xbmc/messaging/ApplicationMessenger.cpp:217:5 xbmc#23 0x5dcd18f5501a in CApplication::Process() xbmc/application/Application.cpp:3156:38 xbmc#24 0x5dcd18f2cac8 in CApplication::Run() xbmc/application/Application.cpp:1855:5 xbmc#25 0x5dcd1806a143 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 xbmc#26 0x5dcd14c97b2f in main xbmc/platform/posix/main.cpp:70:16 xbmc#27 0x7fb259c43ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) SUMMARY: AddressSanitizer: heap-use-after-free xbmc/settings/dialogs/GUIDialogSettingsBase.cpp:476:5 in CGUIDialogSettingsBase::DeleteControls() Shadow bytes around the buggy address: 0x51d0015bce00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x51d0015bce80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x51d0015bcf00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x51d0015bcf80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x51d0015bd000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x51d0015bd080:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51d0015bd100: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51d0015bd180: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51d0015bd200: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51d0015bd280: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51d0015bd300: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==29999==ABORTING Clean-up and resetting the flag in FreeControls() solves the issue.

When using a skin that doesn't provide a CGUIEditControl, GUIDialogSettingsBase creates its own. When switching to a skin that does provide one, it loads it from the skin, overwrites the pointer to its own edit control (memory leak!) but still thinks it owns the control because m_newOriginalEdit is true. In DeleteControls() it then deletes the edit control that it doesn't own. Cleaning up and resetting the flag in FreeControls() solves the problem. ASAN error: ==29999==ERROR: AddressSanitizer: heap-use-after-free on address 0x51d0015bd080 at pc 0x5dcd1a23e410 bp 0x7ffe96645b50 sp 0x7ffe96645b48 READ of size 8 at 0x51d0015bd080 thread T0 #0 0x5dcd1a23e40f in CGUIDialogSettingsBase::DeleteControls() xbmc/settings/dialogs/GUIDialogSettingsBase.cpp:476:5 xbmc#1 0x5dcd1a22b1c0 in CGUIDialogSettingsBase::~CGUIDialogSettingsBase() xbmc/settings/dialogs/GUIDialogSettingsBase.cpp:77:3 xbmc#2 0x5dcd1a27e8a8 in CGUIDialogSettingsManagerBase::~CGUIDialogSettingsManagerBase() xbmc/settings/dialogs/GUIDialogSettingsManagerBase.cpp:19:63 xbmc#3 0x5dcd19fee328 in CGUIWindowSettingsCategory::~CGUIWindowSettingsCategory() xbmc/settings/windows/GUIWindowSettingsCategory.cpp:66:57 xbmc#4 0x5dcd19fee438 in CGUIWindowSettingsCategory::~CGUIWindowSettingsCategory() xbmc/settings/windows/GUIWindowSettingsCategory.cpp:66:57 xbmc#5 0x5dcd1899e2ea in CGUIWindowManager::DestroyWindow(int) xbmc/guilib/GUIWindowManager.cpp:489:5 xbmc#6 0x5dcd1899d5bd in CGUIWindowManager::DestroyWindows() xbmc/guilib/GUIWindowManager.cpp:459:5 xbmc#7 0x5dcd18f2e94e in CApplication::Cleanup() xbmc/application/Application.cpp:1917:34 xbmc#8 0x5dcd18f2d405 in CApplication::Run() xbmc/application/Application.cpp:1876:3 xbmc#9 0x5dcd1806a143 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 xbmc#10 0x5dcd14c97b2f in main xbmc/platform/posix/main.cpp:70:16 xbmc#11 0x7fb259c43ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) xbmc#12 0x7fb259c43d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) xbmc#13 0x5dcd14b5d7b4 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa3197b4) (BuildId: e4bf2336bbd9ba3ae66ffab4d8a0bca77c50c089) 0x51d0015bd080 is located 0 bytes inside of 2096-byte region [0x51d0015bd080,0x51d0015bd8b0) freed by thread T0 here: #0 0x5dcd14c954ca in operator delete(void*) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa4514ca) (BuildId: e4bf2336bbd9ba3ae66ffab4d8a0bca77c50c089) xbmc#1 0x5dcd18582f01 in CGUIEditControl::~CGUIEditControl() xbmc/guilib/GUIEditControl.cpp:106:39 xbmc#2 0x5dcd18526695 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 xbmc#3 0x5dcd1896d04d in CGUIWindow::ClearAll() xbmc/guilib/GUIWindow.cpp:816:21 xbmc#4 0x5dcd1896ca47 in CGUIWindow::FreeResources(bool) xbmc/guilib/GUIWindow.cpp:799:53 xbmc#5 0x5dcd189c6ae4 in CGUIWindowManager::DeInitialize() xbmc/guilib/GUIWindowManager.cpp:1452:14 xbmc#6 0x5dcd190329d2 in CApplicationSkinHandling::UnloadSkin() xbmc/application/ApplicationSkinHandling.cpp:235:29 xbmc#7 0x5dcd18f2dd81 in CApplication::Cleanup() xbmc/application/Application.cpp:1895:47 xbmc#8 0x5dcd18f2d405 in CApplication::Run() xbmc/application/Application.cpp:1876:3 xbmc#9 0x5dcd1806a143 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 xbmc#10 0x5dcd14c97b2f in main xbmc/platform/posix/main.cpp:70:16 xbmc#11 0x7fb259c43ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) previously allocated by thread T0 here: #0 0x5dcd14c94a32 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa450a32) (BuildId: e4bf2336bbd9ba3ae66ffab4d8a0bca77c50c089) xbmc#1 0x5dcd184dd051 in CGUIControlFactory::Create(int, CRectGen<float> const&, TiXmlElement*, bool) xbmc/guilib/GUIControlFactory.cpp:1298:17 xbmc#2 0x5dcd18956174 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:281:38 xbmc#3 0x5dcd189559a6 in CGUIWindow::Load(TiXmlElement*) xbmc/guilib/GUIWindow.cpp:264:11 xbmc#4 0x5dcd18578d5a in CGUIDialog::Load(TiXmlElement*) xbmc/guilib/GUIDialog.cpp:39:22 xbmc#5 0x5dcd1894e307 in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:10 xbmc#6 0x5dcd1894c370 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14 xbmc#7 0x5dcd1896b8f5 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7 xbmc#8 0x5dcd18963aa7 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52 xbmc#9 0x5dcd1857a996 in CGUIDialog::OnMessage(CGUIMessage&) xbmc/guilib/GUIDialog.cpp:93:19 xbmc#10 0x5dcd1a2332c2 in CGUIDialogSettingsBase::OnMessage(CGUIMessage&) xbmc/settings/dialogs/GUIDialogSettingsBase.cpp:264:22 xbmc#11 0x5dcd19feeab3 in CGUIWindowSettingsCategory::OnMessage(CGUIMessage&) xbmc/settings/windows/GUIWindowSettingsCategory.cpp:75:38 xbmc#12 0x5dcd189b01d1 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15 xbmc#13 0x5dcd189abc6c in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5 xbmc#14 0x5dcd189a9ac5 in CGUIWindowManager::ActivateWindow(int, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindowManager.cpp:779:3 xbmc#15 0x5dcd19030b15 in CApplicationSkinHandling::LoadSkin(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/application/ApplicationSkinHandling.cpp:186:50 xbmc#16 0x5dcd19038596 in CApplicationSkinHandling::ReloadSkin(bool) xbmc/application/ApplicationSkinHandling.cpp:390:7 xbmc#17 0x5dcd1c404429 in ReloadSkin(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/SkinBuiltins.cpp:46:12 xbmc#18 0x5dcd1c372a75 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 xbmc#19 0x5dcd18f1bf6a in CApplication::OnApplicationMessage(KODI::MESSAGING::ThreadMessage*) xbmc/application/Application.cpp:1577:30 xbmc#20 0x5dcd18f27390 in non-virtual thunk to CApplication::OnApplicationMessage(KODI::MESSAGING::ThreadMessage*) xbmc/application/Application.cpp xbmc#21 0x5dcd181b400d in KODI::MESSAGING::CApplicationMessenger::ProcessMessage(KODI::MESSAGING::ThreadMessage*) xbmc/messaging/ApplicationMessenger.cpp:244:17 xbmc#22 0x5dcd181b6325 in KODI::MESSAGING::CApplicationMessenger::ProcessMessages() xbmc/messaging/ApplicationMessenger.cpp:217:5 xbmc#23 0x5dcd18f5501a in CApplication::Process() xbmc/application/Application.cpp:3156:38 xbmc#24 0x5dcd18f2cac8 in CApplication::Run() xbmc/application/Application.cpp:1855:5 xbmc#25 0x5dcd1806a143 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 xbmc#26 0x5dcd14c97b2f in main xbmc/platform/posix/main.cpp:70:16 xbmc#27 0x7fb259c43ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) SUMMARY: AddressSanitizer: heap-use-after-free xbmc/settings/dialogs/GUIDialogSettingsBase.cpp:476:5 in CGUIDialogSettingsBase::DeleteControls() Shadow bytes around the buggy address: 0x51d0015bce00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x51d0015bce80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x51d0015bcf00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x51d0015bcf80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x51d0015bd000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x51d0015bd080:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51d0015bd100: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51d0015bd180: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51d0015bd200: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51d0015bd280: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51d0015bd300: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==29999==ABORTING

When using a skin that doesn't provide a CGUIEditControl, GUIDialogSettingsBase creates its own. When switching to a skin that does provide one, it loads it from the skin, overwrites the pointer to its own edit control (memory leak!) but still thinks it owns the control because m_newOriginalEdit is true. In DeleteControls() it then deletes the edit control that it doesn't own. Cleaning up and resetting the flag in FreeControls() solves the problem. ASAN error: ==29999==ERROR: AddressSanitizer: heap-use-after-free on address 0x51d0015bd080 at pc 0x5dcd1a23e410 bp 0x7ffe96645b50 sp 0x7ffe96645b48 READ of size 8 at 0x51d0015bd080 thread T0 #0 0x5dcd1a23e40f in CGUIDialogSettingsBase::DeleteControls() xbmc/settings/dialogs/GUIDialogSettingsBase.cpp:476:5 xbmc#1 0x5dcd1a22b1c0 in CGUIDialogSettingsBase::~CGUIDialogSettingsBase() xbmc/settings/dialogs/GUIDialogSettingsBase.cpp:77:3 xbmc#2 0x5dcd1a27e8a8 in CGUIDialogSettingsManagerBase::~CGUIDialogSettingsManagerBase() xbmc/settings/dialogs/GUIDialogSettingsManagerBase.cpp:19:63 xbmc#3 0x5dcd19fee328 in CGUIWindowSettingsCategory::~CGUIWindowSettingsCategory() xbmc/settings/windows/GUIWindowSettingsCategory.cpp:66:57 xbmc#4 0x5dcd19fee438 in CGUIWindowSettingsCategory::~CGUIWindowSettingsCategory() xbmc/settings/windows/GUIWindowSettingsCategory.cpp:66:57 xbmc#5 0x5dcd1899e2ea in CGUIWindowManager::DestroyWindow(int) xbmc/guilib/GUIWindowManager.cpp:489:5 xbmc#6 0x5dcd1899d5bd in CGUIWindowManager::DestroyWindows() xbmc/guilib/GUIWindowManager.cpp:459:5 xbmc#7 0x5dcd18f2e94e in CApplication::Cleanup() xbmc/application/Application.cpp:1917:34 xbmc#8 0x5dcd18f2d405 in CApplication::Run() xbmc/application/Application.cpp:1876:3 xbmc#9 0x5dcd1806a143 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 xbmc#10 0x5dcd14c97b2f in main xbmc/platform/posix/main.cpp:70:16 xbmc#11 0x7fb259c43ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) xbmc#12 0x7fb259c43d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) xbmc#13 0x5dcd14b5d7b4 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa3197b4) (BuildId: e4bf2336bbd9ba3ae66ffab4d8a0bca77c50c089) 0x51d0015bd080 is located 0 bytes inside of 2096-byte region [0x51d0015bd080,0x51d0015bd8b0) freed by thread T0 here: #0 0x5dcd14c954ca in operator delete(void*) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa4514ca) (BuildId: e4bf2336bbd9ba3ae66ffab4d8a0bca77c50c089) xbmc#1 0x5dcd18582f01 in CGUIEditControl::~CGUIEditControl() xbmc/guilib/GUIEditControl.cpp:106:39 xbmc#2 0x5dcd18526695 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 xbmc#3 0x5dcd1896d04d in CGUIWindow::ClearAll() xbmc/guilib/GUIWindow.cpp:816:21 xbmc#4 0x5dcd1896ca47 in CGUIWindow::FreeResources(bool) xbmc/guilib/GUIWindow.cpp:799:53 xbmc#5 0x5dcd189c6ae4 in CGUIWindowManager::DeInitialize() xbmc/guilib/GUIWindowManager.cpp:1452:14 xbmc#6 0x5dcd190329d2 in CApplicationSkinHandling::UnloadSkin() xbmc/application/ApplicationSkinHandling.cpp:235:29 xbmc#7 0x5dcd18f2dd81 in CApplication::Cleanup() xbmc/application/Application.cpp:1895:47 xbmc#8 0x5dcd18f2d405 in CApplication::Run() xbmc/application/Application.cpp:1876:3 xbmc#9 0x5dcd1806a143 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 xbmc#10 0x5dcd14c97b2f in main xbmc/platform/posix/main.cpp:70:16 xbmc#11 0x7fb259c43ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) previously allocated by thread T0 here: #0 0x5dcd14c94a32 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa450a32) (BuildId: e4bf2336bbd9ba3ae66ffab4d8a0bca77c50c089) xbmc#1 0x5dcd184dd051 in CGUIControlFactory::Create(int, CRectGen<float> const&, TiXmlElement*, bool) xbmc/guilib/GUIControlFactory.cpp:1298:17 xbmc#2 0x5dcd18956174 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:281:38 xbmc#3 0x5dcd189559a6 in CGUIWindow::Load(TiXmlElement*) xbmc/guilib/GUIWindow.cpp:264:11 xbmc#4 0x5dcd18578d5a in CGUIDialog::Load(TiXmlElement*) xbmc/guilib/GUIDialog.cpp:39:22 xbmc#5 0x5dcd1894e307 in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:10 xbmc#6 0x5dcd1894c370 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14 xbmc#7 0x5dcd1896b8f5 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7 xbmc#8 0x5dcd18963aa7 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52 xbmc#9 0x5dcd1857a996 in CGUIDialog::OnMessage(CGUIMessage&) xbmc/guilib/GUIDialog.cpp:93:19 xbmc#10 0x5dcd1a2332c2 in CGUIDialogSettingsBase::OnMessage(CGUIMessage&) xbmc/settings/dialogs/GUIDialogSettingsBase.cpp:264:22 xbmc#11 0x5dcd19feeab3 in CGUIWindowSettingsCategory::OnMessage(CGUIMessage&) xbmc/settings/windows/GUIWindowSettingsCategory.cpp:75:38 xbmc#12 0x5dcd189b01d1 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15 xbmc#13 0x5dcd189abc6c in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5 xbmc#14 0x5dcd189a9ac5 in CGUIWindowManager::ActivateWindow(int, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindowManager.cpp:779:3 xbmc#15 0x5dcd19030b15 in CApplicationSkinHandling::LoadSkin(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/application/ApplicationSkinHandling.cpp:186:50 xbmc#16 0x5dcd19038596 in CApplicationSkinHandling::ReloadSkin(bool) xbmc/application/ApplicationSkinHandling.cpp:390:7 xbmc#17 0x5dcd1c404429 in ReloadSkin(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/SkinBuiltins.cpp:46:12 xbmc#18 0x5dcd1c372a75 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 xbmc#19 0x5dcd18f1bf6a in CApplication::OnApplicationMessage(KODI::MESSAGING::ThreadMessage*) xbmc/application/Application.cpp:1577:30 xbmc#20 0x5dcd18f27390 in non-virtual thunk to CApplication::OnApplicationMessage(KODI::MESSAGING::ThreadMessage*) xbmc/application/Application.cpp xbmc#21 0x5dcd181b400d in KODI::MESSAGING::CApplicationMessenger::ProcessMessage(KODI::MESSAGING::ThreadMessage*) xbmc/messaging/ApplicationMessenger.cpp:244:17 xbmc#22 0x5dcd181b6325 in KODI::MESSAGING::CApplicationMessenger::ProcessMessages() xbmc/messaging/ApplicationMessenger.cpp:217:5 xbmc#23 0x5dcd18f5501a in CApplication::Process() xbmc/application/Application.cpp:3156:38 xbmc#24 0x5dcd18f2cac8 in CApplication::Run() xbmc/application/Application.cpp:1855:5 xbmc#25 0x5dcd1806a143 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 xbmc#26 0x5dcd14c97b2f in main xbmc/platform/posix/main.cpp:70:16 xbmc#27 0x7fb259c43ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) SUMMARY: AddressSanitizer: heap-use-after-free xbmc/settings/dialogs/GUIDialogSettingsBase.cpp:476:5 in CGUIDialogSettingsBase::DeleteControls() Shadow bytes around the buggy address: 0x51d0015bce00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x51d0015bce80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x51d0015bcf00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x51d0015bcf80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x51d0015bd000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x51d0015bd080:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51d0015bd100: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51d0015bd180: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51d0015bd200: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51d0015bd280: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51d0015bd300: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==29999==ABORTING (cherry picked from commit 3be3878)

Fneufneu added 3 commits January 27, 2011 18:21

non gnu sed: \+ is not a basic regular expression

2d73a77

so use * instead

do not hardcode make, use $MAKE instead

6efacb9

benkibbey mentioned this pull request Feb 3, 2013

crash when changing LiveTV channels. #2172

Closed

ulion mentioned this pull request Feb 27, 2013

Refactor CGUIWindowManager::DispatchThreadMessages() to be a solid thread message dispatch and process method. #2253

Merged

sraue pushed a commit to OpenELEC/xbmc that referenced this pull request May 16, 2015

Merge pull request xbmc#14 from wsnipex/dcadec

ca73368

Dcadec

MaxKellermann mentioned this pull request Oct 17, 2015

EpgContainer: use shared_ptr to manage CEpg pointers #8238

Closed

ghost mentioned this pull request Jan 21, 2016

VideoPlayer: gapless playback on stream change #8886

Merged

mcaptur mentioned this pull request Dec 15, 2016

AML clock timing adjustments #10887

Closed

9 tasks

koying mentioned this pull request May 28, 2017

FIX: [droid] trap App icons not being bitmaps #12182

Merged

koying mentioned this pull request Jun 29, 2017

FIX: [droid] trap App icons not being bitmaps #12393

Merged

9 tasks

tonyabc mentioned this pull request Dec 20, 2018

Kodi 18 RC2 Fedora 29 x64 SIGABRTs at random, can be repeated with on screen notifications #15101

Closed

6 tasks

ghost mentioned this pull request Feb 23, 2019

v18.0/linux x64: crash on exit in freetype-2.9.1 #15592

Closed

1 task

breisig mentioned this pull request Jan 7, 2020

Kodi 8.15 from git crashes with ERROR: GLX Error: vInfo is NULL! #17147

Closed

7 tasks

leo06 mentioned this pull request Mar 29, 2020

v18 - GUI language overrides preferred subtitle language #17573

Open

7 tasks

ajkessel mentioned this pull request Apr 16, 2020

Kodi 18.6 segfaults playing mpeg2 video content on Ubuntu #17651

Closed

7 tasks

vasewood mentioned this pull request Jun 25, 2020

Kodi crashes immediately when certain video files are played over network #18101

Closed

7 tasks

SilverMecer mentioned this pull request Jan 20, 2021

Program terminated with signal SIGSEGV, Segmentation fault. #19096

Closed

jurek4321 mentioned this pull request Jan 25, 2021

kodi is crashing with kodi-pvr-hts when trying to open "tv" #19121

Closed

6 tasks

guilamu mentioned this pull request Nov 15, 2021

Subtitle color is not taken into account when playing DoVi files (Dobly Vision) #20519

Closed

7 tasks

obaterspok mentioned this pull request Nov 7, 2023

Nexus + addons not compatible with Python 3.12 #24069

Closed

This pull request was closed.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Freebsd support: sed portability #14

Freebsd support: sed portability #14

Fneufneu commented Jan 27, 2011

Freebsd support: sed portability #14

Freebsd support: sed portability #14

Conversation

Fneufneu commented Jan 27, 2011