jami-daemon issueshttps://git.jami.net/savoirfairelinux/jami-daemon/-/issues2024-03-08T19:26:14Zhttps://git.jami.net/savoirfairelinux/jami-daemon/-/issues/5daemon: call goes to failure instead of over2024-03-08T19:26:14ZJami Botdaemon: call goes to failure instead of overIssue generated from Tuleap's migration script.
**Originally submitted by: Alexandre Lision (alision)**
<p>Steps to reproduce:</p>
<p>- make a call</p>
<p>- Bob hangs up</p>
<p>- Alice can go to Failure instead of Over (i...Issue generated from Tuleap's migration script.
**Originally submitted by: Alexandre Lision (alision)**
<p>Steps to reproduce:</p>
<p>- make a call</p>
<p>- Bob hangs up</p>
<p>- Alice can go to Failure instead of Over (it does not happen every time I think)</p>
<p> </p>
<p>This is the log generated:</p>
<pre>
<strong>1457970175.894|0x70000021d000|tls\_session.cpp:638 ] [TLS] shutdown
1457970175.894|0x1019b7000|siptransport.cpp:209 ] pjsip transport@0x1031c4088 TLS to 208.88.110.46:7170 -> DISCONNECTED
1457970175.894|0x1019b7000|sipcall.cpp:205 ] call:12405873968647423475] Ending call because underlying SIP transport was closed
1457970175.894|0x1019b7000|call.cpp:144 ] [call:12405873968647423475] state change 1/4, cnx 4/0, code 54
1457970175.894|0x1019b7000|call.cpp:163 ] [call:12405873968647423475] emit client call state change FAILURE, code 54
1457970175.894|0x1019b7000|manager.cpp:1778 ] [call:12405873968647423475] Failed
1457970175.894|0x1019b7000|corelayer.cpp:226 ] START STREAM
1457970175.894|0x1019b7000|call\_factory.cpp:39 ] Removing call 12405873968647423475
1457970175.894|0x1019b7000|call\_factory.cpp:43 ] Remaining 0 SIP call(s)
1457970175.895|0x1019b7000|call.cpp:144 ] [call:12405873968647423475] state change 4/5, cnx 0/0, code 0
1457970175.895|0x1019b7000|call.cpp:163 ] [call:12405873968647423475] emit client call state change OVER, code 0</strong></pre>
<p>The problem seems to be in the daemon, it emits first a FAILURE state changed before a OVER. LRC puts the call in failed and does nothing when the OVER signal is received:</p>
<p>Log in LRC:</p>
<pre>
<strong>Call State Changed for call "12405873968647423475" . New state : "FAILURE"
Call found Call(0x6000002321e0) "Talking"
Calling stateChanged "FAILURE" -> 6 on call with state "Talking" . Become "Failed"
Call State Changed for call "12405873968647423475" . New state : "OVER"
Call found Call(0x6000002321e0) "Failed"
Origin and destination states are identical "Failed" "Failed" doing nothing Call(0x6000002321e0)
Calling stateChanged "OVER" -> 7 on call with state "Failed" . Become "Failed"
</strong></pre>Guillaume RoguezGuillaume Roguezhttps://git.jami.net/savoirfairelinux/jami-daemon/-/issues/9dtmf tones do not work2024-03-08T19:26:14ZJami Botdtmf tones do not workIssue generated from Tuleap's migration script.
**Originally submitted by: Stepan Salenikovich (ssalenik)**
<p>A user reported that sending dtmf tones (SIP or RTP) does not work.<br />
<br />
I think RTP tones are broken in the daem...Issue generated from Tuleap's migration script.
**Originally submitted by: Stepan Salenikovich (ssalenik)**
<p>A user reported that sending dtmf tones (SIP or RTP) does not work.<br />
<br />
I think RTP tones are broken in the daemon since a while ago. Its also possible that SIP tones work, but are not accepted in all cases on the other end?</p>
<p>Also the gnome UI is not very nice for sending them, so could also be an input issue.</p>SIP support - first iterationSébastien BlinSébastien Blinhttps://git.jami.net/savoirfairelinux/jami-daemon/-/issues/2ring-daemon fails to build with opendht 1.2.1 using clang2024-03-08T19:26:13ZJami Botring-daemon fails to build with opendht 1.2.1 using clangIssue generated from Tuleap's migration script.
**Originally submitted by: Yuri (yurivict)**
I am getting these errors from clang-38 with both current ring-lrc and 1.0.0 ring-lrc:
```
In file included from configurationmanager.cpp:4...Issue generated from Tuleap's migration script.
**Originally submitted by: Yuri (yurivict)**
I am getting these errors from clang-38 with both current ring-lrc and 1.0.0 ring-lrc:
```
In file included from configurationmanager.cpp:40:
/usr/ports/net-im/ring-daemon/work/ring-daemon-56ec56f/src/ringdht/ringaccount.h:347:42: error: no member named 'Dht' in namespace 'dht'; did you mean 'dht'?
void saveNodes(const std::vector<dht::Dht::NodeExport>&) const;
\^\~\~\~\~\~\~\~
dht
/usr/local/include/opendht/default\_types.h:36:11: note: 'dht' declared here
namespace dht {
\^
In file included from configurationmanager.cpp:40:
/usr/ports/net-im/ring-daemon/work/ring-daemon-56ec56f/src/ringdht/ringaccount.h:348:43: error: no member named 'Dht' in namespace 'dht'; did you mean 'dht'?
void saveValues(const std::vector<dht::Dht::ValuesExport>&) const;
\^\~\~\~\~\~\~\~
dht
```
Spotted on FreeBSD.Adrien BéraudAdrien Béraudhttps://git.jami.net/savoirfairelinux/jami-daemon/-/issues/1daemon: account maintenance regression2024-03-08T19:26:13ZJami Botdaemon: account maintenance regressionIssue generated from Tuleap's migration script.
**Originally submitted by: Guillaume Roguez (guillaume)**
Migration/Maintenance system is broken: not able to recreate a new device if ring\_device.\* files missing (ex: filesystem corrupt...Issue generated from Tuleap's migration script.
**Originally submitted by: Guillaume Roguez (guillaume)**
Migration/Maintenance system is broken: not able to recreate a new device if ring\_device.\* files missing (ex: filesystem corruption).
Was tested on GNU/Linux-GNOME and Win32 platforms, using lasted sources.
I only indicate GNU/Linux-GNOME below.
\* Environment:
daemon: 1ed6a0f video: disable auto quality by default
lrc: 68c8ad0 AccountModel: separate selected and chosen account
gnome:
\* Reproduce steps:
- Create a new ring account
- stop ring
- delete ring\_device.\* files associated to this account
- restart ring
\* Expected result:
- the client ask for the password
- the client shows the normal screen after correct password given, with new ring device generated
\* Actual result:
- the client loops in password askingAdrien BéraudAdrien Béraudhttps://git.jami.net/savoirfairelinux/jami-daemon/-/issues/186SIP proxy field is not used correctly2020-12-13T23:57:25ZJami BotSIP proxy field is not used correctlyIssue generated from Tuleap's migration script.
**Originally submitted by: Raman Gupta (rocketraman)**
A detailed description of the bug. Use following fields for description field:
\* Environment:
Ring v1.0.0 on Linux Fedora 25 ...Issue generated from Tuleap's migration script.
**Originally submitted by: Raman Gupta (rocketraman)**
A detailed description of the bug. Use following fields for description field:
\* Environment:
Ring v1.0.0 on Linux Fedora 25
\* Reproduce steps:
Using the hostname and proxy fields to connect to a domain mydomain.com and proxy server proxy.versature.com. The configuration should set up Ring to connect to proxy.versature.com, passing the mydomain.com in the subsequent SIP request(s).
\* Expected result:
I would expect ring to connect successfully using this configuration. As a point of comparison, Zoiper will connect successfully.
\* Actual result:
The actual result is that Ring attempts to make a SIP connection to the hostname, ignoring the proxy field. The debug logs at SIPLOGLEVEL=4 are:
```
[1496261573.159|18869|sipaccount.cpp:698 ] doRegister mydomain.com
[1496261573.159|18869|sipvoiplink.cpp:1220 ] try to resolve 'mydomain.com' (port: 0)
16:12:53.159 resolver.c Transmitting 38 bytes to NS 0 (127.0.0.1:53): DNS SRV query for \_sip.\_udp.mydomain.com: Success
16:12:53.190 \_sip.\_udp.redo DNS SRV resolution failed for \_sip.\_udp.mydomain.com: DNS "Name Error" (PJLIB\_UTIL\_EDNS\_NXDOMAIN)
16:12:53.190 \_sip.\_udp.redo DNS SRV resolution failed for \_sip.\_udp.mydomain.com, trying resolving A/AAAA record for mydomain.com
16:12:53.190 resolver.c Transmitting 28 bytes to NS 0 (127.0.0.1:53): DNS A query for mydomain.com: Success
16:12:53.190 resolver.c Transmitting 28 bytes to NS 0 (127.0.0.1:53): DNS AAAA query for mydomain.com: Success
[1496261573.220|18869|sipaccount.cpp:815 ] Creating transport
16:12:53.220 udp0x18cc530 SIP UDP transport started, published address is 192.168.1.6:5062
[1496261573.220|18869|siptransport.cpp:357 ] Created UDP transport on default : 0.0.0.0:5062
[1496261573.221|18869|siptransport.cpp:82 ] SipTransport@0x190acc0 {tr=0x1919ec8 {rc=2}}
[1496261573.221|18869|sip\_utils.cpp:87 ] Adding route proxy.versature.com
[1496261605.223|18869|sipaccount.cpp:1033 ] SIP registration failed, status=408 (Request Timeout)
[1496261605.223|18869|sipaccount.cpp:2018 ] Scheduling re-registration retry in 53 seconds..
[1496261658.316|18869|sip\_utils.cpp:87 ] Adding route proxy.versature.com
[1496261690.321|18869|sipaccount.cpp:1033 ] SIP registration failed, status=408 (Request Timeout)
[1496261690.321|18869|sipaccount.cpp:2018 ] Scheduling re-registration retry in 302 seconds..
```
IF the system is configured with \_sip.\_udp SRV records on the domain provided in the hostname to point to the proxy, and the proxy field is left blank, then Ring successfully looks up the SRV record and connects to the proxy given there. Explicitly providing the proxy does not work as shown above.
The way I think it should work (and the way I think Zoiper works) is that you have a "domain/hostname" [1] setting and a "proxy" setting. The logic would be:
1) If proxy is set, Ring connects to the proxy and then passes username@domain in the SIP header.
2) If proxy is not set, then Ring looks for the proxy in the DNS SRV records for domain and if it exists, Ring connects to it and then passes username@domain to it.
3) Lastly, if the DNS SRV record does not exist, Ring attempts to connect to the A record of the domain/hostname setting, and again passes username@domain to it.
That way the auth information is completely configurable (username + domain) and the server that handles the request is completely configurable (proxy). The server to physically connect to is configurable either by DNS record on the domain, OR by explicit configuration in the proxy field.
[1] The "domain/hostname" config value would replace the current "hostname" config value.
The codepath to make the SIP connection as described above already exists -- its just that its impossible to configure the UI currently to trigger it. Given an SRV record of \_sip.\_udp.mydomain.com pointing to proxy.versature.com port 5060, Ring makes a connection to proxy.versature.com and passes all information with domain @mydomain.com. Here is a trace https://pastebin.com/raw/5z39MRu8.Ming Rui ZhangMing Rui Zhanghttps://git.jami.net/savoirfairelinux/jami-daemon/-/issues/26New Ring users from different timezone can't chat2022-11-14T21:52:31ZJami BotNew Ring users from different timezone can't chatIssue generated from Tuleap's migration script.
**Originally submitted by: Emmanuel Lepage Vallee (elv13)**
A detailed description of the bug. Use following fields for description field:
\* Environment:
2 users from 2 timezones ...Issue generated from Tuleap's migration script.
**Originally submitted by: Emmanuel Lepage Vallee (elv13)**
A detailed description of the bug. Use following fields for description field:
\* Environment:
2 users from 2 timezones
\* Reproduce steps:
1) create 1 ring account in Canada
2) create 1 ring account in France (or fake the timezone)
3) Try to send a chat message
\* Expected result:
1) Being able to chat
\* Actual result:
One of the peer will reject the other with a GNUTLS\_CERT\_NOT\_ACTIVATED error.Hugo LefeuvreHugo Lefeuvrehttps://git.jami.net/savoirfairelinux/jami-daemon/-/issues/8Invalid conversation state2024-03-08T19:26:14ZPierre DucheminInvalid conversation state## Environment
- Ring version: 20180511
- Device model: Nvidia Shield Pro, LG G3
- Android version: 7 (shield), 6 (LG)
- What build you are using: debug build on 636a065f603447f6c8472befd93c6b52e74ebfe3
## Steps to reproduce
-...## Environment
- Ring version: 20180511
- Device model: Nvidia Shield Pro, LG G3
- Android version: 7 (shield), 6 (LG)
- What build you are using: debug build on 636a065f603447f6c8472befd93c6b52e74ebfe3
## Steps to reproduce
- I reproduce the bug: at will
- Steps:
1. Call a contact that is only connected with an Android Phone device
2. The call is establishing
3. At the same time,
- on AndroidTV: hang up call
- on Android Phone: pick up call
- Actual result: on AndroidTV, everything is fine: the conversation hanged up and smartlist is displayed, but on the phone, a call is ongoing with a black screen instead of the video from the Shield. Video from phone displays normally on phone.
- Expected result: both devices should hang up.
## Additional information
Tried to reproduce the other way: phone calling TV, but everything went fine.https://git.jami.net/savoirfairelinux/jami-daemon/-/issues/14Incoherent packet loss and call fail2024-03-08T19:26:15ZSébastien BlinIncoherent packet loss and call failSometimes, during the call connection, the daemon log an incoherent packet loss (integer overflow) and then the call fails.
This is due when `TlsSession::TlsSessionImpl::flushRxQueue()` receives the same packet sequence number twice.Sometimes, during the call connection, the daemon log an incoherent packet loss (integer overflow) and then the call fails.
This is due when `TlsSession::TlsSessionImpl::flushRxQueue()` receives the same packet sequence number twice.Gnome 2018.07.15Sébastien BlinSébastien Blinhttps://git.jami.net/savoirfairelinux/jami-daemon/-/issues/16missing audio during call2024-03-08T19:26:15ZHugo Lefeuvremissing audio during call**Issue:** No audio during Ring video calls.
**Setup:** latest daemon + LRC + GNU/Linux GNOME client master. The other peer uses the MacOS client, latest stable version.
**Daemon logs:**
```
[1530368590.976|14825|accel.cpp :146...**Issue:** No audio during Ring video calls.
**Setup:** latest daemon + LRC + GNU/Linux GNOME client master. The other peer uses the MacOS client, latest stable version.
**Daemon logs:**
```
[1530368590.976|14825|accel.cpp :146 ] Not using hardware accelerated decoding
[1530368590.976|14825|media_decoder.cpp :224 ] Decoding audio using Opus (opus)
[1530368590.976|14825|media_decoder.cpp :489 ] Creating audio resampler
[1530368591.019|10763|sipvoiplink.cpp :1129 ] [INVITE:0x5576d3144508] RX SIP method 6 (INFO)
[1530368591.019|10763|sipvoiplink.cpp :1019 ] handling picture fast update request
[1530368591.019|10763|video_sender.cpp :87 ] Key frame requested
[1530368591.093|14826|media_decoder.cpp :131 ] Using format video4linux2
[1530368591.093|14826|media_decoder.cpp :172 ] Finding video stream info
[mjpeg @ 0x7f5f9c003060] unable to decode APP fields: Invalid data found when processing input
[1530368591.364|14826|accel.cpp :103 ] Using 'vaapi' hardware acceleration with device '/dev/dri/r
enderD128'
[1530368591.364|14826|media_decoder.cpp :224 ] Decoding video using MJPEG (Motion JPEG) (mjpeg)
[1530368591.364|14826|video_input.cpp :366 ] created decoder with video params : size=960X540, fps=30.00
0000
[1530368591.364|14826|sinkclient.cpp :372 ] Start sink <local / Ring Daemon_shm_10763_0>, size=960x540,
mixer=0
[mjpeg @ 0x7f5f9c004820] unable to decode APP fields: Invalid data found when processing input
[1530368591.370|14826|accel.cpp :64 ] Frame format mismatch: expected vaapi_vld, got yuv422p
[1530368591.377|14826|sip_utils.cpp :203 ] Registered thread 0x7f5feeccd130 (0x2A0B)
[1530368591.379|14826|sinkclient.cpp :182 ] ShmHolder[Ring Daemon_shm_10763_0]: new sizes: f=2073600, a
=4147303
[mjpeg @ 0x7f5f9c004820] unable to decode APP fields: Invalid data found when processing input
[1530368591.400|14826|accel.cpp :64 ] Frame format mismatch: expected vaapi_vld, got yuv422p
[mjpeg @ 0x7f5f9c004820] unable to decode APP fields: Invalid data found when processing input
[1530368591.435|14826|accel.cpp :64 ] Frame format mismatch: expected vaapi_vld, got yuv422p
[mjpeg @ 0x7f5f9c004820] unable to decode APP fields: Invalid data found when processing input
[1530368591.467|14826|accel.cpp :64 ] Frame format mismatch: expected vaapi_vld, got yuv422p
[mjpeg @ 0x7f5f9c004820] unable to decode APP fields: Invalid data found when processing input
[1530368591.498|14826|accel.cpp :64 ] Frame format mismatch: expected vaapi_vld, got yuv422p
[1530368591.498|14826|media_decoder.cpp :285 ] Hardware decoding failure
[1530368591.501|14826|media_decoder.cpp :114 ] Trying to open device /dev/video0 with format video4linux2,
pixel format mjpeg, size 960x540, rate 30.000000
[1530368591.537|14826|media_decoder.cpp :131 ] Using format video4linux2
[1530368591.537|14826|media_decoder.cpp :172 ] Finding video stream info
[mjpeg @ 0x7f5f9c0189e0] unable to decode APP fields: Invalid data found when processing input
[1530368591.731|14826|accel.cpp :103 ] Using 'vaapi' hardware acceleration with device '/dev/dri/r
enderD128'
[1530368591.731|14826|media_decoder.cpp :224 ] Decoding video using MJPEG (Motion JPEG) (mjpeg)
[1530368591.731|14826|video_input.cpp :366 ] created decoder with video params : size=960X540, fps=30.00
0000
[1530368591.731|14826|sinkclient.cpp :372 ] Start sink <local / Ring Daemon_shm_10763_0>, size=960x540,
mixer=0
[1530368591.731|14826|video_input.cpp :221 ] Disabling hardware decoding due to previous failure
[mjpeg @ 0x7f5f9c018ec0] unable to decode APP fields: Invalid data found when processing input
[mjpeg @ 0x7f5f9c018ec0] unable to decode APP fields: Invalid data found when processing input
[mjpeg @ 0x7f5f9c018ec0] unable to decode APP fields: Invalid data found when processing input
[mjpeg @ 0x7f5f9c018ec0] unable to decode APP fields: Invalid data found when processing input
[mjpeg @ 0x7f5f9c018ec0] unable to decode APP fields: Invalid data found when processing input
[1530368592.821|14835|accel.cpp :103 ] Using 'vaapi' hardware acceleration with device '/dev/dri/r
enderD128'
[1530368592.821|14835|media_decoder.cpp :224 ] Decoding video using H.264 / AVC / MPEG-4 AVC / MPEG-4 part
10 (h264)
[1530368592.821|14835|sinkclient.cpp :182 ] ShmHolder[Ring Daemon_shm_10763_1]: new sizes: f=0, a=103
[1530368592.821|14835|sinkclient.cpp :148 ] ShmHolder: new holder 'Ring Daemon_shm_10763_1'
[1530368592.822|14835|sinkclient.cpp :372 ] Start sink <2052679725649646304 / Ring Daemon_shm_10763_1>,
size=1280x720, mixer=0
[mjpeg @ 0x7f5f9c018ec0] unable to decode APP fields: Invalid data found when processing input
[1530368592.829|14835|sinkclient.cpp :182 ] ShmHolder[Ring Daemon_shm_10763_1]: new sizes: f=3686400, a
=7372903
[mjpeg @ 0x7f5f9c018ec0] unable to decode APP fields: Invalid data found when processing input
[mjpeg @ 0x7f5f9c018ec0] unable to decode APP fields: Invalid data found when processing input
[mjpeg @ 0x7f5f9c018ec0] unable to decode APP fields: Invalid data found when processing input
[mjpeg @ 0x7f5f9c018ec0] unable to decode APP fields: Invalid data found when processing input
[1530368596.813|10763|manager.cpp :1657 ] [call:2052679725649646304] Remove local audio
[1530368596.813|10763|sipcall.cpp :294 ] [call:2052679725649646304] Terminate SIP session
[1530368596.814|10763|sipcall.cpp :940 ] [call:2052679725649646304] stopping all medias
[1530368596.814|14825|media_decoder.cpp :339 ] Couldn't read frame: Operation not permitted
[1530368596.814|14825|audio_rtp_session.cpp:333 ] fatal error, read failed
[libopus @ 0x7f5fa0002320] 1 frames left in the queue on closing
[1530368596.827|14835|sinkclient.cpp :377 ] Stop sink <2052679725649646304 / Ring Daemon_shm_10763_1>,
mixer=0
[mjpeg @ 0x7f5f9c018ec0] unable to decode APP fields: Invalid data found when processing input
[1530368596.839|14826|sinkclient.cpp :377 ] Stop sink <local / Ring Daemon_shm_10763_0>, mixer=0
[1530368596.839|14826|video_input.cpp :172 ] VideoInput closed
[1530368596.839|10763|call.cpp :198 ] [call:2052679725649646304] state change 1/1, cnx 4/0, code
0
[1530368596.839|10763|call.cpp :221 ] [call:2052679725649646304] emit client call state change HU
NGUP, code 0
[1530368596.839|10763|sipcall.cpp :703 ] [call:2052679725649646304] removeCall()
```
(slightly modified, removed some redundant lines)
**How to reproduce:** Don't know, it appears to happen randomly. Last time it worked.
Then I used my Android client and it worked perfectly.https://git.jami.net/savoirfairelinux/jami-daemon/-/issues/18heap-buffer-overflow (OOB read) in msgData2022-11-14T21:52:31ZHugo Lefeuvreheap-buffer-overflow (OOB read) in msgData**Affected**: latest daemon master & earlier. Built with `-O0 -g -fsanitize=address`
**How to reproduce**: Don't know, crash happened in background
**ASAN stacktrace**:
```
[1530642849.947|14374|ringaccount.cpp :3274 ] [Account 9fba...**Affected**: latest daemon master & earlier. Built with `-O0 -g -fsanitize=address`
**How to reproduce**: Don't know, crash happened in background
**ASAN stacktrace**:
```
[1530642849.947|14374|ringaccount.cpp :3274 ] [Account 9fba7138a1fc3f51] found 1 devices for dfbf26a7e179df1c820b6228337b87387aa18461
[1530642850.099|14374|ringaccount.cpp :2014 ] Buddy ded6a9d278d05adac3265a0a69d07bd264e0861a online: (device: 8cab8a934b6fa5965e7c6924afb9a3487751045a)
[1530642850.099|14374|ringaccount.cpp :3274 ] [Account 9fba7138a1fc3f51] found 1 devices for ded6a9d278d05adac3265a0a69d07bd264e0861a
[1530643018.062|20911|p2p.cpp :316 ] [Account 9fba7138a1fc3f51] [CNX] request connection to 59e730f3484cd99742ad4a98cd3f55fc93070d92
[1530643038.063|20911|p2p.cpp :273 ] [CNX] exception during client processing: no response from DHT to E2E request
=================================================================
==14374==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000280378 at pc 0x7fed8da2f0b9 bp 0x7fed820de900 sp 0x7fed820de8f0
READ of size 20 at 0x603000280378 thread T2
#0 0x7fed8da2f0b8 in msgData<0ul, (ring::<unnamed>::CtrlMsgType)1, std::tuple<ring::(anonymous namespace)::CtrlMsg<(ring::<unnamed>::CtrlMsgType)0, void>, ring::(anonymous namespace)::CtrlMsg<(ring::<unnamed>::CtrlMsgType)1, std::tuple<dht::Hash<20ul>, long unsigned int> >, ring::(anonymous namespace)::CtrlMsg<(ring::<unnamed>::CtrlMsgType)2, std::tuple<ring::IpAddr> >, ring::(anonymous namespace)::CtrlMsg<(ring::<unnamed>::CtrlMsgType)3, std::tuple<ring::IpAddr> >, ring::(anonymous namespace)::CtrlMsg<(ring::<unnamed>::CtrlMsgType)4, std::tuple<ring::(anonymous namespace)::PeerConnectionMsg> >, ring::(anonymous namespace)::CtrlMsg<(ring::<unnamed>::CtrlMsgType)5, std::tuple<ring::(anonymous namespace)::PeerConnectionMsg> >, ring::(anonymous namespace)::CtrlMsg<(ring::<unnamed>::CtrlMsgType)6, std::tuple<dht::Hash<20ul>, long unsigned int, std::shared_ptr<dht::crypto::Certificate>, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::function<void(ring::PeerConnection*)> > > >, ring::(anonymous namespace)::CtrlMsgBase> /home/hlefeuvre/Development/ring-daemon/src/ringdht/p2p.cpp:161
#1 0x7fed8da2f108 in ctrlMsgData<(ring::<unnamed>::CtrlMsgType)1, 0ul, ring::(anonymous namespace)::CtrlMsgBase> /home/hlefeuvre/Development/ring-daemon/src/ringdht/p2p.cpp:186
#2 0x7fed8da2fcca in ring::DhtPeerConnector::Impl::eventLoop() /home/hlefeuvre/Development/ring-daemon/src/ringdht/p2p.cpp:637
#3 0x7fed8da416ff in ring::DhtPeerConnector::Impl::Impl(ring::RingAccount&)::{lambda()#1}::operator()() const /home/hlefeuvre/Development/ring-daemon/src/ringdht/p2p.cpp:200
#4 0x7fed8da5de79 in void std::_Bind_simple<ring::DhtPeerConnector::Impl::Impl(ring::RingAccount&)::{lambda()#1} ()>::_M_invoke<>(std::_Index_tuple<>) /usr/include/c++/5/functional:1531
#5 0x7fed8da5d973 in std::_Bind_simple<ring::DhtPeerConnector::Impl::Impl(ring::RingAccount&)::{lambda()#1} ()>::operator()() /usr/include/c++/5/functional:1520
#6 0x7fed8da5cf58 in std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<void>, std::__future_base::_Result_base::_Deleter>, std::_Bind_simple<ring::DhtPeerConnector::Impl::Impl(ring::RingAccount&)::{lambda()#1} ()>, void>::operator()() const /usr/include/c++/5/future:1342
#7 0x7fed8da5c619 in std::_Function_handler<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> (), std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<void>, std::__future_base::_Result_base::_Deleter>, std::_Bind_simple<ring::DhtPeerConnector::Impl::Impl(ring::RingAccount&)::{lambda()#1} ()>, void> >::_M_invoke(std::_Any_data const&) /usr/include/c++/5/functional:1857
#8 0x7fed8d71c1d7 in std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>::operator()() const /usr/include/c++/5/functional:2267
#9 0x7fed8d71a48c in std::__future_base::_State_baseV2::_M_do_set(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*) /usr/include/c++/5/future:527
#10 0x7fed8d726e5a in void std::_Mem_fn_base<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*), true>::operator()<std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*, void>(std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*&&, bool*&&) const /usr/include/c++/5/functional:600
#11 0x7fed8d7258e6 in void std::_Bind_simple<std::_Mem_fn<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> (std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)>::_M_invoke<0ul, 1ul, 2ul>(std::_Index_tuple<0ul, 1ul, 2ul>) /usr/include/c++/5/functional:1531
#12 0x7fed8d722fdd in std::_Bind_simple<std::_Mem_fn<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> (std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)>::operator()() /usr/include/c++/5/functional:1520
#13 0x7fed8d71f40e in void std::__once_call_impl<std::_Bind_simple<std::_Mem_fn<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> (std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> >() /usr/include/c++/5/mutex:706
#14 0x7fed8c4a8a98 in __pthread_once_slow (/lib/x86_64-linux-gnu/libpthread.so.0+0xea98)
#15 0x7fed8d70bad9 in __gthread_once /usr/include/x86_64-linux-gnu/c++/5/bits/gthr-default.h:699
#16 0x7fed8d71bfc6 in void std::call_once<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*), std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*>(std::once_flag&, void (std::__future_base::_State_baseV2::*&&)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*), std::__future_base::_State_baseV2*&&, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*&&, bool*&&) /usr/include/c++/5/mutex:738
#17 0x7fed8d719ec3 in std::__future_base::_State_baseV2::_M_set_result(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>, bool) /usr/include/c++/5/future:387
#18 0x7fed8da5b161 in std::__future_base::_Async_state_impl<std::_Bind_simple<ring::DhtPeerConnector::Impl::Impl(ring::RingAccount&)::{lambda()#1} ()>, void>::_Async_state_impl(ring::DhtPeerConnector::Impl::Impl(ring::RingAccount&)::{lambda()#1} (&&)())::{lambda()#1}::operator()() const /usr/include/c++/5/future:1658
#19 0x7fed8da61805 in void std::_Bind_simple<std::__future_base::_Async_state_impl<std::_Bind_simple<ring::DhtPeerConnector::Impl::Impl(ring::RingAccount&)::{lambda()#1} ()>, void>::_Async_state_impl(ring::DhtPeerConnector::Impl::Impl(ring::RingAccount&)::{lambda()#1} (&&)())::{lambda()#1} ()>::_M_invoke<>(std::_Index_tuple<>) /usr/include/c++/5/functional:1531
#20 0x7fed8da61505 in std::_Bind_simple<std::__future_base::_Async_state_impl<std::_Bind_simple<ring::DhtPeerConnector::Impl::Impl(ring::RingAccount&)::{lambda()#1} ()>, void>::_Async_state_impl(ring::DhtPeerConnector::Impl::Impl(ring::RingAccount&)::{lambda()#1} (&&)())::{lambda()#1} ()>::operator()() /usr/include/c++/5/functional:1520
#21 0x7fed8da6019b in std::thread::_Impl<std::_Bind_simple<std::__future_base::_Async_state_impl<std::_Bind_simple<ring::DhtPeerConnector::Impl::Impl(ring::RingAccount&)::{lambda()#1} ()>, void>::_Async_state_impl(ring::DhtPeerConnector::Impl::Impl(ring::RingAccount&)::{lambda()#1} (&&)())::{lambda()#1} ()> >::_M_run() /usr/include/c++/5/thread:115
#22 0x7fed8c985c7f (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8c7f)
#23 0x7fed8c4a16b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
#24 0x7fed8c1d741c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)
0x603000280380 is located 0 bytes to the right of 32-byte region [0x603000280360,0x603000280380)
allocated by thread T445 here:
#0 0x7fed8f490532 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99532)
#1 0x7fed8da32682 in make_unique<ring::(anonymous namespace)::CtrlMsg<(ring::<unnamed>::CtrlMsgType)1, std::tuple<dht::Hash<20ul> > >, const dht::Hash<20ul>&> /usr/include/c++/5/bits/unique_ptr.h:765
#2 0x7fed8da2a5ec in makeMsg<(ring::<unnamed>::CtrlMsgType)1, dht::Hash<20ul> > /home/hlefeuvre/Development/ring-daemon/src/ringdht/p2p.cpp:153
#3 0x7fed8da426b6 in ring::DhtPeerConnector::Impl::ClientConnector::cancel() /home/hlefeuvre/Development/ring-daemon/src/ringdht/p2p.cpp:299
#4 0x7fed8da41f47 in ring::DhtPeerConnector::Impl::ClientConnector::ClientConnector(ring::DhtPeerConnector::Impl&, dht::Hash<20ul> const&, std::shared_ptr<dht::crypto::Certificate> const&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, std::function<void (ring::PeerConnection*)> const&)::{lambda()#1}::operator()() const /home/hlefeuvre/Development/ring-daemon/src/ringdht/p2p.cpp:274
#5 0x7fed8da5df37 in void std::_Bind_simple<ring::DhtPeerConnector::Impl::ClientConnector::ClientConnector(ring::DhtPeerConnector::Impl&, dht::Hash<20ul> const&, std::shared_ptr<dht::crypto::Certificate> const&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, std::function<void (ring::PeerConnection*)> const&)::{lambda()#1} ()>::_M_invoke<>(std::_Index_tuple<>) /usr/include/c++/5/functional:1531
#6 0x7fed8da5da9f in std::_Bind_simple<ring::DhtPeerConnector::Impl::ClientConnector::ClientConnector(ring::DhtPeerConnector::Impl&, dht::Hash<20ul> const&, std::shared_ptr<dht::crypto::Certificate> const&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, std::function<void (ring::PeerConnection*)> const&)::{lambda()#1} ()>::operator()() /usr/include/c++/5/functional:1520
#7 0x7fed8da5d43c in std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<void>, std::__future_base::_Result_base::_Deleter>, std::_Bind_simple<ring::DhtPeerConnector::Impl::ClientConnector::ClientConnector(ring::DhtPeerConnector::Impl&, dht::Hash<20ul> const&, std::shared_ptr<dht::crypto::Certificate> const&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, std::function<void (ring::PeerConnection*)> const&)::{lambda()#1} ()>, void>::operator()() const /usr/include/c++/5/future:1342
#8 0x7fed8da5ca2a in std::_Function_handler<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> (), std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<void>, std::__future_base::_Result_base::_Deleter>, std::_Bind_simple<ring::DhtPeerConnector::Impl::ClientConnector::ClientConnector(ring::DhtPeerConnector::Impl&, dht::Hash<20ul> const&, std::shared_ptr<dht::crypto::Certificate> const&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, std::function<void (ring::PeerConnection*)> const&)::{lambda()#1} ()>, void> >::_M_invoke(std::_Any_data const&) /usr/include/c++/5/functional:1857
#9 0x7fed8d71c1d7 in std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>::operator()() const /usr/include/c++/5/functional:2267
#10 0x7fed8d71a48c in std::__future_base::_State_baseV2::_M_do_set(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*) /usr/include/c++/5/future:527
#11 0x7fed8d726e5a in void std::_Mem_fn_base<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*), true>::operator()<std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*, void>(std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*&&, bool*&&) const /usr/include/c++/5/functional:600
#12 0x7fed8d7258e6 in void std::_Bind_simple<std::_Mem_fn<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> (std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)>::_M_invoke<0ul, 1ul, 2ul>(std::_Index_tuple<0ul, 1ul, 2ul>) /usr/include/c++/5/functional:1531
#13 0x7fed8d722fdd in std::_Bind_simple<std::_Mem_fn<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> (std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)>::operator()() /usr/include/c++/5/functional:1520
#14 0x7fed8d71f40e in void std::__once_call_impl<std::_Bind_simple<std::_Mem_fn<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> (std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> >() /usr/include/c++/5/mutex:706
#15 0x7fed8c4a8a98 in __pthread_once_slow (/lib/x86_64-linux-gnu/libpthread.so.0+0xea98)
Thread T2 created by T0 here:
#0 0x7fed8f42d253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
#1 0x7fed8c985dc2 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8dc2)
Thread T445 created by T2 here:
#0 0x7fed8f42d253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
#1 0x7fed8c985dc2 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8dc2)
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/hlefeuvre/Development/ring-daemon/src/ringdht/p2p.cpp:161 msgData<0ul, (ring::<unnamed>::CtrlMsgType)1, std::tuple<ring::(anonymous namespace)::CtrlMsg<(ring::<unnamed>::CtrlMsgType)0, void>, ring::(anonymous namespace)::CtrlMsg<(ring::<unnamed>::CtrlMsgType)1, std::tuple<dht::Hash<20ul>, long unsigned int> >, ring::(anonymous namespace)::CtrlMsg<(ring::<unnamed>::CtrlMsgType)2, std::tuple<ring::IpAddr> >, ring::(anonymous namespace)::CtrlMsg<(ring::<unnamed>::CtrlMsgType)3, std::tuple<ring::IpAddr> >, ring::(anonymous namespace)::CtrlMsg<(ring::<unnamed>::CtrlMsgType)4, std::tuple<ring::(anonymous namespace)::PeerConnectionMsg> >, ring::(anonymous namespace)::CtrlMsg<(ring::<unnamed>::CtrlMsgType)5, std::tuple<ring::(anonymous namespace)::PeerConnectionMsg> >, ring::(anonymous namespace)::CtrlMsg<(ring::<unnamed>::CtrlMsgType)6, std::tuple<dht::Hash<20ul>, long unsigned int, std::shared_ptr<dht::crypto::Certificate>, std::vector<std::__cxx11::basic_strin
Shadow bytes around the buggy address:
0x0c0680048010: fa fa 00 00 00 00 fa fa fa fa fa fa fa fa fa fa
0x0c0680048020: fa fa fa fa fd fd fd fd fa fa fd fd fd fa fa fa
0x0c0680048030: fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0680048040: fa fa fa fa fa fa fa fa fd fd fd fd fa fa fd fd
0x0c0680048050: fd fa fa fa fd fd fd fa fa fa fd fd fd fd fa fa
=>0x0c0680048060: fa fa fa fa fa fa fd fd fd fd fa fa 00 00 00[00]
0x0c0680048070: fa fa fd fd fd fa fa fa fa fa fa fa fa fa 00 00
0x0c0680048080: 00 00 fa fa fa fa fa fa fa fa fd fd fd fa fa fa
0x0c0680048090: fd fd fd fa fa fa fa fa fa fa fa fa fd fd fd fd
0x0c06800480a0: fa fa fd fd fd fd fa fa fd fd fd fd fa fa fd fd
0x0c06800480b0: fd fa fa fa fa fa fa fa fa fa fd fd fd fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==14374==ABORTING
```
This bug has potential security implications (CWE-125).Gnome 2018.07.15Sébastien BlinSébastien Blinhttps://git.jami.net/savoirfairelinux/jami-daemon/-/issues/20heap-use-after-free when canceling file transfer2022-11-14T21:52:31ZHugo Lefeuvreheap-use-after-free when canceling file transfer**Affects**: latest daemon master & earlier. Built with `-O0 -g -fsanitize=address`.
**How to reproduce**: Cancel a file transfer while the file is being sent. While it does not always happen, I managed to reproduce it twice.
**ASAN st...**Affects**: latest daemon master & earlier. Built with `-O0 -g -fsanitize=address`.
**How to reproduce**: Cancel a file transfer while the file is being sent. While it does not always happen, I managed to reproduce it twice.
**ASAN stacktrace no. 1**:
```
[1531169668.821|19662|ringaccount.cpp :3274 ] [Account 9fba7138a1fc3f51] found 0 devices for e6b11a4a3406609c079dcba364b199eac72f0882
[1531169668.821|19662|p2p.cpp :780 ] 0x62300000e110[CNX] aborted, no devices for e6b11a4a3406609c079dcba364b199eac72f0882
[1531169689.507|20021|p2p.cpp :316 ] [Account 9fba7138a1fc3f51] [CNX] request connection to e6b11a4a3406609c079dcba364b199eac72f0882
[1531169689.944|19677|p2p.cpp :585 ] [Account 9fba7138a1fc3f51] [CNX] rx DHT reply from e6b11a4a3406609c079dcba364b199eac72f0882
[1531169689.951|20021|p2p.cpp :342 ] [Account 9fba7138a1fc3f51] [CNX] connecting to TURN relay 158.69.203.51:19418
[1531169689.953|20021|p2p.cpp :354 ] [Account 9fba7138a1fc3f51] [CNX] start TLS session
[1531169689.954|20025|tls_session.cpp :738 ] [TLS] Start client session
[1531169689.970|20025|tls_session.cpp :446 ] [TLS] User identity loaded
[1531169689.970|20025|tls_session.cpp :833 ] [TLS] handshake
[1531169690.395|20025|tls_session.cpp :860 ] [TLS] session established: (TLS1.2)-(ANON-DH)-(AES-256-GCM)
[1531169690.395|20025|tls_session.cpp :866 ] [TLS] renogotiate with certificate authentification
[1531169690.395|20025|tls_session.cpp :833 ] [TLS] handshake
[1531169690.707|20025|tls_session.cpp :860 ] [TLS] session established: (TLS1.2)-(ECDHE-SECP384R1)-(RSA-SHA384)-(AES-256-GCM)
[1531169690.720|20026|peer_connection.cpp:540 ] [CNX] Peer connection to e6b11a4a3406609c079dcba364b199eac72f0882 ready
[1531169691.014|19662|ringaccount.cpp :2014 ] Buddy 60ba2209df97e8f6546f9cbb5b12ad08dbff7c4d online: (device: e6b11a4a3406609c079dcba364b199eac72f0882)
[1531169691.014|19662|ringaccount.cpp :3274 ] [Account 9fba7138a1fc3f51] found 1 devices for 60ba2209df97e8f6546f9cbb5b12ad08dbff7c4d
=================================================================
==19662==ERROR: AddressSanitizer: heap-use-after-free on address 0x62500643c100 at pc 0x7f1b422bfe55 bp 0x7f1b2d68ad10 sp 0x7f1b2d68a4b8
WRITE of size 8191 at 0x62500643c100 thread T67
#0 0x7f1b422bfe54 (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x45e54)
#1 0x7f1b3f800216 in std::__basic_file<char>::xsgetn(char*, long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb0216)
#2 0x7f1b3f83b2e5 in std::basic_filebuf<char, std::char_traits<char> >::underflow() (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xeb2e5)
#3 0x7f1b3f86dfec in std::basic_streambuf<char, std::char_traits<char> >::xsgetn(char*, long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0x11dfec)
#4 0x7f1b3f83ac7d in std::basic_filebuf<char, std::char_traits<char> >::xsgetn(char*, long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xeac7d)
#5 0x7f1b3f8478ea in std::istream::read(char*, long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xf78ea)
#6 0x7f1b405b3964 in ring::SubOutgoingFileTransfer::read(std::vector<unsigned char, std::allocator<unsigned char> >&) const /home/hlefeuvre/Development/ring-daemon/src/data_transfer.cpp:339
#7 0x7f1b405938ae in _ZZN4ring14PeerConnection18PeerConnectionImpl9eventLoopEvENKUlRT_E_clISt10shared_ptrINS_6StreamEEEEDaS3_ (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xac18ae)
#8 0x7f1b405940b8 in handle_stream_list<std::vector<std::shared_ptr<ring::Stream> >, ring::PeerConnection::PeerConnectionImpl::eventLoop()::<lambda(auto:1&)> > /home/hlefeuvre/Development/ring-daemon/src/peer_connection.cpp:521
#9 0x7f1b40592409 in ring::PeerConnection::PeerConnectionImpl::eventLoop() /home/hlefeuvre/Development/ring-daemon/src/peer_connection.cpp:625
#10 0x7f1b4059e0c1 in ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1}::operator()() const /home/hlefeuvre/Development/ring-daemon/src/peer_connection.cpp:477
#11 0x7f1b405afa0d in void std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>::_M_invoke<>(std::_Index_tuple<>) (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadda0d)
#12 0x7f1b405af8d9 in std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>::operator()() (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadd8d9)
#13 0x7f1b405af4ba in std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<void>, std::__future_base::_Result_base::_Deleter>, std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::operator()() const (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadd4ba)
#14 0x7f1b405af04d in std::_Function_handler<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> (), std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<void>, std::__future_base::_Result_base::_Deleter>, std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void> >::_M_invoke(std::_Any_data const&) (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadd04d)
#15 0x7f1b4059f1d7 in std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>::operator()() const /usr/include/c++/5/functional:2267
#16 0x7f1b4059d48c in std::__future_base::_State_baseV2::_M_do_set(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*) /usr/include/c++/5/future:527
#17 0x7f1b405a9e5a in void std::_Mem_fn_base<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*), true>::operator()<std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*, void>(std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*&&, bool*&&) const /usr/include/c++/5/functional:600
#18 0x7f1b405a88e6 in void std::_Bind_simple<std::_Mem_fn<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> (std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)>::_M_invoke<0ul, 1ul, 2ul>(std::_Index_tuple<0ul, 1ul, 2ul>) /usr/include/c++/5/functional:1531
#19 0x7f1b405a5fdd in std::_Bind_simple<std::_Mem_fn<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> (std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)>::operator()() /usr/include/c++/5/functional:1520
#20 0x7f1b405a240e in void std::__once_call_impl<std::_Bind_simple<std::_Mem_fn<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> (std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> >() /usr/include/c++/5/mutex:706
#21 0x7f1b3f32ba98 in __pthread_once_slow (/lib/x86_64-linux-gnu/libpthread.so.0+0xea98)
#22 0x7f1b4058ead9 in __gthread_once /usr/include/x86_64-linux-gnu/c++/5/bits/gthr-default.h:699
#23 0x7f1b4059efc6 in void std::call_once<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*), std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*>(std::once_flag&, void (std::__future_base::_State_baseV2::*&&)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*), std::__future_base::_State_baseV2*&&, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*&&, bool*&&) /usr/include/c++/5/mutex:738
#24 0x7f1b4059cec3 in std::__future_base::_State_baseV2::_M_set_result(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>, bool) /usr/include/c++/5/future:387
#25 0x7f1b405ae61f in std::__future_base::_Async_state_impl<std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::_Async_state_impl(ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} (&&)())::{lambda()#1}::operator()() const /usr/include/c++/5/future:1658
#26 0x7f1b405b1a83 in void std::_Bind_simple<std::__future_base::_Async_state_impl<std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::_Async_state_impl(ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} (&&)())::{lambda()#1} ()>::_M_invoke<>(std::_Index_tuple<>) (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadfa83)
#27 0x7f1b405b1879 in std::_Bind_simple<std::__future_base::_Async_state_impl<std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::_Async_state_impl(ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} (&&)())::{lambda()#1} ()>::operator()() /usr/include/c++/5/functional:1520
#28 0x7f1b405b0953 in std::thread::_Impl<std::_Bind_simple<std::__future_base::_Async_state_impl<std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::_Async_state_impl(ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<[1531169668.821|19662|ringaccount.cpp :3274 ] [Account 9fba7138a1fc3f51] found 0 devices for e6b11a4a3406609c079dcba364b199eac72f0882
[1531169668.821|19662|p2p.cpp :780 ] 0x62300000e110[CNX] aborted, no devices for e6b11a4a3406609c079dcba364b199eac72f0882
[1531169689.507|20021|p2p.cpp :316 ] [Account 9fba7138a1fc3f51] [CNX] request connection to e6b11a4a3406609c079dcba364b199eac72f0882
[1531169689.944|19677|p2p.cpp :585 ] [Account 9fba7138a1fc3f51] [CNX] rx DHT reply from e6b11a4a3406609c079dcba364b199eac72f0882
[1531169689.951|20021|p2p.cpp :342 ] [Account 9fba7138a1fc3f51] [CNX] connecting to TURN relay 158.69.203.51:19418
[1531169689.953|20021|p2p.cpp :354 ] [Account 9fba7138a1fc3f51] [CNX] start TLS session
[1531169689.954|20025|tls_session.cpp :738 ] [TLS] Start client session
[1531169689.970|20025|tls_session.cpp :446 ] [TLS] User identity loaded
[1531169689.970|20025|tls_session.cpp :833 ] [TLS] handshake
[1531169690.395|20025|tls_session.cpp :860 ] [TLS] session established: (TLS1.2)-(ANON-DH)-(AES-256-GCM)
[1531169690.395|20025|tls_session.cpp :866 ] [TLS] renogotiate with certificate authentification
[1531169690.395|20025|tls_session.cpp :833 ] [TLS] handshake
[1531169690.707|20025|tls_session.cpp :860 ] [TLS] session established: (TLS1.2)-(ECDHE-SECP384R1)-(RSA-SHA384)-(AES-256-GCM)
[1531169690.720|20026|peer_connection.cpp:540 ] [CNX] Peer connection to e6b11a4a3406609c079dcba364b199eac72f0882 ready
[1531169691.014|19662|ringaccount.cpp :2014 ] Buddy 60ba2209df97e8f6546f9cbb5b12ad08dbff7c4d online: (device: e6b11a4a3406609c079dcba364b199eac72f0882)
[1531169691.014|19662|ringaccount.cpp :3274 ] [Account 9fba7138a1fc3f51] found 1 devices for 60ba2209df97e8f6546f9cbb5b12ad08dbff7c4d
=================================================================
==19662==ERROR: AddressSanitizer: heap-use-after-free on address 0x62500643c100 at pc 0x7f1b422bfe55 bp 0x7f1b2d68ad10 sp 0x7f1b2d68a4b8
WRITE of size 8191 at 0x62500643c100 thread T67
#0 0x7f1b422bfe54 (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x45e54)
#1 0x7f1b3f800216 in std::__basic_file<char>::xsgetn(char*, long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb0216)
#2 0x7f1b3f83b2e5 in std::basic_filebuf<char, std::char_traits<char> >::underflow() (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xeb2e5)
#3 0x7f1b3f86dfec in std::basic_streambuf<char, std::char_traits<char> >::xsgetn(char*, long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0x11dfec)
#4 0x7f1b3f83ac7d in std::basic_filebuf<char, std::char_traits<char> >::xsgetn(char*, long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xeac7d)
#5 0x7f1b3f8478ea in std::istream::read(char*, long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xf78ea)
#6 0x7f1b405b3964 in ring::SubOutgoingFileTransfer::read(std::vector<unsigned char, std::allocator<unsigned char> >&) const /home/hlefeuvre/Development/ring-daemon/src/data_transfer.cpp:339
#7 0x7f1b405938ae in _ZZN4ring14PeerConnection18PeerConnectionImpl9eventLoopEvENKUlRT_E_clISt10shared_ptrINS_6StreamEEEEDaS3_ (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xac18ae)
#8 0x7f1b405940b8 in handle_stream_list<std::vector<std::shared_ptr<ring::Stream> >, ring::PeerConnection::PeerConnectionImpl::eventLoop()::<lambda(auto:1&)> > /home/hlefeuvre/Development/ring-daemon/src/peer_connection.cpp:521
#9 0x7f1b40592409 in ring::PeerConnection::PeerConnectionImpl::eventLoop() /home/hlefeuvre/Development/ring-daemon/src/peer_connection.cpp:625
#10 0x7f1b4059e0c1 in ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1}::operator()() const /home/hlefeuvre/Development/ring-daemon/src/peer_connection.cpp:477
#11 0x7f1b405afa0d in void std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>::_M_invoke<>(std::_Index_tuple<>) (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadda0d)
#12 0x7f1b405af8d9 in std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>::operator()() (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadd8d9)
#13 0x7f1b405af4ba in std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<void>, std::__future_base::_Result_base::_Deleter>, std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::operator()() const (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadd4ba)
#14 0x7f1b405af04d in std::_Function_handler<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> (), std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<void>, std::__future_base::_Result_base::_Deleter>, std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void> >::_M_invoke(std::_Any_data const&) (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadd04d)
#15 0x7f1b4059f1d7 in std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>::operator()() const /usr/include/c++/5/functional:2267
#16 0x7f1b4059d48c in std::__future_base::_State_baseV2::_M_do_set(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*) /usr/include/c++/5/future:527
#17 0x7f1b405a9e5a in void std::_Mem_fn_base<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*), true>::operator()<std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*, void>(std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*&&, bool*&&) const /usr/include/c++/5/functional:600
#18 0x7f1b405a88e6 in void std::_Bind_simple<std::_Mem_fn<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> (std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)>::_M_invoke<0ul, 1ul, 2ul>(std::_Index_tuple<0ul, 1ul, 2ul>) /usr/include/c++/5/functional:1531
#19 0x7f1b405a5fdd in std::_Bind_simple<std::_Mem_fn<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> (std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)>::operator()() /usr/include/c++/5/functional:1520
#20 0x7f1b405a240e in void std::__once_call_impl<std::_Bind_simple<std::_Mem_fn<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> (std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> >() /usr/include/c++/5/mutex:706
#21 0x7f1b3f32ba98 in __pthread_once_slow (/lib/x86_64-linux-gnu/libpthread.so.0+0xea98)
#22 0x7f1b4058ead9 in __gthread_once /usr/include/x86_64-linux-gnu/c++/5/bits/gthr-default.h:699
#23 0x7f1b4059efc6 in void std::call_once<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*), std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*>(std::once_flag&, void (std::__future_base::_State_baseV2::*&&)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*), std::__future_base::_State_baseV2*&&, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*&&, bool*&&) /usr/include/c++/5/mutex:738
#24 0x7f1b4059cec3 in std::__future_base::_State_baseV2::_M_set_result(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>, bool) /usr/include/c++/5/future:387
#25 0x7f1b405ae61f in std::__future_base::_Async_state_impl<std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::_Async_state_impl(ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} (&&)())::{lambda()#1}::operator()() const /usr/include/c++/5/future:1658
#26 0x7f1b405b1a83 in void std::_Bind_simple<std::__future_base::_Async_state_impl<std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::_Async_state_impl(ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} (&&)())::{lambda()#1} ()>::_M_invoke<>(std::_Index_tuple<>) (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadfa83)
#27 0x7f1b405b1879 in std::_Bind_simple<std::__future_base::_Async_state_impl<std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::_Async_state_impl(ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} (&&)())::{lambda()#1} ()>::operator()() /usr/include/c++/5/functional:1520
#28 0x7f1b405b0953 in std::thread::_Impl<std::_Bind_simple<std::__future_base::_Async_state_impl<std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::_Async_state_impl(ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} (&&)())::{lambda()#1} ()> >::_M_run() (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xade953)
#29 0x7f1b3f808c7f (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8c7f)
#30 0x7f1b3f3246b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
#31 0x7f1b3f05a41c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)
0x62500643c100 is located 0 bytes inside of 8192-byte region [0x62500643c100,0x62500643e100)
freed by thread T0 here:
#0 0x7f1b42313caa in operator delete[](void*) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99caa)
#1 0x7f1b3f83c49d in std::basic_filebuf<char, std::char_traits<char> >::_M_destroy_internal_buffer() (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xec49d)
previously allocated by thread T65 here:
#0 0x7f1b423136b2 in operator new[](unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x996b2)
#1 0x7f1b3f83c467 in std::basic_filebuf<char, std::char_traits<char> >::_M_allocate_internal_buffer() (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xec467)
Thread T67 created by T65 here:
#0 0x7f1b422b0253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
#1 0x7f1b3f808dc2 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8dc2)
Thread T65 created by T2 here:
#0 0x7f1b422b0253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
#1 0x7f1b3f808dc2 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8dc2)
Thread T2 created by T0 here:
#0 0x7f1b422b0253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
#1 0x7f1b3f808dc2 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8dc2)
SUMMARY: AddressSanitizer: heap-use-after-free ??:0 ??
Shadow bytes around the buggy address:
0x0c4a80c7f7d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80c7f7e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80c7f7f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80c7f800: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80c7f810: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c4a80c7f820:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80c7f830: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80c7f840: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80c7f850: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80c7f860: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80c7f870: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==19662==ABORTINGchar, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} (&&)())::{lambda()#1} ()> >::_M_run() (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xade953)
#29 0x7f1b3f808c7f (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8c7f)
#30 0x7f1b3f3246b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
#31 0x7f1b3f05a41c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)
0x62500643c100 is located 0 bytes inside of 8192-byte region [0x62500643c100,0x62500643e100)
freed by thread T0 here:
#0 0x7f1b42313caa in operator delete[](void*) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99caa)
#1 0x7f1b3f83c49d in std::basic_filebuf<char, std::char_traits<char> >::_M_destroy_internal_buffer() (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xec49d)
previously allocated by thread T65 here:
#0 0x7f1b423136b2 in operator new[](unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x996b2)
#1 0x7f1b3f83c467 in std::basic_filebuf<char, std::char_traits<char> >::_M_allocate_internal_buffer() (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xec467)
Thread T67 created by T65 here:
#0 0x7f1b422b0253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
#1 0x7f1b3f808dc2 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8dc2)
Thread T65 created by T2 here:
#0 0x7f1b422b0253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
#1 0x7f1b3f808dc2 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8dc2)
Thread T2 created by T0 here:
#0 0x7f1b422b0253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
#1 0x7f1b3f808dc2 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8dc2)
SUMMARY: AddressSanitizer: heap-use-after-free ??:0 ??
Shadow bytes around the buggy address:
0x0c4a80c7f7d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80c7f7e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80c7f7f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80c7f800: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80c7f810: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c4a80c7f820:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80c7f830: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80c7f840: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80c7f850: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80c7f860: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80c7f870: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==19662==ABORTING
```
**ASAN stacktrace no. 2**:
```
[1531170202.639|20292|ringaccount.cpp :3274 ] [Account 9fba7138a1fc3f51] found 0 devices for e6b11a4a3406609c079dcba364b199eac72f0882
[1531170202.640|20292|p2p.cpp :780 ] 0x62300000e110[CNX] aborted, no devices for e6b11a4a3406609c079dcba364b199eac72f0882
[1531170213.541|20605|p2p.cpp :316 ] [Account 9fba7138a1fc3f51] [CNX] request connection to e6b11a4a3406609c079dcba364b199eac72f0882
[1531170213.959|20307|p2p.cpp :585 ] [Account 9fba7138a1fc3f51] [CNX] rx DHT reply from e6b11a4a3406609c079dcba364b199eac72f0882
[1531170213.965|20605|p2p.cpp :342 ] [Account 9fba7138a1fc3f51] [CNX] connecting to TURN relay 158.69.203.51:19418
[1531170213.968|20605|p2p.cpp :354 ] [Account 9fba7138a1fc3f51] [CNX] start TLS session
[1531170213.968|20606|tls_session.cpp :738 ] [TLS] Start client session
[1531170213.982|20606|tls_session.cpp :446 ] [TLS] User identity loaded
[1531170213.982|20606|tls_session.cpp :833 ] [TLS] handshake
[1531170214.404|20292|ringaccount.cpp :2014 ] Buddy 60ba2209df97e8f6546f9cbb5b12ad08dbff7c4d online: (device: e6b11a4a3406609c079dcba364b199eac72f0882)
[1531170214.404|20292|ringaccount.cpp :3274 ] [Account 9fba7138a1fc3f51] found 1 devices for 60ba2209df97e8f6546f9cbb5b12ad08dbff7c4d
[1531170214.412|20606|tls_session.cpp :860 ] [TLS] session established: (TLS1.2)-(ANON-DH)-(AES-256-GCM)
[1531170214.412|20606|tls_session.cpp :866 ] [TLS] renogotiate with certificate authentification
[1531170214.412|20606|tls_session.cpp :833 ] [TLS] handshake
[1531170214.727|20606|tls_session.cpp :860 ] [TLS] session established: (TLS1.2)-(ECDHE-SECP384R1)-(RSA-SHA384)-(AES-256-GCM)
[1531170214.746|20607|peer_connection.cpp:540 ] [CNX] Peer connection to e6b11a4a3406609c079dcba364b199eac72f0882 ready
=================================================================
==20292==ERROR: AddressSanitizer: heap-use-after-free on address 0x62500817e100 at pc 0x7fb0cc92fe55 bp 0x7fb0b8cdfd10 sp 0x7fb0b8cdf4b8
WRITE of size 8191 at 0x62500817e100 thread T73
#0 0x7fb0cc92fe54 (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x45e54)
#1 0x7fb0c9e70216 in std::__basic_file<char>::xsgetn(char*, long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb0216)
#2 0x7fb0c9eab2e5 in std::basic_filebuf<char, std::char_traits<char> >::underflow() (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xeb2e5)
#3 0x7fb0c9eddfec in std::basic_streambuf<char, std::char_traits<char> >::xsgetn(char*, long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0x11dfec)
#4 0x7fb0c9eaac7d in std::basic_filebuf<char, std::char_traits<char> >::xsgetn(char*, long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xeac7d)
#5 0x7fb0c9eb78ea in std::istream::read(char*, long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xf78ea)
#6 0x7fb0cac23964 in ring::SubOutgoingFileTransfer::read(std::vector<unsigned char, std::allocator<unsigned char> >&) const /home/hlefeuvre/Development/ring-daemon/src/data_transfer.cpp:339
#7 0x7fb0cac038ae in _ZZN4ring14PeerConnection18PeerConnectionImpl9eventLoopEvENKUlRT_E_clISt10shared_ptrINS_6StreamEEEEDaS3_ (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xac18ae)
#8 0x7fb0cac040b8 in handle_stream_list<std::vector<std::shared_ptr<ring::Stream> >, ring::PeerConnection::PeerConnectionImpl::eventLoop()::<lambda(auto:1&)> > /home/hlefeuvre/Development/ring-daemon/src/peer_connection.cpp:521
#9 0x7fb0cac02409 in ring::PeerConnection::PeerConnectionImpl::eventLoop() /home/hlefeuvre/Development/ring-daemon/src/peer_connection.cpp:625
#10 0x7fb0cac0e0c1 in ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1}::operator()() const /home/hlefeuvre/Development/ring-daemon/src/peer_connection.cpp:477
#11 0x7fb0cac1fa0d in void std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>::_M_invoke<>(std::_Index_tuple<>) (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadda0d)
#12 0x7fb0cac1f8d9 in std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>::operator()() (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadd8d9)
#13 0x7fb0cac1f4ba in std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<void>, std::__future_base::_Result_base::_Deleter>, std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::operator()() const (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadd4ba)
#14 0x7fb0cac1f04d in std::_Function_handler<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> (), std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<void>, std::__future_base::_Result_base::_Deleter>, std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void> >::_M_invoke(std::_Any_data const&) (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadd04d)
#15 0x7fb0cac0f1d7 in std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>::operator()() const /usr/include/c++/5/functional:2267
#16 0x7fb0cac0d48c in std::__future_base::_State_baseV2::_M_do_set(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*) /usr/include/c++/5/future:527
#17 0x7fb0cac19e5a in void std::_Mem_fn_base<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*), true>::operator()<std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*, void>(std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*&&, bool*&&) const /usr/include/c++/5/functional:600
#18 0x7fb0cac188e6 in void std::_Bind_simple<std::_Mem_fn<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> (std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)>::_M_invoke<0ul, 1ul, 2ul>(std::_Index_tuple<0ul, 1ul, 2ul>) /usr/include/c++/5/functional:1531
#19 0x7fb0cac15fdd in std::_Bind_simple<std::_Mem_fn<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> (std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)>::operator()() /usr/include/c++/5/functional:1520
#20 0x7fb0cac1240e in void std::__once_call_impl<std::_Bind_simple<std::_Mem_fn<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> (std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> >() /usr/include/c++/5/mutex:706
#21 0x7fb0c999ba98 in __pthread_once_slow (/lib/x86_64-linux-gnu/libpthread.so.0+0xea98)
#22 0x7fb0cabfead9 in __gthread_once /usr/include/x86_64-linux-gnu/c++/5/bits/gthr-default.h:699
#23 0x7fb0cac0efc6 in void std::call_once<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*), std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*>(std::once_flag&, void (std::__future_base::_State_baseV2::*&&)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*), std::__future_base::_State_baseV2*&&, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*&&, bool*&&) /usr/include/c++/5/mutex:738
#24 0x7fb0cac0cec3 in std::__future_base::_State_baseV2::_M_set_result(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>, bool) /usr/include/c++/5/future:387
#25 0x7fb0cac1e61f in std::__future_base::_Async_state_impl<std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::_Async_state_impl(ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} (&&)())::{lambda()#1}::operator()() const /usr/include/c++/5/future:1658
#26 0x7fb0cac21a83 in void std::_Bind_simple<std::__future_base::_Async_state_impl<std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::_Async_state_impl(ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} (&&)())::{lambda()#1} ()>::_M_invoke<>(std::_Index_tuple<>) (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadfa83)
#27 0x7fb0cac21879 in std::_Bind_simple<std::__future_base::_Async_state_impl<std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::_Async_state_impl(ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} (&&)())::{lambda()#1} ()>::operator()() /usr/include/c++/5/functional:1520
#28 0x7fb0cac20953 in std::thread::_Impl<std::_Bind_simple<std::__future_base::_Async_state_impl<std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::_Async_state_impl(ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} (&&)())::{lambda()#1} ()> >::_M_run() (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xade953)
#29 0x7fb0c9e78c7f (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8c7f)
#30 0x7fb0c99946b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
#31 0x7fb0c96ca41c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)
0x62500817e100 is located 0 bytes inside of 8192-byte region [0x62500817e100,0x625008180100)
freed by thread T0 here:
#0 0x7fb0cc983caa in operator delete[](void*) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99caa)
#1 0x7fb0c9eac49d in std::basic_filebuf<char, std::char_traits<char> >::_M_destroy_internal_buffer() (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xec49d)
previously allocated by thread T71 here:
#0 0x7fb0cc9836b2 in operator new[](unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x996b2)
#1 0x7fb0c9eac467 in std::basic_filebuf<char, std::char_traits<char> >::_M_allocate_internal_buffer() (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xec467)
Thread T73 created by T71 here:
#0 0x7fb0cc920253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
#1 0x7fb0c9e78dc2 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8dc2)
Thread T71 created by T2 here:
#0 0x7fb0cc920253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
#1 0x7fb0c9e78dc2 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8dc2)
Thread T2 created by T0 here:
#0 0x7fb0cc920253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
#1 0x7fb0c9e78dc2 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8dc2)
SUMMARY: AddressSanitizer: heap-use-after-free ??:0 ??
Shadow bytes around the buggy address:
0x0c4a81027bd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a81027be0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a81027bf0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a81027c00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a81027c10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c4a81027c20:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a81027c30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a81027c40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a81027c50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a81027c60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a81027c70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==20292==ABORTING
```
This bug has potential security implications (CWE-416).Gnome 2018.07.15Sébastien BlinSébastien Blinhttps://git.jami.net/savoirfairelinux/jami-daemon/-/issues/35heap-use-after-free during exit when video preview is running2022-11-14T21:52:32ZHugo Lefeuvreheap-use-after-free during exit when video preview is running**Affects**: latest daemon master
**How to reproduce**:
1. open GNOME client
2. go to settings and then media settings
3. make sure preview runs
4. quit app using "quit" function
The daemon crashes.
I can't reproduce it with `-pcd` bu...**Affects**: latest daemon master
**How to reproduce**:
1. open GNOME client
2. go to settings and then media settings
3. make sure preview runs
4. quit app using "quit" function
The daemon crashes.
I can't reproduce it with `-pcd` but `-cd` does crash.
**ASan and gdb stacktrace**:
```
=================================================================
==478==ERROR: AddressSanitizer: heap-use-after-free on address 0x608000105fd0 at pc 0x7ffff6ee1676 bp 0x7fffd46c4400 sp 0x7fffd46c3ba8
READ of size 11 at 0x608000105fd0 thread T49
#0 0x7ffff6ee1675 in memcmp (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x77675)
#1 0x7ffff34a1277 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::compare(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) const (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0x121277)
#2 0x475a8a in bool std::operator< <char, std::char_traits<char>, std::allocator<char> >(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /usr/include/c++/5/bits/basic_string.h:4989
#3 0x462a60 in std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >::operator()(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) const /usr/include/c++/5/bits/stl_function.h:387
#4 0x4c413b in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::_M_lower_bound(std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >*, std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /usr/include/c++/5/bits/stl_tree.h:1628
#5 0x4c3694 in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::lower_bound(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /usr/include/c++/5/bits/stl_tree.h:1091
#6 0x4c2f62 in std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::lower_bound(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /usr/include/c++/5/bits/stl_map.h:916
#7 0x521844 in std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::operator[](std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&&) /usr/include/c++/5/bits/stl_map.h:499
#8 0x7da690 in ring::Smartools::setResolution(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int, int) /home/hlefeuvre/Development/ring-daemon/src/smartools.cpp:100
#9 0x9853a9 in ring::video::SinkClient::update(ring::video::Observable<std::shared_ptr<ring::VideoFrame> >*, std::shared_ptr<ring::VideoFrame> const&) /home/hlefeuvre/Development/ring-daemon/src/media/video/sinkclient.cpp:337
#10 0x71570e in ring::video::Observable<std::shared_ptr<ring::VideoFrame> >::notify(std::shared_ptr<ring::VideoFrame>) /home/hlefeuvre/Development/ring-daemon/src/media/video/video_base.h:97
#11 0x71345c in ring::video::VideoGenerator::publishFrame() /home/hlefeuvre/Development/ring-daemon/src/media/video/video_base.cpp:50
#12 0x72c859 in ring::video::VideoInput::captureFrame() /home/hlefeuvre/Development/ring-daemon/src/media/video/video_input.cpp:249
#13 0x72bf6d in ring::video::VideoInput::process() /home/hlefeuvre/Development/ring-daemon/src/media/video/video_input.cpp:162
#14 0x734c5d in void std::_Mem_fn_base<void (ring::video::VideoInput::*)(), true>::operator()<, void>(ring::video::VideoInput*) const /usr/include/c++/5/functional:600
#15 0x733c34 in void std::_Bind<std::_Mem_fn<void (ring::video::VideoInput::*)()> (ring::video::VideoInput*)>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) /usr/include/c++/5/functional:1074
#16 0x732d86 in void std::_Bind<std::_Mem_fn<void (ring::video::VideoInput::*)()> (ring::video::VideoInput*)>::operator()<, void>() /usr/include/c++/5/functional:1133
#17 0x731e1e in std::_Function_handler<void (), std::_Bind<std::_Mem_fn<void (ring::video::VideoInput::*)()> (ring::video::VideoInput*)> >::_M_invoke(std::_Any_data const&) (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x731e1e)
#18 0x4638a3 in std::function<void ()>::operator()() const /usr/include/c++/5/functional:2267
#19 0x7b0ee3 in ring::ThreadLoop::mainloop(std::thread::id&, std::function<bool ()>, std::function<void ()>, std::function<void ()>) /home/hlefeuvre/Development/ring-daemon/src/threadloop.cpp:38
#20 0x7b4b3f in void std::_Mem_fn_base<void (ring::ThreadLoop::*)(std::thread::id&, std::function<bool ()>, std::function<void ()>, std::function<void ()>), true>::operator()<std::reference_wrapper<std::thread::id>, std::function<bool ()>, std::function<void ()>, std::function<void ()>, void>(ring::ThreadLoop*, std::reference_wrapper<std::thread::id>&&, std::function<bool ()>&&, std::function<void ()>&&, std::function<void ()>&&) const (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x7b4b3f)
#21 0x7b4874 in void std::_Bind_simple<std::_Mem_fn<void (ring::ThreadLoop::*)(std::thread::id&, std::function<bool ()>, std::function<void ()>, std::function<void ()>)> (ring::ThreadLoop*, std::reference_wrapper<std::thread::id>, std::function<bool ()>, std::function<void ()>, std::function<void ()>)>::_M_invoke<0ul, 1ul, 2ul, 3ul, 4ul>(std::_Index_tuple<0ul, 1ul, 2ul, 3ul, 4ul>) (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x7b4874)
#22 0x7b45d9 in std::_Bind_simple<std::_Mem_fn<void (ring::ThreadLoop::*)(std::thread::id&, std::function<bool ()>, std::function<void ()>, std::function<void ()>)> (ring::ThreadLoop*, std::reference_wrapper<std::thread::id>, std::function<bool ()>, std::function<void ()>, std::function<void ()>)>::operator()() (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x7b45d9)
#23 0x7b4569 in std::thread::_Impl<std::_Bind_simple<std::_Mem_fn<void (ring::ThreadLoop::*)(std::thread::id&, std::function<bool ()>, std::function<void ()>, std::function<void ()>)> (ring::ThreadLoop*, std::reference_wrapper<std::thread::id>, std::function<bool ()>, std::function<void ()>, std::function<void ()>)> >::_M_run() (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x7b4569)
#24 0x7ffff3438c7f (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8c7f)
#25 0x7ffff49196b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
#26 0x7ffff2b9e41c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)
0x608000105fd0 is located 48 bytes inside of 96-byte region [0x608000105fa0,0x608000106000)
freed by thread T0 here:
#0 0x7ffff6f03b2a in operator delete(void*) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99b2a)
#1 0x4bc9f7 in __gnu_cxx::new_allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::deallocate(std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >*, unsigned long) /usr/include/c++/5/ext/new_allocator.h:110
#2 0x4bc938 in std::allocator_traits<std::allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > > >::deallocate(std::allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >&, std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >*, unsigned long) /usr/include/c++/5/bits/alloc_traits.h:517
#3 0x4bc87e in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::_M_put_node(std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >*) /usr/include/c++/5/bits/stl_tree.h:495
#4 0x4bc719 in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::_M_drop_node(std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >*) /usr/include/c++/5/bits/stl_tree.h:562
#5 0x4bc3fb in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::_M_erase(std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >*) /usr/include/c++/5/bits/stl_tree.h:1614
#6 0x4bc203 in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::~_Rb_tree() /usr/include/c++/5/bits/stl_tree.h:858
#7 0x4bbd35 in std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::~map() /usr/include/c++/5/bits/stl_map.h:96
#8 0x7d9ddf in ring::Smartools::~Smartools() /home/hlefeuvre/Development/ring-daemon/src/smartools.cpp:42
#9 0x7ffff2ad0ff7 (/lib/x86_64-linux-gnu/libc.so.6+0x39ff7)
previously allocated by thread T49 here:
#0 0x7ffff6f03532 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99532)
#1 0x4c4cc9 in __gnu_cxx::new_allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::allocate(unsigned long, void const*) /usr/include/c++/5/ext/new_allocator.h:104
#2 0x4c4a5b in std::allocator_traits<std::allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > > >::allocate(std::allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >&, unsigned long) /usr/include/c++/5/bits/alloc_traits.h:491
#3 0x4c41c0 in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::_M_get_node() /usr/include/c++/5/bits/stl_tree.h:491
#4 0x5226b8 in std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >* std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::_M_create_node<std::piecewise_construct_t const&, std::tuple<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&&>, std::tuple<> >(std::piecewise_construct_t const&, std::tuple<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&&>&&, std::tuple<>&&) /usr/include/c++/5/bits/stl_tree.h:545
#5 0x5221e7 in std::_Rb_tree_iterator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::_M_emplace_hint_unique<std::piecewise_construct_t const&, std::tuple<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&&>, std::tuple<> >(std::_Rb_tree_const_iterator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::piecewise_construct_t const&, std::tuple<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&&>&&, std::tuple<>&&) /usr/include/c++/5/bits/stl_tree.h:2170
#6 0x521951 in std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::operator[](std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&&) /usr/include/c++/5/bits/stl_map.h:502
#7 0x7da730 in ring::Smartools::setResolution(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int, int) /home/hlefeuvre/Development/ring-daemon/src/smartools.cpp:101
#8 0x9853a9 in ring::video::SinkClient::update(ring::video::Observable<std::shared_ptr<ring::VideoFrame> >*, std::shared_ptr<ring::VideoFrame> const&) /home/hlefeuvre/Development/ring-daemon/src/media/video/sinkclient.cpp:337
#9 0x71570e in ring::video::Observable<std::shared_ptr<ring::VideoFrame> >::notify(std::shared_ptr<ring::VideoFrame>) /home/hlefeuvre/Development/ring-daemon/src/media/video/video_base.h:97
#10 0x71345c in ring::video::VideoGenerator::publishFrame() /home/hlefeuvre/Development/ring-daemon/src/media/video/video_base.cpp:50
#11 0x72c859 in ring::video::VideoInput::captureFrame() /home/hlefeuvre/Development/ring-daemon/src/media/video/video_input.cpp:249
#12 0x72bf6d in ring::video::VideoInput::process() /home/hlefeuvre/Development/ring-daemon/src/media/video/video_input.cpp:162
#13 0x734c5d in void std::_Mem_fn_base<void (ring::video::VideoInput::*)(), true>::operator()<, void>(ring::video::VideoInput*) const /usr/include/c++/5/functional:600
#14 0x733c34 in void std::_Bind<std::_Mem_fn<void (ring::video::VideoInput::*)()> (ring::video::VideoInput*)>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) /usr/include/c++/5/functional:1074
#15 0x732d86 in void std::_Bind<std::_Mem_fn<void (ring::video::VideoInput::*)()> (ring::video::VideoInput*)>::operator()<, void>() /usr/include/c++/5/functional:1133
#16 0x731e1e in std::_Function_handler<void (), std::_Bind<std::_Mem_fn<void (ring::video::VideoInput::*)()> (ring::video::VideoInput*)> >::_M_invoke(std::_Any_data const&) (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x731e1e)
#17 0x4638a3 in std::function<void ()>::operator()() const /usr/include/c++/5/functional:2267
#18 0x7b0ee3 in ring::ThreadLoop::mainloop(std::thread::id&, std::function<bool ()>, std::function<void ()>, std::function<void ()>) /home/hlefeuvre/Development/ring-daemon/src/threadloop.cpp:38
#19 0x7b4b3f in void std::_Mem_fn_base<void (ring::ThreadLoop::*)(std::thread::id&, std::function<bool ()>, std::function<void ()>, std::function<void ()>), true>::operator()<std::reference_wrapper<std::thread::id>, std::function<bool ()>, std::function<void ()>, std::function<void ()>, void>(ring::ThreadLoop*, std::reference_wrapper<std::thread::id>&&, std::function<bool ()>&&, std::function<void ()>&&, std::function<void ()>&&) const (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x7b4b3f)
#20 0x7b4874 in void std::_Bind_simple<std::_Mem_fn<void (ring::ThreadLoop::*)(std::thread::id&, std::function<bool ()>, std::function<void ()>, std::function<void ()>)> (ring::ThreadLoop*, std::reference_wrapper<std::thread::id>, std::function<bool ()>, std::function<void ()>, std::function<void ()>)>::_M_invoke<0ul, 1ul, 2ul, 3ul, 4ul>(std::_Index_tuple<0ul, 1ul, 2ul, 3ul, 4ul>) (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x7b4874)
#21 0x7b45d9 in std::_Bind_simple<std::_Mem_fn<void (ring::ThreadLoop::*)(std::thread::id&, std::function<bool ()>, std::function<void ()>, std::function<void ()>)> (ring::ThreadLoop*, std::reference_wrapper<std::thread::id>, std::function<bool ()>, std::function<void ()>, std::function<void ()>)>::operator()() (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x7b45d9)
#22 0x7b4569 in std::thread::_Impl<std::_Bind_simple<std::_Mem_fn<void (ring::ThreadLoop::*)(std::thread::id&, std::function<bool ()>, std::function<void ()>, std::function<void ()>)> (ring::ThreadLoop*, std::reference_wrapper<std::thread::id>, std::function<bool ()>, std::function<void ()>, std::function<void ()>)> >::_M_run() (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x7b4569)
#23 0x7ffff3438c7f (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8c7f)
Thread T49 created by T0 here:
#0 0x7ffff6ea0253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
#1 0x7ffff3438dc2 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8dc2)
SUMMARY: AddressSanitizer: heap-use-after-free ??:0 memcmp
Shadow bytes around the buggy address:
0x0c1080018ba0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
0x0c1080018bb0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
0x0c1080018bc0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
0x0c1080018bd0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
0x0c1080018be0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c1080018bf0: fa fa fa fa fd fd fd fd fd fd[fd]fd fd fd fd fd
0x0c1080018c00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c1080018c10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c1080018c20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c1080018c30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c1080018c40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==478==ABORTING
Thread 50 "dring" received signal SIGABRT, Aborted.
[Switching to Thread 0x7fffd46c8700 (LWP 601)]
0x00007ffff2acc428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
54 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0 0x00007ffff2acc428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
#1 0x00007ffff2ace02a in __GI_abort () at abort.c:89
#2 0x00007ffff6f17d99 in ?? () from /usr/lib/x86_64-linux-gnu/libasan.so.2
#3 0x00007ffff6f0a769 in ?? () from /usr/lib/x86_64-linux-gnu/libasan.so.2
#4 0x00007ffff6f0f5a2 in ?? () from /usr/lib/x86_64-linux-gnu/libasan.so.2
#5 0x00007ffff6f096e6 in __asan_report_error () from /usr/lib/x86_64-linux-gnu/libasan.so.2
#6 0x00007ffff6ee1691 in memcmp () from /usr/lib/x86_64-linux-gnu/libasan.so.2
#7 0x00007ffff34a1278 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::compare(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) const () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#8 0x0000000000475a8b in std::operator< <char, std::char_traits<char>, std::allocator<char> > (__lhs="local height", __rhs="local width") at /usr/include/c++/5/bits/basic_string.h:4989
#9 0x0000000000462a61 in std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >::operator() (this=0x1f41100 <ring::Smartools::getInstance()::instance_>,
__x="local height", __y="local width") at /usr/include/c++/5/bits/stl_function.h:387
#10 0x00000000004c413c in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::_M_lower_bound (this=0x1f41100 <ring::Smartools::getInstance()::instance_>, __x=0x608000105fa0, __y=0x1f41108 <ring::Smartools::getInstance()::instance_+8>, __k="local width")
at /usr/include/c++/5/bits/stl_tree.h:1628
#11 0x00000000004c3695 in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::lower_bound
(this=0x1f41100 <ring::Smartools::getInstance()::instance_>, __k="local width") at /usr/include/c++/5/bits/stl_tree.h:1091
#12 0x00000000004c2f63 in std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::lower_bound (this=0x1f41100 <ring::Smartools::getInstance()::instance_>, __x="local width")
at /usr/include/c++/5/bits/stl_map.h:916
#13 0x0000000000521845 in std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::operator[](std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&&) (
this=0x1f41100 <ring::Smartools::getInstance()::instance_>, __k=<unknown type in /home/hlefeuvre/Development/ring-daemon/bin/dring, CU 0x19c75c, DIE 0x1b821d>)
at /usr/include/c++/5/bits/stl_map.h:499
#14 0x00000000007da691 in ring::Smartools::setResolution (this=0x1f41100 <ring::Smartools::getInstance()::instance_>, id="local", width=1280, height=720) at smartools.cpp:100
#15 0x00000000009853aa in ring::video::SinkClient::update (this=0x60f000044c00, frame_p=std::shared_ptr (count 2, weak 0) 0x607000120050) at sinkclient.cpp:337
#16 0x000000000071570f in ring::video::Observable<std::shared_ptr<ring::VideoFrame> >::notify (this=0x617000056010, data=std::shared_ptr (count 2, weak 0) 0x607000120050) at video_base.h:97
#17 0x000000000071345d in ring::video::VideoGenerator::publishFrame (this=0x617000056010) at video_base.cpp:50
#18 0x000000000072c85a in ring::video::VideoInput::captureFrame (this=0x617000056010) at video_input.cpp:249
#19 0x000000000072bf6e in ring::video::VideoInput::process (this=0x617000056010) at video_input.cpp:162
#20 0x0000000000734c5e in std::_Mem_fn_base<void (ring::video::VideoInput::*)(), true>::operator()<, void>(ring::video::VideoInput*) const (this=0x6030008d4150, __object=0x617000056010)
at /usr/include/c++/5/functional:600
#21 0x0000000000733c35 in std::_Bind<std::_Mem_fn<void (ring::video::VideoInput::*)()> (ring::video::VideoInput*)>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) (this=0x6030008d4150,
__args=<unknown type in /home/hlefeuvre/Development/ring-daemon/bin/dring, CU 0x75e7bf, DIE 0x79c8c4>) at /usr/include/c++/5/functional:1074
#22 0x0000000000732d87 in std::_Bind<std::_Mem_fn<void (ring::video::VideoInput::*)()> (ring::video::VideoInput*)>::operator()<, void>() (this=0x6030008d4150) at /usr/include/c++/5/functional:1133
#23 0x0000000000731e1f in std::_Function_handler<void (), std::_Bind<std::_Mem_fn<void (ring::video::VideoInput::*)()> (ring::video::VideoInput*)> >::_M_invoke(std::_Any_data const&) (__functor=...)
at /usr/include/c++/5/functional:1871
```
This is CWE-416 but security implications are negligible IMO.Hugo LefeuvreHugo Lefeuvrehttps://git.jami.net/savoirfairelinux/jami-daemon/-/issues/36device revokation: password check failure and crash2022-11-14T21:52:32ZHugo Lefeuvredevice revokation: password check failure and crash**Affects**: latest daemon master with opendht from the contribs
**How to reproduce**:
You will need an account A with non-empty password (let's say "123456789")
1. open GNOME client
2. go to account A's settings
3. try to revoke devi...**Affects**: latest daemon master with opendht from the contribs
**How to reproduce**:
You will need an account A with non-empty password (let's say "123456789")
1. open GNOME client
2. go to account A's settings
3. try to revoke device, password is asked
4. enter empty password
Expected: daemon detects bad password and GNOME client displays bad password dialog.
What happens: daemon fails to catch bad password & dht crashes.
**gdb stacktrace**:
```
[1533936396.816|15896|ringaccount.cpp :2119 ] Query for local certificate store: 4e9fcf8b3abab01b5bf17a974090a0c91f7c3f87: 1 found.
[Thread 0x7fffeaddf700 (LWP 15901) exited]
[Thread 0x7fffe8ddb700 (LWP 15905) exited]
[1533936402.917|15896|ringaccount.cpp :3292 ] [Account 9fba7138a1fc3f51] found 1 devices for c2383a4923f3f3ead1b9f725456e8ff9d69581a3
[1533936413.395|15913|ringaccount.cpp :926 ] [Account 9fba7138a1fc3f51] reading account archive
[1533936413.395|15913|fileutils.cpp :424 ] Reading archive from /home/hlefeuvre/.local/share/ring/9fba7138a1fc3f51/export.gz
[1533936414.505|15913|fileutils.cpp :441 ] Error decrypting archive: Can't decrypt data
[1533936414.505|15913|thread_pool.cpp :79 ] Exception running task: Can't decrypt data
Dropping packet with high delay: 0.826318
[1533936418.547|15913|ringaccount.cpp :926 ] [Account 9fba7138a1fc3f51] reading account archive
[1533936418.547|15913|fileutils.cpp :424 ] Reading archive from /home/hlefeuvre/.local/share/ring/9fba7138a1fc3f51/export.gz
[1533936418.547|15913|accountarchive.cpp:31 ] Loading account archive (10664 bytes)
[New Thread 0x7fffe8ddb700 (LWP 15932)]
[Thread 0x7fffe8ddb700 (LWP 15932) exited]
Thread 1 "dring" received signal SIGSEGV, Segmentation fault.
0x0000000000b08f94 in dht::crypto::Certificate::getExpiration() const ()
(gdb) bt
#0 0x0000000000b08f94 in dht::crypto::Certificate::getExpiration() const ()
#1 0x0000000000b0c6a2 in dht::crypto::RevocationList::sign(dht::crypto::PrivateKey const&, dht::crypto::Certificate const&, std::chrono::duration<long, std::ratio<1l, 1000000000l> >) ()
#2 0x00000000006569a7 in dht::crypto::RevocationList::sign (this=0x6030003516b0, id=...) at /home/hlefeuvre/Development/ring-daemon/contrib/x86_64-linux-gnu/include/opendht/crypto.h:212
#3 0x000000000060eeba in ring::RingAccount::<lambda(const std::shared_ptr<dht::crypto::Certificate>&)>::operator()(const std::shared_ptr<dht::crypto::Certificate> &) (__closure=0x6080000958a0,
crt=std::shared_ptr (count 4, weak 0) 0x60800000fe30) at ringaccount.cpp:1123
#4 0x000000000063eda3 in std::_Function_handler<void(const std::shared_ptr<dht::crypto::Certificate>&), ring::RingAccount::revokeDevice(const string&, const string&)::<lambda(const std::shared_ptr<dht::crypto::Certificate>&)> >::_M_invoke(const std::_Any_data &, const std::shared_ptr<dht::crypto::Certificate> &) (__functor=..., __args#0=std::shared_ptr (count 4, weak 0) 0x60800000fe30)
at /usr/include/c++/5/functional:1871
#5 0x0000000000678909 in std::function<void (std::shared_ptr<dht::crypto::Certificate> const&)>::operator()(std::shared_ptr<dht::crypto::Certificate> const&) const (this=0x7fffffffcb80,
__args#0=std::shared_ptr (count 4, weak 0) 0x60800000fe30) at /usr/include/c++/5/functional:2267
#6 0x000000000062720f in ring::RingAccount::findCertificate(dht::Hash<20ul> const&, std::function<void (std::shared_ptr<dht::crypto::Certificate> const&)>&&) (this=0x623000007110, h=...,
cb=<unknown type in /home/hlefeuvre/Development/ring-daemon/bin/dring, CU 0x4b98e6, DIE 0x5f4616>) at ringaccount.cpp:2580
#7 0x000000000060f774 in ring::RingAccount::revokeDevice (this=0x623000007110, password="", device="25a30306bd68013858d55f9edad096c65f523048") at ringaccount.cpp:1133
#8 0x0000000000527061 in DRing::revokeDevice (accountID="9fba7138a1fc3f51", password="", deviceID="25a30306bd68013858d55f9edad096c65f523048") at configurationmanager.cpp:308
#9 0x00000000004d163b in DBusConfigurationManager::revokeDevice (this=0x61500001f980, accountID="9fba7138a1fc3f51", password="", device="25a30306bd68013858d55f9edad096c65f523048")
at dbusconfigurationmanager.cpp:93
#10 0x00000000004dcf7b in cx::ring::Ring::ConfigurationManager_adaptor::_revokeDevice_stub (this=0x61500001f980, call=...) at dbusconfigurationmanager.adaptor.h:1495
#11 0x00000000004fa932 in DBus::Callback<cx::ring::Ring::ConfigurationManager_adaptor, DBus::Message, DBus::CallMessage const&>::call (this=0x6030000249a0, param=...)
at /home/hlefeuvre/Development/ring-daemon/contrib/x86_64-linux-gnu/include/dbus-c++-1/dbus-c++/util.h:283
#12 0x0000000000505cff in DBus::Slot<DBus::Message, DBus::CallMessage const&>::call(DBus::CallMessage const&) const () at /usr/include/c++/5/ext/new_allocator.h:120
#13 0x0000000000504df2 in DBus::InterfaceAdaptor::dispatch_method(DBus::CallMessage const&) () at /usr/include/c++/5/ext/new_allocator.h:120
#14 0x000000000050d777 in DBus::ObjectAdaptor::handle_message(DBus::Message const&) () at /usr/include/c++/5/ext/new_allocator.h:120
#15 0x000000000050ccee in DBus::ObjectAdaptor::Private::message_function_stub(DBusConnection*, DBusMessage*, void*) () at /usr/include/c++/5/ext/new_allocator.h:120
#16 0x00007ffff6c3f813 in ?? () from /lib/x86_64-linux-gnu/libdbus-1.so.3
#17 0x00007ffff6c30d94 in dbus_connection_dispatch () from /lib/x86_64-linux-gnu/libdbus-1.so.3
#18 0x00000000004fc812 in DBus::Connection::Private::do_dispatch() () at /usr/include/c++/5/ext/new_allocator.h:120
#19 0x00000000004ff779 in DBus::Dispatcher::dispatch_pending(std::__cxx11::list<DBus::Connection::Private*, std::allocator<DBus::Connection::Private*> >&) ()
at /usr/include/c++/5/ext/new_allocator.h:120
#20 0x00000000004ff577 in DBus::Dispatcher::dispatch_pending() () at /usr/include/c++/5/ext/new_allocator.h:120
#21 0x00000000005032ca in DBus::BusDispatcher::do_iteration() () at /usr/include/c++/5/ext/new_allocator.h:120
#22 0x0000000000502f78 in DBus::BusDispatcher::enter() () at /usr/include/c++/5/ext/new_allocator.h:120
#23 0x0000000000459fcf in DBusClient::event_loop (this=0x60600000a340) at dbusclient.cpp:250
#24 0x00000000004541d1 in main (argc=2, argv=0x7fffffffdc88) at main.cpp:236
```https://git.jami.net/savoirfairelinux/jami-daemon/-/issues/45heap-use-after-free in PulseLayer::getCaptureDeviceList2022-11-14T21:52:32ZHugo Lefeuvreheap-use-after-free in PulseLayer::getCaptureDeviceList**Affects:** latest ring daemon master
PulseLayer::getCaptureDeviceList seems to be affected by a race condition and resulting heap-use-after-free (media/audio/pulseaudio/pulselayer.cpp:242).
**Logs with ASan crash report:**
```
fe38c...**Affects:** latest ring daemon master
PulseLayer::getCaptureDeviceList seems to be affected by a race condition and resulting heap-use-after-free (media/audio/pulseaudio/pulselayer.cpp:242).
**Logs with ASan crash report:**
```
fe38c3ef98edd87ace33efb3183230194f8fba88
[1536090351.878| 6964|ringaccount.cpp :2591 ] Can't set certificate status for existing contacts 3c2a2fae84be1713e6d68d39360faa7441220c00
[1536090351.882| 6985|certstore.cpp :75 ] CertificateStore: loaded 12 local certificates.
[1536090351.903| 6985|certstore.cpp :75 ] CertificateStore: loaded 12 local certificates.
[1536090351.912| 6985|certstore.cpp :75 ] CertificateStore: loaded 12 local certificates.
[1536090351.922| 6985|certstore.cpp :75 ] CertificateStore: loaded 12 local certificates.
[1536090351.931| 6985|certstore.cpp :75 ] CertificateStore: loaded 12 local certificates.
[1536090351.942| 6964|namedirectory.cpp :66 ] Can't parse URI:
[1536090351.942| 6985|certstore.cpp :75 ] CertificateStore: loaded 12 local certificates.
[1536090351.945| 6964|namedirectory.cpp :66 ] Can't parse URI:
[1536090351.950| 6985|certstore.cpp :75 ] CertificateStore: loaded 12 local certificates.
[1536090351.961| 6985|certstore.cpp :75 ] CertificateStore: loaded 12 local certificates.
[1536090351.968| 6964|manager.cpp :2414 ] Audio manager chosen already in use. No changes made.
[1536090351.968| 6964|configurationmanager.cpp:621 ] Get audio plugin default
[1536090351.970| 6964|pulselayer.cpp :153 ] Waiting....
[1536090351.970| 7013|pulselayer.cpp :153 ] Waiting....
[1536090351.970| 6985|certstore.cpp :75 ] CertificateStore: loaded 12 local certificates.
[1536090351.970| 7013|pulselayer.cpp :153 ] Waiting....
[1536090351.971| 7013|pulselayer.cpp :157 ] Connection to PulseAudio server established
[1536090351.971| 7013|pulselayer.cpp :186 ] Updating PulseAudio sink list
[1536090351.971| 7013|pulselayer.cpp :202 ] Updating PulseAudio source list
[1536090351.971| 7013|pulselayer.cpp :218 ] Updating PulseAudio server infos
[1536090351.971| 6964|manager.cpp :2164 ] No audio layer created, possibly built without audio support
=================================================================
==6964==ERROR: AddressSanitizer: heap-use-after-free on address 0x61800001f188 at pc 0x0000008cd866 bp 0x7fff07e3e190 sp 0x7fff07e3e180
READ of size 8 at 0x61800001f188 thread T0
[1536090351.972| 7013|pulselayer.cpp :635 ] PulseAudio server info:
Server name: pulseaudio
Server version: 8.0
Default Sink alsa_output.pci-0000_00_1b.0.analog-stereo
Default Source alsa_input.usb-046d_HD_Pro_Webcam_C920_8A8B667F-02.analog-stereo
Default Sample Specification: s16le 2ch 44100Hz
Default Channel Map: front-left,front-right
[1536090352.012| 6985|certstore.cpp :75 ] CertificateStore: loaded 12 local certificates.
[1536090352.020| 6985|certstore.cpp :75 ] CertificateStore: loaded 12 local certificates.
[1536090352.029| 6985|certstore.cpp :75 ] CertificateStore: loaded 12 local certificates.
[1536090352.039| 6985|certstore.cpp :75 ] CertificateStore: loaded 12 local certificates.
#0 0x8cd865 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_length(unsigned long) /usr/include/c++/5/bits/basic_string.h:131
#1 0x8cd865 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_set_length(unsigned long) /usr/include/c++/5/bits/basic_string.h:164
#2 0x8cd865 in void std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_construct<char*>(char*, char*, std::forward_iterator_tag) /usr/include/c++/5/bits/basic_string.tcc:236
#3 0x8cd865 in void std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_construct_aux<char*>(char*, char*, std::__false_type) /usr/include/c++/5/bits/basic_string.h:195
#4 0x8cd865 in void std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_construct<char*>(char*, char*) /usr/include/c++/5/bits/basic_string.h:214
#5 0x8cd865 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /usr/include/c++/5/bits/basic_string.h:400
#6 0x8cd865 in void __gnu_cxx::new_allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >::construct<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&>(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /usr/include/c++/5/ext/new_allocator.h:120
#7 0x8cd865 in void std::allocator_traits<std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >::construct<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&>(std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /usr/include/c++/5/bits/alloc_traits.h:530
#8 0x8cd865 in void std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >::emplace_back<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&>(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /usr/include/c++/5/bits/vector.tcc:96
#9 0x8cd865 in ring::PulseLayer::getCaptureDeviceList[abi:cxx11]() const /home/hlefeuvre/Development/ring-daemon/src/media/audio/pulseaudio/pulselayer.cpp:242
[1536090352.048| 6985|certstore.cpp :75 ] CertificateStore: loaded 12 local certificates.
[1536090352.057| 6985|certstore.cpp :75 ] CertificateStore: loaded 12 local certificates.
[1536090352.067| 6985|certstore.cpp :75 ] CertificateStore: loaded 12 local certificates.
[1536090352.076| 6985|certstore.cpp :75 ] CertificateStore: loaded 12 local certificates.
[1536090352.086| 6985|certstore.cpp :75 ] CertificateStore: loaded 12 local certificates.
[1536090352.094| 6985|certstore.cpp :75 ] CertificateStore: loaded 12 local certificates.
[1536090352.102| 6985|certstore.cpp :75 ] CertificateStore: loaded 12 local certificates.
#10 0x6fd2ea in ring::Manager::getAudioInputDeviceList[abi:cxx11]() /home/hlefeuvre/Development/ring-daemon/src/manager.cpp:2223
[1536090352.114| 6985|certstore.cpp :75 ] CertificateStore: loaded 12 local certificates.
#11 0x50acb7 in DRing::getAudioInputDeviceList[abi:cxx11]() /home/hlefeuvre/Development/ring-daemon/src/client/configurationmanager.cpp:578
#12 0x4bf03f in DBusConfigurationManager::getAudioInputDeviceList[abi:cxx11]() /home/hlefeuvre/Development/ring-daemon/bin/dbus/dbusconfigurationmanager.cpp:265
#13 0x4bf03f in cx::ring::Ring::ConfigurationManager_adaptor::_getAudioInputDeviceList_stub(DBus::CallMessage const&) /home/hlefeuvre/Development/ring-daemon/bin/dbus/dbusconfigurationmanager.adaptor.h:1993
#14 0x4b0cb4 in DBus::Callback<cx::ring::Ring::ConfigurationManager_adaptor, DBus::Message, DBus::CallMessage const&>::call(DBus::CallMessage const&) const /home/hlefeuvre/Development/ring-daemon/contrib/x86_64-linux-gnu/include/dbus-c++-1/dbus-c++/util.h:283
#15 0x4e39ee in DBus::Slot<DBus::Message, DBus::CallMessage const&>::call(DBus::CallMessage const&) const (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x4e39ee)
#16 0x4e280f in DBus::InterfaceAdaptor::dispatch_method(DBus::CallMessage const&) (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x4e280f)
#17 0x4ecf1a in DBus::ObjectAdaptor::handle_message(DBus::Message const&) (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x4ecf1a)
#18 0x4ec491 in DBus::ObjectAdaptor::Private::message_function_stub(DBusConnection*, DBusMessage*, void*) (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x4ec491)
#19 0x7fb37e9cc812 (/lib/x86_64-linux-gnu/libdbus-1.so.3+0x21812)
#20 0x7fb37e9bdd93 in dbus_connection_dispatch (/lib/x86_64-linux-gnu/libdbus-1.so.3+0x12d93)
#21 0x4d97b1 in DBus::Connection::Private::do_dispatch() (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x4d97b1)
#22 0x4dd080 in DBus::Dispatcher::dispatch_pending(std::__cxx11::list<DBus::Connection::Private*, std::allocator<DBus::Connection::Private*> >&) (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x4dd080)
#23 0x4dce7e in DBus::Dispatcher::dispatch_pending() (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x4dce7e)
#24 0x4e0c0d in DBus::BusDispatcher::do_iteration() (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x4e0c0d)
#25 0x4e08bb in DBus::BusDispatcher::enter() (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x4e08bb)
#26 0x4590a2 in DBusClient::event_loop() /home/hlefeuvre/Development/ring-daemon/bin/dbus/dbusclient.cpp:250
#27 0x45131f in main /home/hlefeuvre/Development/ring-daemon/bin/main.cpp:236
#28 0x7fb37a84482f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#29 0x457f18 in _start (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x457f18)
0x61800001f188 is located 264 bytes inside of 896-byte region [0x61800001f080,0x61800001f400)
freed by thread T34 (threaded-ml) here:
#0 0x7fb37ec90b2a in operator delete(void*) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99b2a)
#1 0x8d5953 in __gnu_cxx::new_allocator<ring::PaDeviceInfos>::deallocate(ring::PaDeviceInfos*, unsigned long) /usr/include/c++/5/ext/new_allocator.h:110
#2 0x8d5953 in std::allocator_traits<std::allocator<ring::PaDeviceInfos> >::deallocate(std::allocator<ring::PaDeviceInfos>&, ring::PaDeviceInfos*, unsigned long) /usr/include/c++/5/bits/alloc_traits.h:517
#3 0x8d5953 in std::_Vector_base<ring::PaDeviceInfos, std::allocator<ring::PaDeviceInfos> >::_M_deallocate(ring::PaDeviceInfos*, unsigned long) /usr/include/c++/5/bits/stl_vector.h:178
#4 0x8d5953 in void std::vector<ring::PaDeviceInfos, std::allocator<ring::PaDeviceInfos> >::_M_emplace_back_aux<ring::PaDeviceInfos>(ring::PaDeviceInfos&&) /usr/include/c++/5/bits/vector.tcc:438
previously allocated by thread T34 (threaded-ml) here:
#0 0x7fb37ec90532 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99532)
#1 0x8d4e1b in __gnu_cxx::new_allocator<ring::PaDeviceInfos>::allocate(unsigned long, void const*) /usr/include/c++/5/ext/new_allocator.h:104
#2 0x8d4e1b in std::allocator_traits<std::allocator<ring::PaDeviceInfos> >::allocate(std::allocator<ring::PaDeviceInfos>&, unsigned long) /usr/include/c++/5/bits/alloc_traits.h:491
#3 0x8d4e1b in std::_Vector_base<ring::PaDeviceInfos, std::allocator<ring::PaDeviceInfos> >::_M_allocate(unsigned long) /usr/include/c++/5/bits/stl_vector.h:170
#4 0x8d4e1b in void std::vector<ring::PaDeviceInfos, std::allocator<ring::PaDeviceInfos> >::_M_emplace_back_aux<ring::PaDeviceInfos>(ring::PaDeviceInfos&&) /usr/include/c++/5/bits/vector.tcc:412
#5 0x15aed8f (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x15aed8f)
Thread T34 (threaded-ml) created by T0 here:
#0 0x7fb37ec2d253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
#1 0x7fb37a1e984c in pa_thread_new (/usr/lib/x86_64-linux-gnu/pulseaudio/libpulsecommon-8.0.so+0x4f84c)
SUMMARY: AddressSanitizer: heap-use-after-free /usr/include/c++/5/bits/basic_string.h:131 std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_length(unsigned long)
Shadow bytes around the buggy address:
0x0c307fffbde0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c307fffbdf0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c307fffbe00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c307fffbe10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c307fffbe20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c307fffbe30: fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c307fffbe40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c307fffbe50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c307fffbe60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c307fffbe70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c307fffbe80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==6964==ABORTING
```https://git.jami.net/savoirfairelinux/jami-daemon/-/issues/48missing call to callFailure in timeout case2022-11-14T21:52:32ZHugo Lefeuvremissing call to callFailure in timeout caseIntroduced in 9a12c78a.
In the case where call timeout is reached, the daemon calls hangup(486), terminating the call. However this hangup call is not followed by any kind of callFailure() call meaning that the tone and media states in ...Introduced in 9a12c78a.
In the case where call timeout is reached, the daemon calls hangup(486), terminating the call. However this hangup call is not followed by any kind of callFailure() call meaning that the tone and media states in the manager will not be reinitialized. As a consequence the daemon will continue to ring even if the call has ended.
Should be fixed asap.Hugo LefeuvreHugo Lefeuvrehttps://git.jami.net/savoirfairelinux/jami-daemon/-/issues/52restclient.cpp:59:16: error: 'pollEvents' is not a member of 'DRing'2021-12-07T18:13:27Zszotsakirestclient.cpp:59:16: error: 'pollEvents' is not a member of 'DRing'I get compilation error when trying to compile today's ring-daemon snapshot (only ring-daemon, in a separate container):
```
[ 197s] restclient.cpp: In member function 'int RestClient::event_loop()':
[ 197s] restclient.cpp:59:16: erro...I get compilation error when trying to compile today's ring-daemon snapshot (only ring-daemon, in a separate container):
```
[ 197s] restclient.cpp: In member function 'int RestClient::event_loop()':
[ 197s] restclient.cpp:59:16: error: 'pollEvents' is not a member of 'DRing'
[ 197s] DRing::pollEvents();
[ 197s] ^~~~~~~~~~
[ 198s] make[3]: *** [Makefile:547: libclient_rest_la-restclient.lo] Error 1
[ 198s] make[3]: *** Waiting for unfinished jobs....
```
Command line switches:
```
%configure --with-alsa \
--with-pulse \
--with-jack \
--with-dbus \
--enable-video \
--with-sdes \
--with-speex \
--with-speexdsp \
--with-opus \
--with-upnp \
--with-natpmp \
--enable-ipv6 \
--enable-accel \
--enable-ringns \
--without-nodejs \
--with-restcpp \
--without-portaudio \
--disable-static
```Adrien BéraudAdrien Béraudhttps://git.jami.net/savoirfairelinux/jami-daemon/-/issues/56Enhance failure messages2022-11-26T22:44:58ZSébastien BlinEnhance failure messagesWhen a user send a message to a contact, the status of this message can change to "failed". The major problem here, is, (as discussed in https://git.ring.cx/savoirfairelinux/ring-project/issues/517) it's totally unclear for the user why ...When a user send a message to a contact, the status of this message can change to "failed". The major problem here, is, (as discussed in https://git.ring.cx/savoirfairelinux/ring-project/issues/517) it's totally unclear for the user why the message failed.
The failed status MUST be re-designed to explain what is wrong for the user.
Is it a network issue? A confirmation timeout? Because no devices is detected? etc.https://git.jami.net/savoirfairelinux/jami-daemon/-/issues/65Account archive seems to not contains contacts anymore2019-01-27T15:01:35ZSébastien BlinAccount archive seems to not contains contacts anymore# Reproduce step:
1. Generate a new account (without any password).
2. Add some contacts
3. Retrieve the related export.gz
4. `gunzip export.gz`
5. The key `ringAccountContacts` is not present!# Reproduce step:
1. Generate a new account (without any password).
2. Add some contacts
3. Retrieve the related export.gz
4. `gunzip export.gz`
5. The key `ringAccountContacts` is not present!Sébastien BlinSébastien Blinhttps://git.jami.net/savoirfairelinux/jami-daemon/-/issues/66connectivity issues leading to unstable file transfer2020-09-30T19:33:15ZHugo Lefeuvreconnectivity issues leading to unstable file transferThe file transfer feature is quite unreliable on my devices/network, around 1/3 of attempted file transfers fail.
Devices: Android (WiFi + 4G), GNOME client (Ethernet)
I have investigated the issue, and many of these failures seem to b...The file transfer feature is quite unreliable on my devices/network, around 1/3 of attempted file transfers fail.
Devices: Android (WiFi + 4G), GNOME client (Ethernet)
I have investigated the issue, and many of these failures seem to be due to connectivity issues at unfavorable moments.
**First scenario:**
1. A sends rx DHT request to B
2. B receives rx DHT request and replies with a list of addresses on the DHT
3. A does not receive the answer in time and timeouts
Typical logs:
```
[1542546917.185|27153|p2p.cpp :526 ] [Account b9243250525b44cb] [CNX] rx DHT request from 8004386f1052cae68e543ebb87992612f218ded6
[1542546917.186|27153|ringaccount.cpp :2438 ] Found peer device: 8004386f1052cae68e543ebb87992612f218ded6 account:3c2a2fae84be1713e6d68d39360
faa7441220c00 CA:310d17e467cfb06ee20e2ddc0e75ebee0ba55640
[1542546917.187|27153|sip_utils.cpp :203 ] Registered thread 0x7f7cd12ac158 (0x69A0)
[1542546917.187| 7535|sip_utils.cpp :203 ] Registered thread 0x7f7cb77fd158 (0x69A0)
[1542546917.187|27153|turn_transport.cpp:357 ] Connecting to TURN 51.254.39.157:3478
[1542546917.187|27153|turn_transport.cpp:357 ] Connecting to TURN 51.254.39.157:3478
[1542546917.187| 7536|sip_utils.cpp :203 ] Registered thread 0x7f7cb6ffc158 (0x69A0)
[1542546917.210| 7536|turn_transport.cpp:214 ] TURN server disconnected (Deallocated)
[1542546917.212| 7535|turn_transport.cpp:211 ] TURN server ready, peer relay address: 51.254.39.157:28253
[1542546917.218|27153|p2p.cpp :558 ] [Account b9243250525b44cb] [CNX] authorized peer connection from 141.x.x.x
[1542546917.218|27153|p2p.cpp :582 ] [Account b9243250525b44cb] [CNX] connection accepted, DHT reply to 8004386f1052cae68e543ebb8799
2612f218ded6
[1542546920.329|27857|ringaccount.cpp :2051 ] [Account b9243250525b44cb] Dht status : IPv4 connected; IPv6 connecting
[1542546920.336|27857|ringaccount.cpp :2051 ] [Account b9243250525b44cb] Dht status : IPv4 connected; IPv6 connected
[1542546921.933|27149|siptransport.cpp :223 ] pjsip transport@0x7f7c8800bfb0 DTLS to 100.124.24.241 -> DESTROY
[1542546921.933|27149|siptransport.cpp :249 ] unmap pjsip transport@0x7f7c8800bfb0 {SipTransport@(nil)}
[1542546921.933|27149|sips_transport_ice.cpp:214 ] SipsIceTransport@0x7f7c8800bf40: destroying
[1542546921.933|27149|sips_transport_ice.cpp:256 ] ~SipIceTransport@0x7f7c8800bf40 {tr=0x7f7c8800bfb0}
[1542546921.934|27149|sips_transport_ice.cpp:277 ] ~SipIceTransport@0x7f7c8800bf40 {tr=0x7f7c8800bfb0} bye
```
Nothing comes after that. Peer seems to time out.
The SIP logs are not are not always present and might be unrelated, but I didn't remove them just in case.
The `IPv4 connected; IPv6 connecting` lines mean changes in IPv6 connectivity right ?Sébastien BlinSébastien Blinhttps://git.jami.net/savoirfairelinux/jami-daemon/-/issues/67Messages fails when flooding2018-11-28T20:30:43ZSébastien BlinMessages fails when flooding# How to reproduce
In a conversation, send quickly a lot of messages. After some messages, the messages are not sent and fails immediately.
# Expected result
All messages should be sent# How to reproduce
In a conversation, send quickly a lot of messages. After some messages, the messages are not sent and fails immediately.
# Expected result
All messages should be sentAdrien BéraudAdrien Béraud