heap-use-after-free during exit when video preview is running
Affects: latest daemon master
How to reproduce:
- open GNOME client
- go to settings and then media settings
- make sure preview runs
- quit app using "quit" function
The daemon crashes.
I can't reproduce it with -pcd but -cd does crash.
ASan and gdb stacktrace:
=================================================================
==478==ERROR: AddressSanitizer: heap-use-after-free on address 0x608000105fd0 at pc 0x7ffff6ee1676 bp 0x7fffd46c4400 sp 0x7fffd46c3ba8
READ of size 11 at 0x608000105fd0 thread T49
#0 0x7ffff6ee1675 in memcmp (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x77675)
#1 0x7ffff34a1277 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::compare(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) const (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0x121277)
#2 0x475a8a in bool std::operator< <char, std::char_traits<char>, std::allocator<char> >(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /usr/include/c++/5/bits/basic_string.h:4989
#3 0x462a60 in std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >::operator()(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) const /usr/include/c++/5/bits/stl_function.h:387
#4 0x4c413b in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::_M_lower_bound(std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >*, std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /usr/include/c++/5/bits/stl_tree.h:1628
#5 0x4c3694 in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::lower_bound(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /usr/include/c++/5/bits/stl_tree.h:1091
#6 0x4c2f62 in std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::lower_bound(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /usr/include/c++/5/bits/stl_map.h:916
#7 0x521844 in std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::operator[](std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&&) /usr/include/c++/5/bits/stl_map.h:499
#8 0x7da690 in ring::Smartools::setResolution(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int, int) /home/hlefeuvre/Development/ring-daemon/src/smartools.cpp:100
#9 0x9853a9 in ring::video::SinkClient::update(ring::video::Observable<std::shared_ptr<ring::VideoFrame> >*, std::shared_ptr<ring::VideoFrame> const&) /home/hlefeuvre/Development/ring-daemon/src/media/video/sinkclient.cpp:337
#10 0x71570e in ring::video::Observable<std::shared_ptr<ring::VideoFrame> >::notify(std::shared_ptr<ring::VideoFrame>) /home/hlefeuvre/Development/ring-daemon/src/media/video/video_base.h:97
#11 0x71345c in ring::video::VideoGenerator::publishFrame() /home/hlefeuvre/Development/ring-daemon/src/media/video/video_base.cpp:50
#12 0x72c859 in ring::video::VideoInput::captureFrame() /home/hlefeuvre/Development/ring-daemon/src/media/video/video_input.cpp:249
#13 0x72bf6d in ring::video::VideoInput::process() /home/hlefeuvre/Development/ring-daemon/src/media/video/video_input.cpp:162
#14 0x734c5d in void std::_Mem_fn_base<void (ring::video::VideoInput::*)(), true>::operator()<, void>(ring::video::VideoInput*) const /usr/include/c++/5/functional:600
#15 0x733c34 in void std::_Bind<std::_Mem_fn<void (ring::video::VideoInput::*)()> (ring::video::VideoInput*)>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) /usr/include/c++/5/functional:1074
#16 0x732d86 in void std::_Bind<std::_Mem_fn<void (ring::video::VideoInput::*)()> (ring::video::VideoInput*)>::operator()<, void>() /usr/include/c++/5/functional:1133
#17 0x731e1e in std::_Function_handler<void (), std::_Bind<std::_Mem_fn<void (ring::video::VideoInput::*)()> (ring::video::VideoInput*)> >::_M_invoke(std::_Any_data const&) (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x731e1e)
#18 0x4638a3 in std::function<void ()>::operator()() const /usr/include/c++/5/functional:2267
#19 0x7b0ee3 in ring::ThreadLoop::mainloop(std::thread::id&, std::function<bool ()>, std::function<void ()>, std::function<void ()>) /home/hlefeuvre/Development/ring-daemon/src/threadloop.cpp:38
#20 0x7b4b3f in void std::_Mem_fn_base<void (ring::ThreadLoop::*)(std::thread::id&, std::function<bool ()>, std::function<void ()>, std::function<void ()>), true>::operator()<std::reference_wrapper<std::thread::id>, std::function<bool ()>, std::function<void ()>, std::function<void ()>, void>(ring::ThreadLoop*, std::reference_wrapper<std::thread::id>&&, std::function<bool ()>&&, std::function<void ()>&&, std::function<void ()>&&) const (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x7b4b3f)
#21 0x7b4874 in void std::_Bind_simple<std::_Mem_fn<void (ring::ThreadLoop::*)(std::thread::id&, std::function<bool ()>, std::function<void ()>, std::function<void ()>)> (ring::ThreadLoop*, std::reference_wrapper<std::thread::id>, std::function<bool ()>, std::function<void ()>, std::function<void ()>)>::_M_invoke<0ul, 1ul, 2ul, 3ul, 4ul>(std::_Index_tuple<0ul, 1ul, 2ul, 3ul, 4ul>) (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x7b4874)
#22 0x7b45d9 in std::_Bind_simple<std::_Mem_fn<void (ring::ThreadLoop::*)(std::thread::id&, std::function<bool ()>, std::function<void ()>, std::function<void ()>)> (ring::ThreadLoop*, std::reference_wrapper<std::thread::id>, std::function<bool ()>, std::function<void ()>, std::function<void ()>)>::operator()() (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x7b45d9)
#23 0x7b4569 in std::thread::_Impl<std::_Bind_simple<std::_Mem_fn<void (ring::ThreadLoop::*)(std::thread::id&, std::function<bool ()>, std::function<void ()>, std::function<void ()>)> (ring::ThreadLoop*, std::reference_wrapper<std::thread::id>, std::function<bool ()>, std::function<void ()>, std::function<void ()>)> >::_M_run() (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x7b4569)
#24 0x7ffff3438c7f (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8c7f)
#25 0x7ffff49196b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
#26 0x7ffff2b9e41c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)
0x608000105fd0 is located 48 bytes inside of 96-byte region [0x608000105fa0,0x608000106000)
freed by thread T0 here:
#0 0x7ffff6f03b2a in operator delete(void*) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99b2a)
#1 0x4bc9f7 in __gnu_cxx::new_allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::deallocate(std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >*, unsigned long) /usr/include/c++/5/ext/new_allocator.h:110
#2 0x4bc938 in std::allocator_traits<std::allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > > >::deallocate(std::allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >&, std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >*, unsigned long) /usr/include/c++/5/bits/alloc_traits.h:517
#3 0x4bc87e in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::_M_put_node(std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >*) /usr/include/c++/5/bits/stl_tree.h:495
#4 0x4bc719 in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::_M_drop_node(std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >*) /usr/include/c++/5/bits/stl_tree.h:562
#5 0x4bc3fb in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::_M_erase(std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >*) /usr/include/c++/5/bits/stl_tree.h:1614
#6 0x4bc203 in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::~_Rb_tree() /usr/include/c++/5/bits/stl_tree.h:858
#7 0x4bbd35 in std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::~map() /usr/include/c++/5/bits/stl_map.h:96
#8 0x7d9ddf in ring::Smartools::~Smartools() /home/hlefeuvre/Development/ring-daemon/src/smartools.cpp:42
#9 0x7ffff2ad0ff7 (/lib/x86_64-linux-gnu/libc.so.6+0x39ff7)
previously allocated by thread T49 here:
#0 0x7ffff6f03532 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99532)
#1 0x4c4cc9 in __gnu_cxx::new_allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::allocate(unsigned long, void const*) /usr/include/c++/5/ext/new_allocator.h:104
#2 0x4c4a5b in std::allocator_traits<std::allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > > >::allocate(std::allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >&, unsigned long) /usr/include/c++/5/bits/alloc_traits.h:491
#3 0x4c41c0 in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::_M_get_node() /usr/include/c++/5/bits/stl_tree.h:491
#4 0x5226b8 in std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >* std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::_M_create_node<std::piecewise_construct_t const&, std::tuple<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&&>, std::tuple<> >(std::piecewise_construct_t const&, std::tuple<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&&>&&, std::tuple<>&&) /usr/include/c++/5/bits/stl_tree.h:545
#5 0x5221e7 in std::_Rb_tree_iterator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::_M_emplace_hint_unique<std::piecewise_construct_t const&, std::tuple<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&&>, std::tuple<> >(std::_Rb_tree_const_iterator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::piecewise_construct_t const&, std::tuple<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&&>&&, std::tuple<>&&) /usr/include/c++/5/bits/stl_tree.h:2170
#6 0x521951 in std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::operator[](std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&&) /usr/include/c++/5/bits/stl_map.h:502
#7 0x7da730 in ring::Smartools::setResolution(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int, int) /home/hlefeuvre/Development/ring-daemon/src/smartools.cpp:101
#8 0x9853a9 in ring::video::SinkClient::update(ring::video::Observable<std::shared_ptr<ring::VideoFrame> >*, std::shared_ptr<ring::VideoFrame> const&) /home/hlefeuvre/Development/ring-daemon/src/media/video/sinkclient.cpp:337
#9 0x71570e in ring::video::Observable<std::shared_ptr<ring::VideoFrame> >::notify(std::shared_ptr<ring::VideoFrame>) /home/hlefeuvre/Development/ring-daemon/src/media/video/video_base.h:97
#10 0x71345c in ring::video::VideoGenerator::publishFrame() /home/hlefeuvre/Development/ring-daemon/src/media/video/video_base.cpp:50
#11 0x72c859 in ring::video::VideoInput::captureFrame() /home/hlefeuvre/Development/ring-daemon/src/media/video/video_input.cpp:249
#12 0x72bf6d in ring::video::VideoInput::process() /home/hlefeuvre/Development/ring-daemon/src/media/video/video_input.cpp:162
#13 0x734c5d in void std::_Mem_fn_base<void (ring::video::VideoInput::*)(), true>::operator()<, void>(ring::video::VideoInput*) const /usr/include/c++/5/functional:600
#14 0x733c34 in void std::_Bind<std::_Mem_fn<void (ring::video::VideoInput::*)()> (ring::video::VideoInput*)>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) /usr/include/c++/5/functional:1074
#15 0x732d86 in void std::_Bind<std::_Mem_fn<void (ring::video::VideoInput::*)()> (ring::video::VideoInput*)>::operator()<, void>() /usr/include/c++/5/functional:1133
#16 0x731e1e in std::_Function_handler<void (), std::_Bind<std::_Mem_fn<void (ring::video::VideoInput::*)()> (ring::video::VideoInput*)> >::_M_invoke(std::_Any_data const&) (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x731e1e)
#17 0x4638a3 in std::function<void ()>::operator()() const /usr/include/c++/5/functional:2267
#18 0x7b0ee3 in ring::ThreadLoop::mainloop(std::thread::id&, std::function<bool ()>, std::function<void ()>, std::function<void ()>) /home/hlefeuvre/Development/ring-daemon/src/threadloop.cpp:38
#19 0x7b4b3f in void std::_Mem_fn_base<void (ring::ThreadLoop::*)(std::thread::id&, std::function<bool ()>, std::function<void ()>, std::function<void ()>), true>::operator()<std::reference_wrapper<std::thread::id>, std::function<bool ()>, std::function<void ()>, std::function<void ()>, void>(ring::ThreadLoop*, std::reference_wrapper<std::thread::id>&&, std::function<bool ()>&&, std::function<void ()>&&, std::function<void ()>&&) const (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x7b4b3f)
#20 0x7b4874 in void std::_Bind_simple<std::_Mem_fn<void (ring::ThreadLoop::*)(std::thread::id&, std::function<bool ()>, std::function<void ()>, std::function<void ()>)> (ring::ThreadLoop*, std::reference_wrapper<std::thread::id>, std::function<bool ()>, std::function<void ()>, std::function<void ()>)>::_M_invoke<0ul, 1ul, 2ul, 3ul, 4ul>(std::_Index_tuple<0ul, 1ul, 2ul, 3ul, 4ul>) (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x7b4874)
#21 0x7b45d9 in std::_Bind_simple<std::_Mem_fn<void (ring::ThreadLoop::*)(std::thread::id&, std::function<bool ()>, std::function<void ()>, std::function<void ()>)> (ring::ThreadLoop*, std::reference_wrapper<std::thread::id>, std::function<bool ()>, std::function<void ()>, std::function<void ()>)>::operator()() (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x7b45d9)
#22 0x7b4569 in std::thread::_Impl<std::_Bind_simple<std::_Mem_fn<void (ring::ThreadLoop::*)(std::thread::id&, std::function<bool ()>, std::function<void ()>, std::function<void ()>)> (ring::ThreadLoop*, std::reference_wrapper<std::thread::id>, std::function<bool ()>, std::function<void ()>, std::function<void ()>)> >::_M_run() (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x7b4569)
#23 0x7ffff3438c7f (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8c7f)
Thread T49 created by T0 here:
#0 0x7ffff6ea0253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
#1 0x7ffff3438dc2 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8dc2)
SUMMARY: AddressSanitizer: heap-use-after-free ??:0 memcmp
Shadow bytes around the buggy address:
0x0c1080018ba0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
0x0c1080018bb0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
0x0c1080018bc0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
0x0c1080018bd0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
0x0c1080018be0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c1080018bf0: fa fa fa fa fd fd fd fd fd fd[fd]fd fd fd fd fd
0x0c1080018c00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c1080018c10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c1080018c20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c1080018c30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c1080018c40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==478==ABORTING
Thread 50 "dring" received signal SIGABRT, Aborted.
[Switching to Thread 0x7fffd46c8700 (LWP 601)]
0x00007ffff2acc428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
54 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0 0x00007ffff2acc428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
#1 0x00007ffff2ace02a in __GI_abort () at abort.c:89
#2 0x00007ffff6f17d99 in ?? () from /usr/lib/x86_64-linux-gnu/libasan.so.2
#3 0x00007ffff6f0a769 in ?? () from /usr/lib/x86_64-linux-gnu/libasan.so.2
#4 0x00007ffff6f0f5a2 in ?? () from /usr/lib/x86_64-linux-gnu/libasan.so.2
#5 0x00007ffff6f096e6 in __asan_report_error () from /usr/lib/x86_64-linux-gnu/libasan.so.2
#6 0x00007ffff6ee1691 in memcmp () from /usr/lib/x86_64-linux-gnu/libasan.so.2
#7 0x00007ffff34a1278 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::compare(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) const () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#8 0x0000000000475a8b in std::operator< <char, std::char_traits<char>, std::allocator<char> > (__lhs="local height", __rhs="local width") at /usr/include/c++/5/bits/basic_string.h:4989
#9 0x0000000000462a61 in std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >::operator() (this=0x1f41100 <ring::Smartools::getInstance()::instance_>,
__x="local height", __y="local width") at /usr/include/c++/5/bits/stl_function.h:387
#10 0x00000000004c413c in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::_M_lower_bound (this=0x1f41100 <ring::Smartools::getInstance()::instance_>, __x=0x608000105fa0, __y=0x1f41108 <ring::Smartools::getInstance()::instance_+8>, __k="local width")
at /usr/include/c++/5/bits/stl_tree.h:1628
#11 0x00000000004c3695 in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::lower_bound
(this=0x1f41100 <ring::Smartools::getInstance()::instance_>, __k="local width") at /usr/include/c++/5/bits/stl_tree.h:1091
#12 0x00000000004c2f63 in std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::lower_bound (this=0x1f41100 <ring::Smartools::getInstance()::instance_>, __x="local width")
at /usr/include/c++/5/bits/stl_map.h:916
#13 0x0000000000521845 in std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::operator[](std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&&) (
this=0x1f41100 <ring::Smartools::getInstance()::instance_>, __k=<unknown type in /home/hlefeuvre/Development/ring-daemon/bin/dring, CU 0x19c75c, DIE 0x1b821d>)
at /usr/include/c++/5/bits/stl_map.h:499
#14 0x00000000007da691 in ring::Smartools::setResolution (this=0x1f41100 <ring::Smartools::getInstance()::instance_>, id="local", width=1280, height=720) at smartools.cpp:100
#15 0x00000000009853aa in ring::video::SinkClient::update (this=0x60f000044c00, frame_p=std::shared_ptr (count 2, weak 0) 0x607000120050) at sinkclient.cpp:337
#16 0x000000000071570f in ring::video::Observable<std::shared_ptr<ring::VideoFrame> >::notify (this=0x617000056010, data=std::shared_ptr (count 2, weak 0) 0x607000120050) at video_base.h:97
#17 0x000000000071345d in ring::video::VideoGenerator::publishFrame (this=0x617000056010) at video_base.cpp:50
#18 0x000000000072c85a in ring::video::VideoInput::captureFrame (this=0x617000056010) at video_input.cpp:249
#19 0x000000000072bf6e in ring::video::VideoInput::process (this=0x617000056010) at video_input.cpp:162
#20 0x0000000000734c5e in std::_Mem_fn_base<void (ring::video::VideoInput::*)(), true>::operator()<, void>(ring::video::VideoInput*) const (this=0x6030008d4150, __object=0x617000056010)
at /usr/include/c++/5/functional:600
#21 0x0000000000733c35 in std::_Bind<std::_Mem_fn<void (ring::video::VideoInput::*)()> (ring::video::VideoInput*)>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) (this=0x6030008d4150,
__args=<unknown type in /home/hlefeuvre/Development/ring-daemon/bin/dring, CU 0x75e7bf, DIE 0x79c8c4>) at /usr/include/c++/5/functional:1074
#22 0x0000000000732d87 in std::_Bind<std::_Mem_fn<void (ring::video::VideoInput::*)()> (ring::video::VideoInput*)>::operator()<, void>() (this=0x6030008d4150) at /usr/include/c++/5/functional:1133
#23 0x0000000000731e1f in std::_Function_handler<void (), std::_Bind<std::_Mem_fn<void (ring::video::VideoInput::*)()> (ring::video::VideoInput*)> >::_M_invoke(std::_Any_data const&) (__functor=...)
at /usr/include/c++/5/functional:1871This is CWE-416 but security implications are negligible IMO.