oiplink.cpp :841 ] [call:6904029422356513] INVITE@0x6190002e27a8 state changed to 6 (DISCONNCTD): cause=200, tsx@0x61d000214928 status 200 (OK)
[1612448064.314|55209|sipcall.cpp :1096 ] [call:6904029422356513] add remote ICE candidate: R9e45cb33 2 UDP 16777214 158.69.203.51 20263 typ relay
=================================================================
==55208==ERROR: AddressSanitizer: heap-use-after-free on address 0x619000233560 at pc 0x55d92bc72209 bp 0x7f095e2faf50 sp 0x7f095e2faf40
READ of size 4 at 0x619000233560 thread T1
#0 0x55d92bc72208 in jami::Sdp::getIceCandidates[abi:cxx11](unsigned int) const /home/sblin/ring-project/daemon/src/sip/sdp.cpp:737
#1 0x55d92bcdd45d in operator() /home/sblin/ring-project/daemon/src/sip/sipcall.cpp:1094
#2 0x55d92bcdd9ac in jami::SIPCall::getAllRemoteCandidates() /home/sblin/ring-project/daemon/src/sip/sipcall.cpp:1107
#3 0x55d92bce1270 in jami::SIPCall::startIceMedia() /home/sblin/ring-project/daemon/src/sip/sipcall.cpp:1405
#4 0x55d92bce0b9f in operator() /home/sblin/ring-project/daemon/src/sip/sipcall.cpp:1369
#5 0x55d92bce93d4 in operator() /home/sblin/ring-project/daemon/src/manager.h:975
#6 0x55d92bcefb24 in _M_invoke /usr/include/c++/9/bits/std_function.h:300
#7 0x55d92b66ffcb in std::function<void ()>::operator()() const /usr/include/c++/9/bits/std_function.h:688
#8 0x55d92bc56b65 in jami::ScheduledExecutor::loop() /home/sblin/ring-project/daemon/src/scheduled_executor.cpp:124
#9 0x55d92bc5507c in operator() /home/sblin/ring-project/daemon/src/scheduled_executor.cpp:28
#10 0x55d92bc597a5 in __invoke_impl<void, jami::ScheduledExecutor::ScheduledExecutor()::<lambda()> > /usr/include/c++/9/bits/invoke.h:60
#11 0x55d92bc5975a in __invoke<jami::ScheduledExecutor::ScheduledExecutor()::<lambda()> > /usr/include/c++/9/bits/invoke.h:95
#12 0x55d92bc59707 in _M_invoke<0> /usr/include/c++/9/thread:244
#13 0x55d92bc596dd in operator() /usr/include/c++/9/thread:251
#14 0x55d92bc596c1 in _M_run /usr/include/c++/9/thread:195
#15 0x7f096ca11d83 (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xd6d83)
#16 0x7f096e970608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477
#17 0x7f096c6ff292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)
0x619000233560 is located 736 bytes inside of 1024-byte region [0x619000233280,0x619000233680)
freed by thread T72 here:
#0 0x7f096f2ae7cf in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x10d7cf)
#1 0x55d92c0dfcb2 in pj_pool_destroy_int (/home/sblin/ring-project/daemon/bin/dring+0xf45cb2)
previously allocated by thread T72 here:
#0 0x7f096f2aebc8 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8)
#1 0x55d92c0d8807 in default_block_alloc (/home/sblin/ring-project/daemon/bin/dring+0xf3e807)
Thread T1 created by T0 here:
#0 0x7f096f1db805 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
#1 0x7f096ca12048 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xd7048)
#2 0x55d92bc552e4 in jami::ScheduledExecutor::ScheduledExecutor() /home/sblin/ring-project/daemon/src/scheduled_executor.cpp:29
#3 0x55d92bb3ed3e in jami::Manager::ManagerPimpl::ManagerPimpl(jami::Manager&) /home/sblin/ring-project/daemon/src/manager.cpp:451
#4 0x55d92bb424ce in jami::Manager::Manager() /home/sblin/ring-project/daemon/src/manager.cpp:730
#5 0x55d92bb42295 in jami::Manager::instance() /home/sblin/ring-project/daemon/src/manager.cpp:706
#6 0x55d92b69e05d in DRing::init(DRing::InitFlag) /home/sblin/ring-project/daemon/src/ring_api.cpp:57
#7 0x55d92b573aaf in DBusClient::initLibrary(int) /home/sblin/ring-project/daemon/bin/dbus/dbusclient.cpp:245
#8 0x55d92b568631 in DBusClient::DBusClient(int, bool) /home/sblin/ring-project/daemon/bin/dbus/dbusclient.cpp:108
#9 0x55d92b567d3f in void __gnu_cxx::new_allocator<DBusClient>::construct<DBusClient, int&, bool&>(DBusClient*, int&, bool&) (/home/sblin/ring-project/daemon/bin/dring+0x3cdd3f)
#10 0x55d92b567b03 in void std::allocator_traits<std::allocator<DBusClient> >::construct<DBusClient, int&, bool&>(std::allocator<DBusClient>&, DBusClient*, int&, bool&) (/home/sblin/ring-project/daemon/bin/dring+0x3cdb03)
#11 0x55d92b567734 in std::_Sp_counted_ptr_inplace<DBusClient, std::allocator<DBusClient>, (__gnu_cxx::_Lock_policy)2>::_Sp_counted_ptr_inplace<int&, bool&>(std::allocator<DBusClient>, int&, bool&) (/home/sblin/ring-project/daemon/bin/dring+0x3cd734)
#12 0x55d92b5670fa in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::__shared_count<DBusClient, std::allocator<DBusClient>, int&, bool&>(DBusClient*&, std::_Sp_alloc_shared_tag<std::allocator<DBusClient> >, int&, bool&) (/home/sblin/ring-project/daemon/bin/dring+0x3cd0fa)
#13 0x55d92b566c4d in std::__shared_ptr<DBusClient, (__gnu_cxx::_Lock_policy)2>::__shared_ptr<std::allocator<DBusClient>, int&, bool&>(std::_Sp_alloc_shared_tag<std::allocator<DBusClient> >, int&, bool&) (/home/sblin/ring-project/daemon/bin/dring+0x3ccc4d)
#14 0x55d92b56610e in std::shared_ptr<DBusClient>::shared_ptr<std::allocator<DBusClient>, int&, bool&>(std::_Sp_alloc_shared_tag<std::allocator<DBusClient> >, int&, bool&) (/home/sblin/ring-project/daemon/bin/dring+0x3cc10e)
#15 0x55d92b56563e in std::shared_ptr<DBusClient> std::allocate_shared<DBusClient, std::allocator<DBusClient>, int&, bool&>(std::allocator<DBusClient> const&, int&, bool&) (/home/sblin/ring-project/daemon/bin/dring+0x3cb63e)
#16 0x55d92b564c6e in std::shared_ptr<DBusClient> std::make_shared<DBusClient, int&, bool&>(int&, bool&) (/home/sblin/ring-project/daemon/bin/dring+0x3cac6e)
#17 0x55d92b5639e1 in main /home/sblin/ring-project/daemon/bin/main.cpp:218
#18 0x7f096c6040b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
Thread T72 created by T62 here:
#0 0x7f096f1db805 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
#1 0x7f096ca12048 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xd7048)
#2 0x55d92bc552e4 in jami::ScheduledExecutor::ScheduledExecutor() /home/sblin/ring-project/daemon/src/scheduled_executor.cpp:29
#3 0x55d92bf752f1 in jami::tls::ChanneledSIPTransport::ChanneledSIPTransport(pjsip_endpoint*, int, std::shared_ptr<jami::ChannelSocket> const&, jami::IpAddr const&, jami::IpAddr const&, std::function<void ()>&&) /home/sblin/ring-project/daemon/src/jamidht/channeled_transport.cpp:46
#4 0x55d92bd1e11b in std::_MakeUniq<jami::tls::ChanneledSIPTransport>::__single_object std::make_unique<jami::tls::ChanneledSIPTransport, pjsip_endpoint*&, pjsip_transport_type_e&, std::shared_ptr<jami::ChannelSocket> const&, jami::IpAddr&, jami::IpAddr&, std::function<void ()> >(pjsip_endpoint*&, pjsip_transport_type_e&, std::shared_ptr<jami::ChannelSocket> const&, jami::IpAddr&, jami::IpAddr&, std::function<void ()>&&) /usr/include/c++/9/bits/unique_ptr.h:857
#5 0x55d92bd18f30 in jami::SipTransportBroker::getChanneledTransport(std::shared_ptr<jami::ChannelSocket> const&, std::function<void ()>&&) /home/sblin/ring-project/daemon/src/sip/siptransport.cpp:452
#6 0x55d92b7f7d6a in jami::JamiAccount::cacheSIPConnection(std::shared_ptr<jami::ChannelSocket>&&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, dht::Hash<20ul> const&) /home/sblin/ring-project/daemon/src/jamidht/jamiaccount.cpp:3880
#7 0x55d92b7d2eeb in operator() /home/sblin/ring-project/daemon/src/jamidht/jamiaccount.cpp:2311
#8 0x55d92b80d31c in _M_invoke /usr/include/c++/9/bits/std_function.h:300
#9 0x55d92bfa94b5 in std::function<void (dht::Hash<20ul> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::shared_ptr<jami::ChannelSocket>)>::operator()(dht::Hash<20ul> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::shared_ptr<jami::ChannelSocket>) const /usr/include/c++/9/bits/std_function.h:688
#10 0x55d92bf8f2b0 in operator() /home/sblin/ring-project/daemon/src/jamidht/connectionmanager.cpp:766
#11 0x55d92bf98b45 in _M_invoke /usr/include/c++/9/bits/std_function.h:300
#12 0x55d92b9675c0 in std::function<void (dht::Hash<20ul> const&, std::shared_ptr<jami::ChannelSocket> const&)>::operator()(dht::Hash<20ul> const&, std::shared_ptr<jami::ChannelSocket> const&) const /usr/include/c++/9/bits/std_function.h:688
#13 0x55d92b958895 in jami::MultiplexedSocket::Impl::onRequest(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, unsigned short) /home/sblin/ring-project/daemon/src/jamidht/multiplexed_socket.cpp:258
#14 0x55d92b9592d3 in operator() /home/sblin/ring-project/daemon/src/jamidht/multiplexed_socket.cpp:286
#15 0x55d92b95fb80 in _M_invoke /usr/include/c++/9/bits/std_function.h:300
#16 0x55d92c11df19 in std::thread::_State_impl<std::thread::_Invoker<std::tuple<dht::ThreadPool::run(std::function<void ()>&&)::{lambda()#1}> > >::_M_run() (/home/sblin/ring-project/daemon/bin/dring+0xf83f19)
#17 0x7f095611e4c7 (<unknown module>)
Thread T62 created by T39 here:
#0 0x7f096f1db805 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
#1 0x7f096ca12048 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xd7048)
Thread T39 created by T1 here:
#0 0x7f096f1db805 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
#1 0x7f096ca12048 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xd7048)
SUMMARY: AddressSanitizer: heap-use-after-free /home/sblin/ring-project/daemon/src/sip/sdp.cpp:737 in jami::Sdp::getIceCandidates[abi:cxx11](unsigned int) const
Shadow bytes around the buggy address:
0x0c328003e650: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c328003e660: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c328003e670: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c328003e680: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c328003e690: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c328003e6a0: fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd
0x0c328003e6b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c328003e6c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c328003e6d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c328003e6e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c328003e6f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==55208==ABORTING