heap-use-after free
=================================================================
==41866==ERROR: AddressSanitizer: heap-use-after-free on address 0x0002a5258a88 at pc 0x000105383380 bp 0x0003157867b0 sp 0x0003157867a8
READ of size 4 at 0x0002a5258a88 thread T17074
#0 0x10538337c in stun_on_request_complete+0xc54 (Jami:arm64+0x102a9b37c)
#1 0x10537859c in stun_tsx_on_complete+0x2a8 (Jami:arm64+0x102a9059c)
#2 0x105380240 in retransmit_timer_callback+0x12c (Jami:arm64+0x102a98240)
#3 0x105313d94 in pj_timer_heap_poll+0x468 (Jami:arm64+0x102a2bd94)
#4 0x1046db30c in dhtnet::IceTransport::Impl::handleEvents(unsigned int)+0x110 (Jami:arm64+0x101df330c)
#5 0x1046f6128 in void* std::__1::__thread_proxy[abi:v160006]<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct>>, dhtnet::IceTransport::Impl::initIceInstance(dhtnet::IceTransportOptions const&)::$_6>>(void*)+0x154 (Jami:arm64+0x101e0e128)
#6 0x186caf030 in _pthread_start+0x84 (libsystem_pthread.dylib:arm64e+0x7030)
#7 0x186ca9e38 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1e38)
0x0002a5258a88 is located 200 bytes inside of 256-byte region [0x0002a52589c0,0x0002a5258ac0)
freed by thread T17074 here:
#0 0x11162ace0 in wrap_free+0x98 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x52ce0)
#1 0x10530167c in pj_pool_destroy_int+0xbc (Jami:arm64+0x102a1967c)
#2 0x105302530 in cpool_release_pool+0xec (Jami:arm64+0x102a1a530)
#3 0x105391e58 in dataconn_on_data_read+0x13c (Jami:arm64+0x102aa9e58)
#4 0x1052f18f0 in ioqueue_on_read_complete+0x39c (Jami:arm64+0x102a098f0)
#5 0x1052e154c in ioqueue_dispatch_read_event+0x700 (Jami:arm64+0x1029f954c)
#6 0x1052e6564 in pj_ioqueue_poll+0x900 (Jami:arm64+0x1029fe564)
#7 0x1046db3ec in dhtnet::IceTransport::Impl::handleEvents(unsigned int)+0x1f0 (Jami:arm64+0x101df33ec)
#8 0x1046f6128 in void* std::__1::__thread_proxy[abi:v160006]<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct>>, dhtnet::IceTransport::Impl::initIceInstance(dhtnet::IceTransportOptions const&)::$_6>>(void*)+0x154 (Jami:arm64+0x101e0e128)
#9 0x186caf030 in _pthread_start+0x84 (libsystem_pthread.dylib:arm64e+0x7030)
#10 0x186ca9e38 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1e38)
Edited by Sébastien Blin