GNOME: segfault when quitting the client (#381) · Issues · savoirfairelinux / jami-client-gnome

GNOME: segfault when quitting the client

Issue generated from Tuleap's migration script. Originally submitted by: Stepan Salenikovich (ssalenik)
A segfault often happens when quitting the client. ASAN detects a use after free likely related to this:
  
\*\* (gnome-ring:23978): DEBUG: quitting  
=================================================================  
==23978==ERROR: AddressSanitizer: heap-use-after-free on address 0x6040002ce610 at pc 0x710f87 bp 0x7fffffffda10 sp 0x7fffffffda00  
READ of size 8 at 0x6040002ce610 thread T0  
    \#0 0x710f86 in RecentModel::\~RecentModel() /home/ssalenikovich/projects/ring-lrc/src/recentmodel.cpp:201  
    \#1 0x711020 in RecentModel::\~RecentModel() /home/ssalenikovich/projects/ring-lrc/src/recentmodel.cpp:204  
    \#2 0x7ffff50da18b in QObjectPrivate::deleteChildren() (/usr/lib/x86\_64-linux-gnu/libQt5Core.so.5+0x31118b)  
    \#3 0x7ffff50e47f2 in QObject::\~QObject() (/usr/lib/x86\_64-linux-gnu/libQt5Core.so.5+0x31b7f2)  
    \#4 0x7ffff50aa708 in QCoreApplication::\~QCoreApplication() (/usr/lib/x86\_64-linux-gnu/libQt5Core.so.5+0x2e1708)  
    \#5 0x4b4a9a in ring\_client\_shutdown /home/ssalenikovich/projects/ring-client-gnome/src/ring\_client.cpp:463  
    \#6 0x7ffff562b503 (/usr/lib/x86\_64-linux-gnu/libgobject-2.0.so.0+0x10503)  
    \#7 0x7ffff5644fa6 in g\_signal\_emit\_valist (/usr/lib/x86\_64-linux-gnu/libgobject-2.0.so.0+0x29fa6)  
    \#8 0x7ffff56458fe in g\_signal\_emit (/usr/lib/x86\_64-linux-gnu/libgobject-2.0.so.0+0x2a8fe)  
    \#9 0x7ffff591675c in g\_application\_run (/usr/lib/x86\_64-linux-gnu/libgio-2.0.so.0+0xa975c)  
    \#10 0x4b44df in main /home/ssalenikovich/projects/ring-client-gnome/src/main.cpp:45  
    \#11 0x7ffff2c14a3f in \_\_libc\_start\_main (/lib/x86\_64-linux-gnu/libc.so.6+0x20a3f)  
    \#12 0x4b4338 in \_start (/home/ssalenikovich/projects/ring-client-gnome/build/gnome-ring+0x4b4338)  
  
0x6040002ce610 is located 0 bytes inside of 48-byte region [0x6040002ce610,0x6040002ce640)  
freed by thread T0 here:  
    \#0 0x7ffff6f556af in operator delete(void\*) (/usr/lib/x86\_64-linux-gnu/libasan.so.1+0x586af)  
    \#1 0x710b4c in \~RecentViewNode /home/ssalenikovich/projects/ring-lrc/src/recentmodel.cpp:216  
    \#2 0x710b4c in RecentModel::\~RecentModel() /home/ssalenikovich/projects/ring-lrc/src/recentmodel.cpp:201  
    \#3 0x711020 in RecentModel::\~RecentModel() /home/ssalenikovich/projects/ring-lrc/src/recentmodel.cpp:204  
    \#4 0x7ffff50da18b in QObjectPrivate::deleteChildren() (/usr/lib/x86\_64-linux-gnu/libQt5Core.so.5+0x31118b)  
  
previously allocated by thread T0 here:  
    \#0 0x7ffff6f551af in operator new(unsigned long) (/usr/lib/x86\_64-linux-gnu/libasan.so.1+0x581af)  
    \#1 0x718391 in RecentModelPrivate::slotLastUsedChanged(ContactMethod\*, long) /home/ssalenikovich/projects/ring-lrc/src/recentmodel.cpp:593  
    \#2 0x7199a2 in RecentModel::RecentModel(QObject\*) /home/ssalenikovich/projects/ring-lrc/src/recentmodel.cpp:188  
    \#3 0x719dc1 in RecentModel::instance() /home/ssalenikovich/projects/ring-lrc/src/recentmodel.cpp:262  
    \#4 0x521e6a in recent\_contacts\_view\_init /home/ssalenikovich/projects/ring-client-gnome/src/recentcontactsview.cpp:512  
    \#5 0x7ffff564cf98 in g\_type\_create\_instance (/usr/lib/x86\_64-linux-gnu/libgobject-2.0.so.0+0x31f98)  
  
SUMMARY: AddressSanitizer: heap-use-after-free /home/ssalenikovich/projects/ring-lrc/src/recentmodel.cpp:201 RecentModel::\~RecentModel()  
Shadow bytes around the buggy address:  
  0x0c0880051c70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
  0x0c0880051c80: fa fa 00 00 00 00 00 00 fa fa fa fa fa fa fa fa  
  0x0c0880051c90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
  0x0c0880051ca0: fa fa fd fd fd fd fd fd fa fa fa fa fa fa fa fa  
  0x0c0880051cb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
=>0x0c0880051cc0: fa fa[fd]fd fd fd fd fd fa fa fa fa fa fa fa fa  
  0x0c0880051cd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
  0x0c0880051ce0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
  0x0c0880051cf0: fa fa fa fa fa fa fa fa fa fa fd fd fd fd fd fd  
  0x0c0880051d00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
  0x0c0880051d10: fa fa fd fd fd fd fd fd fa fa fa fa fa fa fa fa  
Shadow byte legend (one shadow byte represents 8 application bytes):  
  Addressable:           00  
  Partially addressable: 01 02 03 04 05 06 07   
  Heap left redzone:       fa  
  Heap right redzone:      fb  
  Freed heap region:       fd  
  Stack left redzone:      f1  
  Stack mid redzone:       f2  
  Stack right redzone:     f3  
  Stack partial redzone:   f4  
  Stack after return:      f5  
  Stack use after scope:   f8  
  Global redzone:          f9  
  Global init order:       f6  
  Poisoned by user:        f7  
  Contiguous container OOB:fc  
  ASan internal:           fe  
==23978==ABORTING  
[Thread 0x7fffdba7c700 (LWP 23985) exited]  
[Thread 0x7ffff7f15a40 (LWP 23978) exited]  
[Inferior 1 (process 23978) exited with code 01]