heap-use-after-free when canceling file transfer
Affects: latest daemon master & earlier. Built with -O0 -g -fsanitize=address
.
How to reproduce: Cancel a file transfer while the file is being sent. While it does not always happen, I managed to reproduce it twice.
ASAN stacktrace no. 1:
[1531169668.821|19662|ringaccount.cpp :3274 ] [Account 9fba7138a1fc3f51] found 0 devices for e6b11a4a3406609c079dcba364b199eac72f0882
[1531169668.821|19662|p2p.cpp :780 ] 0x62300000e110[CNX] aborted, no devices for e6b11a4a3406609c079dcba364b199eac72f0882
[1531169689.507|20021|p2p.cpp :316 ] [Account 9fba7138a1fc3f51] [CNX] request connection to e6b11a4a3406609c079dcba364b199eac72f0882
[1531169689.944|19677|p2p.cpp :585 ] [Account 9fba7138a1fc3f51] [CNX] rx DHT reply from e6b11a4a3406609c079dcba364b199eac72f0882
[1531169689.951|20021|p2p.cpp :342 ] [Account 9fba7138a1fc3f51] [CNX] connecting to TURN relay 158.69.203.51:19418
[1531169689.953|20021|p2p.cpp :354 ] [Account 9fba7138a1fc3f51] [CNX] start TLS session
[1531169689.954|20025|tls_session.cpp :738 ] [TLS] Start client session
[1531169689.970|20025|tls_session.cpp :446 ] [TLS] User identity loaded
[1531169689.970|20025|tls_session.cpp :833 ] [TLS] handshake
[1531169690.395|20025|tls_session.cpp :860 ] [TLS] session established: (TLS1.2)-(ANON-DH)-(AES-256-GCM)
[1531169690.395|20025|tls_session.cpp :866 ] [TLS] renogotiate with certificate authentification
[1531169690.395|20025|tls_session.cpp :833 ] [TLS] handshake
[1531169690.707|20025|tls_session.cpp :860 ] [TLS] session established: (TLS1.2)-(ECDHE-SECP384R1)-(RSA-SHA384)-(AES-256-GCM)
[1531169690.720|20026|peer_connection.cpp:540 ] [CNX] Peer connection to e6b11a4a3406609c079dcba364b199eac72f0882 ready
[1531169691.014|19662|ringaccount.cpp :2014 ] Buddy 60ba2209df97e8f6546f9cbb5b12ad08dbff7c4d online: (device: e6b11a4a3406609c079dcba364b199eac72f0882)
[1531169691.014|19662|ringaccount.cpp :3274 ] [Account 9fba7138a1fc3f51] found 1 devices for 60ba2209df97e8f6546f9cbb5b12ad08dbff7c4d
=================================================================
==19662==ERROR: AddressSanitizer: heap-use-after-free on address 0x62500643c100 at pc 0x7f1b422bfe55 bp 0x7f1b2d68ad10 sp 0x7f1b2d68a4b8
WRITE of size 8191 at 0x62500643c100 thread T67
#0 0x7f1b422bfe54 (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x45e54)
#1 0x7f1b3f800216 in std::__basic_file<char>::xsgetn(char*, long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb0216)
#2 0x7f1b3f83b2e5 in std::basic_filebuf<char, std::char_traits<char> >::underflow() (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xeb2e5)
#3 0x7f1b3f86dfec in std::basic_streambuf<char, std::char_traits<char> >::xsgetn(char*, long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0x11dfec)
#4 0x7f1b3f83ac7d in std::basic_filebuf<char, std::char_traits<char> >::xsgetn(char*, long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xeac7d)
#5 0x7f1b3f8478ea in std::istream::read(char*, long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xf78ea)
#6 0x7f1b405b3964 in ring::SubOutgoingFileTransfer::read(std::vector<unsigned char, std::allocator<unsigned char> >&) const /home/hlefeuvre/Development/ring-daemon/src/data_transfer.cpp:339
#7 0x7f1b405938ae in _ZZN4ring14PeerConnection18PeerConnectionImpl9eventLoopEvENKUlRT_E_clISt10shared_ptrINS_6StreamEEEEDaS3_ (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xac18ae)
#8 0x7f1b405940b8 in handle_stream_list<std::vector<std::shared_ptr<ring::Stream> >, ring::PeerConnection::PeerConnectionImpl::eventLoop()::<lambda(auto:1&)> > /home/hlefeuvre/Development/ring-daemon/src/peer_connection.cpp:521
#9 0x7f1b40592409 in ring::PeerConnection::PeerConnectionImpl::eventLoop() /home/hlefeuvre/Development/ring-daemon/src/peer_connection.cpp:625
#10 0x7f1b4059e0c1 in ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1}::operator()() const /home/hlefeuvre/Development/ring-daemon/src/peer_connection.cpp:477
#11 0x7f1b405afa0d in void std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>::_M_invoke<>(std::_Index_tuple<>) (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadda0d)
#12 0x7f1b405af8d9 in std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>::operator()() (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadd8d9)
#13 0x7f1b405af4ba in std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<void>, std::__future_base::_Result_base::_Deleter>, std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::operator()() const (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadd4ba)
#14 0x7f1b405af04d in std::_Function_handler<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> (), std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<void>, std::__future_base::_Result_base::_Deleter>, std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void> >::_M_invoke(std::_Any_data const&) (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadd04d)
#15 0x7f1b4059f1d7 in std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>::operator()() const /usr/include/c++/5/functional:2267
#16 0x7f1b4059d48c in std::__future_base::_State_baseV2::_M_do_set(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*) /usr/include/c++/5/future:527
#17 0x7f1b405a9e5a in void std::_Mem_fn_base<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*), true>::operator()<std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*, void>(std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*&&, bool*&&) const /usr/include/c++/5/functional:600
#18 0x7f1b405a88e6 in void std::_Bind_simple<std::_Mem_fn<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> (std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)>::_M_invoke<0ul, 1ul, 2ul>(std::_Index_tuple<0ul, 1ul, 2ul>) /usr/include/c++/5/functional:1531
#19 0x7f1b405a5fdd in std::_Bind_simple<std::_Mem_fn<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> (std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)>::operator()() /usr/include/c++/5/functional:1520
#20 0x7f1b405a240e in void std::__once_call_impl<std::_Bind_simple<std::_Mem_fn<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> (std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> >() /usr/include/c++/5/mutex:706
#21 0x7f1b3f32ba98 in __pthread_once_slow (/lib/x86_64-linux-gnu/libpthread.so.0+0xea98)
#22 0x7f1b4058ead9 in __gthread_once /usr/include/x86_64-linux-gnu/c++/5/bits/gthr-default.h:699
#23 0x7f1b4059efc6 in void std::call_once<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*), std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*>(std::once_flag&, void (std::__future_base::_State_baseV2::*&&)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*), std::__future_base::_State_baseV2*&&, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*&&, bool*&&) /usr/include/c++/5/mutex:738
#24 0x7f1b4059cec3 in std::__future_base::_State_baseV2::_M_set_result(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>, bool) /usr/include/c++/5/future:387
#25 0x7f1b405ae61f in std::__future_base::_Async_state_impl<std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::_Async_state_impl(ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} (&&)())::{lambda()#1}::operator()() const /usr/include/c++/5/future:1658
#26 0x7f1b405b1a83 in void std::_Bind_simple<std::__future_base::_Async_state_impl<std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::_Async_state_impl(ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} (&&)())::{lambda()#1} ()>::_M_invoke<>(std::_Index_tuple<>) (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadfa83)
#27 0x7f1b405b1879 in std::_Bind_simple<std::__future_base::_Async_state_impl<std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::_Async_state_impl(ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} (&&)())::{lambda()#1} ()>::operator()() /usr/include/c++/5/functional:1520
#28 0x7f1b405b0953 in std::thread::_Impl<std::_Bind_simple<std::__future_base::_Async_state_impl<std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::_Async_state_impl(ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<[1531169668.821|19662|ringaccount.cpp :3274 ] [Account 9fba7138a1fc3f51] found 0 devices for e6b11a4a3406609c079dcba364b199eac72f0882
[1531169668.821|19662|p2p.cpp :780 ] 0x62300000e110[CNX] aborted, no devices for e6b11a4a3406609c079dcba364b199eac72f0882
[1531169689.507|20021|p2p.cpp :316 ] [Account 9fba7138a1fc3f51] [CNX] request connection to e6b11a4a3406609c079dcba364b199eac72f0882
[1531169689.944|19677|p2p.cpp :585 ] [Account 9fba7138a1fc3f51] [CNX] rx DHT reply from e6b11a4a3406609c079dcba364b199eac72f0882
[1531169689.951|20021|p2p.cpp :342 ] [Account 9fba7138a1fc3f51] [CNX] connecting to TURN relay 158.69.203.51:19418
[1531169689.953|20021|p2p.cpp :354 ] [Account 9fba7138a1fc3f51] [CNX] start TLS session
[1531169689.954|20025|tls_session.cpp :738 ] [TLS] Start client session
[1531169689.970|20025|tls_session.cpp :446 ] [TLS] User identity loaded
[1531169689.970|20025|tls_session.cpp :833 ] [TLS] handshake
[1531169690.395|20025|tls_session.cpp :860 ] [TLS] session established: (TLS1.2)-(ANON-DH)-(AES-256-GCM)
[1531169690.395|20025|tls_session.cpp :866 ] [TLS] renogotiate with certificate authentification
[1531169690.395|20025|tls_session.cpp :833 ] [TLS] handshake
[1531169690.707|20025|tls_session.cpp :860 ] [TLS] session established: (TLS1.2)-(ECDHE-SECP384R1)-(RSA-SHA384)-(AES-256-GCM)
[1531169690.720|20026|peer_connection.cpp:540 ] [CNX] Peer connection to e6b11a4a3406609c079dcba364b199eac72f0882 ready
[1531169691.014|19662|ringaccount.cpp :2014 ] Buddy 60ba2209df97e8f6546f9cbb5b12ad08dbff7c4d online: (device: e6b11a4a3406609c079dcba364b199eac72f0882)
[1531169691.014|19662|ringaccount.cpp :3274 ] [Account 9fba7138a1fc3f51] found 1 devices for 60ba2209df97e8f6546f9cbb5b12ad08dbff7c4d
=================================================================
==19662==ERROR: AddressSanitizer: heap-use-after-free on address 0x62500643c100 at pc 0x7f1b422bfe55 bp 0x7f1b2d68ad10 sp 0x7f1b2d68a4b8
WRITE of size 8191 at 0x62500643c100 thread T67
#0 0x7f1b422bfe54 (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x45e54)
#1 0x7f1b3f800216 in std::__basic_file<char>::xsgetn(char*, long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb0216)
#2 0x7f1b3f83b2e5 in std::basic_filebuf<char, std::char_traits<char> >::underflow() (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xeb2e5)
#3 0x7f1b3f86dfec in std::basic_streambuf<char, std::char_traits<char> >::xsgetn(char*, long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0x11dfec)
#4 0x7f1b3f83ac7d in std::basic_filebuf<char, std::char_traits<char> >::xsgetn(char*, long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xeac7d)
#5 0x7f1b3f8478ea in std::istream::read(char*, long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xf78ea)
#6 0x7f1b405b3964 in ring::SubOutgoingFileTransfer::read(std::vector<unsigned char, std::allocator<unsigned char> >&) const /home/hlefeuvre/Development/ring-daemon/src/data_transfer.cpp:339
#7 0x7f1b405938ae in _ZZN4ring14PeerConnection18PeerConnectionImpl9eventLoopEvENKUlRT_E_clISt10shared_ptrINS_6StreamEEEEDaS3_ (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xac18ae)
#8 0x7f1b405940b8 in handle_stream_list<std::vector<std::shared_ptr<ring::Stream> >, ring::PeerConnection::PeerConnectionImpl::eventLoop()::<lambda(auto:1&)> > /home/hlefeuvre/Development/ring-daemon/src/peer_connection.cpp:521
#9 0x7f1b40592409 in ring::PeerConnection::PeerConnectionImpl::eventLoop() /home/hlefeuvre/Development/ring-daemon/src/peer_connection.cpp:625
#10 0x7f1b4059e0c1 in ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1}::operator()() const /home/hlefeuvre/Development/ring-daemon/src/peer_connection.cpp:477
#11 0x7f1b405afa0d in void std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>::_M_invoke<>(std::_Index_tuple<>) (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadda0d)
#12 0x7f1b405af8d9 in std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>::operator()() (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadd8d9)
#13 0x7f1b405af4ba in std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<void>, std::__future_base::_Result_base::_Deleter>, std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::operator()() const (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadd4ba)
#14 0x7f1b405af04d in std::_Function_handler<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> (), std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<void>, std::__future_base::_Result_base::_Deleter>, std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void> >::_M_invoke(std::_Any_data const&) (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadd04d)
#15 0x7f1b4059f1d7 in std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>::operator()() const /usr/include/c++/5/functional:2267
#16 0x7f1b4059d48c in std::__future_base::_State_baseV2::_M_do_set(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*) /usr/include/c++/5/future:527
#17 0x7f1b405a9e5a in void std::_Mem_fn_base<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*), true>::operator()<std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*, void>(std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*&&, bool*&&) const /usr/include/c++/5/functional:600
#18 0x7f1b405a88e6 in void std::_Bind_simple<std::_Mem_fn<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> (std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)>::_M_invoke<0ul, 1ul, 2ul>(std::_Index_tuple<0ul, 1ul, 2ul>) /usr/include/c++/5/functional:1531
#19 0x7f1b405a5fdd in std::_Bind_simple<std::_Mem_fn<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> (std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)>::operator()() /usr/include/c++/5/functional:1520
#20 0x7f1b405a240e in void std::__once_call_impl<std::_Bind_simple<std::_Mem_fn<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> (std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> >() /usr/include/c++/5/mutex:706
#21 0x7f1b3f32ba98 in __pthread_once_slow (/lib/x86_64-linux-gnu/libpthread.so.0+0xea98)
#22 0x7f1b4058ead9 in __gthread_once /usr/include/x86_64-linux-gnu/c++/5/bits/gthr-default.h:699
#23 0x7f1b4059efc6 in void std::call_once<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*), std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*>(std::once_flag&, void (std::__future_base::_State_baseV2::*&&)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*), std::__future_base::_State_baseV2*&&, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*&&, bool*&&) /usr/include/c++/5/mutex:738
#24 0x7f1b4059cec3 in std::__future_base::_State_baseV2::_M_set_result(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>, bool) /usr/include/c++/5/future:387
#25 0x7f1b405ae61f in std::__future_base::_Async_state_impl<std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::_Async_state_impl(ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} (&&)())::{lambda()#1}::operator()() const /usr/include/c++/5/future:1658
#26 0x7f1b405b1a83 in void std::_Bind_simple<std::__future_base::_Async_state_impl<std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::_Async_state_impl(ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} (&&)())::{lambda()#1} ()>::_M_invoke<>(std::_Index_tuple<>) (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadfa83)
#27 0x7f1b405b1879 in std::_Bind_simple<std::__future_base::_Async_state_impl<std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::_Async_state_impl(ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} (&&)())::{lambda()#1} ()>::operator()() /usr/include/c++/5/functional:1520
#28 0x7f1b405b0953 in std::thread::_Impl<std::_Bind_simple<std::__future_base::_Async_state_impl<std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::_Async_state_impl(ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} (&&)())::{lambda()#1} ()> >::_M_run() (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xade953)
#29 0x7f1b3f808c7f (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8c7f)
#30 0x7f1b3f3246b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
#31 0x7f1b3f05a41c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)
0x62500643c100 is located 0 bytes inside of 8192-byte region [0x62500643c100,0x62500643e100)
freed by thread T0 here:
#0 0x7f1b42313caa in operator delete[](void*) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99caa)
#1 0x7f1b3f83c49d in std::basic_filebuf<char, std::char_traits<char> >::_M_destroy_internal_buffer() (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xec49d)
previously allocated by thread T65 here:
#0 0x7f1b423136b2 in operator new[](unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x996b2)
#1 0x7f1b3f83c467 in std::basic_filebuf<char, std::char_traits<char> >::_M_allocate_internal_buffer() (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xec467)
Thread T67 created by T65 here:
#0 0x7f1b422b0253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
#1 0x7f1b3f808dc2 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8dc2)
Thread T65 created by T2 here:
#0 0x7f1b422b0253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
#1 0x7f1b3f808dc2 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8dc2)
Thread T2 created by T0 here:
#0 0x7f1b422b0253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
#1 0x7f1b3f808dc2 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8dc2)
SUMMARY: AddressSanitizer: heap-use-after-free ??:0 ??
Shadow bytes around the buggy address:
0x0c4a80c7f7d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80c7f7e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80c7f7f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80c7f800: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80c7f810: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c4a80c7f820:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80c7f830: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80c7f840: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80c7f850: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80c7f860: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80c7f870: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==19662==ABORTINGchar, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} (&&)())::{lambda()#1} ()> >::_M_run() (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xade953)
#29 0x7f1b3f808c7f (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8c7f)
#30 0x7f1b3f3246b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
#31 0x7f1b3f05a41c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)
0x62500643c100 is located 0 bytes inside of 8192-byte region [0x62500643c100,0x62500643e100)
freed by thread T0 here:
#0 0x7f1b42313caa in operator delete[](void*) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99caa)
#1 0x7f1b3f83c49d in std::basic_filebuf<char, std::char_traits<char> >::_M_destroy_internal_buffer() (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xec49d)
previously allocated by thread T65 here:
#0 0x7f1b423136b2 in operator new[](unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x996b2)
#1 0x7f1b3f83c467 in std::basic_filebuf<char, std::char_traits<char> >::_M_allocate_internal_buffer() (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xec467)
Thread T67 created by T65 here:
#0 0x7f1b422b0253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
#1 0x7f1b3f808dc2 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8dc2)
Thread T65 created by T2 here:
#0 0x7f1b422b0253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
#1 0x7f1b3f808dc2 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8dc2)
Thread T2 created by T0 here:
#0 0x7f1b422b0253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
#1 0x7f1b3f808dc2 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8dc2)
SUMMARY: AddressSanitizer: heap-use-after-free ??:0 ??
Shadow bytes around the buggy address:
0x0c4a80c7f7d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80c7f7e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80c7f7f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80c7f800: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80c7f810: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c4a80c7f820:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80c7f830: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80c7f840: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80c7f850: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80c7f860: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80c7f870: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==19662==ABORTING
ASAN stacktrace no. 2:
[1531170202.639|20292|ringaccount.cpp :3274 ] [Account 9fba7138a1fc3f51] found 0 devices for e6b11a4a3406609c079dcba364b199eac72f0882
[1531170202.640|20292|p2p.cpp :780 ] 0x62300000e110[CNX] aborted, no devices for e6b11a4a3406609c079dcba364b199eac72f0882
[1531170213.541|20605|p2p.cpp :316 ] [Account 9fba7138a1fc3f51] [CNX] request connection to e6b11a4a3406609c079dcba364b199eac72f0882
[1531170213.959|20307|p2p.cpp :585 ] [Account 9fba7138a1fc3f51] [CNX] rx DHT reply from e6b11a4a3406609c079dcba364b199eac72f0882
[1531170213.965|20605|p2p.cpp :342 ] [Account 9fba7138a1fc3f51] [CNX] connecting to TURN relay 158.69.203.51:19418
[1531170213.968|20605|p2p.cpp :354 ] [Account 9fba7138a1fc3f51] [CNX] start TLS session
[1531170213.968|20606|tls_session.cpp :738 ] [TLS] Start client session
[1531170213.982|20606|tls_session.cpp :446 ] [TLS] User identity loaded
[1531170213.982|20606|tls_session.cpp :833 ] [TLS] handshake
[1531170214.404|20292|ringaccount.cpp :2014 ] Buddy 60ba2209df97e8f6546f9cbb5b12ad08dbff7c4d online: (device: e6b11a4a3406609c079dcba364b199eac72f0882)
[1531170214.404|20292|ringaccount.cpp :3274 ] [Account 9fba7138a1fc3f51] found 1 devices for 60ba2209df97e8f6546f9cbb5b12ad08dbff7c4d
[1531170214.412|20606|tls_session.cpp :860 ] [TLS] session established: (TLS1.2)-(ANON-DH)-(AES-256-GCM)
[1531170214.412|20606|tls_session.cpp :866 ] [TLS] renogotiate with certificate authentification
[1531170214.412|20606|tls_session.cpp :833 ] [TLS] handshake
[1531170214.727|20606|tls_session.cpp :860 ] [TLS] session established: (TLS1.2)-(ECDHE-SECP384R1)-(RSA-SHA384)-(AES-256-GCM)
[1531170214.746|20607|peer_connection.cpp:540 ] [CNX] Peer connection to e6b11a4a3406609c079dcba364b199eac72f0882 ready
=================================================================
==20292==ERROR: AddressSanitizer: heap-use-after-free on address 0x62500817e100 at pc 0x7fb0cc92fe55 bp 0x7fb0b8cdfd10 sp 0x7fb0b8cdf4b8
WRITE of size 8191 at 0x62500817e100 thread T73
#0 0x7fb0cc92fe54 (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x45e54)
#1 0x7fb0c9e70216 in std::__basic_file<char>::xsgetn(char*, long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb0216)
#2 0x7fb0c9eab2e5 in std::basic_filebuf<char, std::char_traits<char> >::underflow() (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xeb2e5)
#3 0x7fb0c9eddfec in std::basic_streambuf<char, std::char_traits<char> >::xsgetn(char*, long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0x11dfec)
#4 0x7fb0c9eaac7d in std::basic_filebuf<char, std::char_traits<char> >::xsgetn(char*, long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xeac7d)
#5 0x7fb0c9eb78ea in std::istream::read(char*, long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xf78ea)
#6 0x7fb0cac23964 in ring::SubOutgoingFileTransfer::read(std::vector<unsigned char, std::allocator<unsigned char> >&) const /home/hlefeuvre/Development/ring-daemon/src/data_transfer.cpp:339
#7 0x7fb0cac038ae in _ZZN4ring14PeerConnection18PeerConnectionImpl9eventLoopEvENKUlRT_E_clISt10shared_ptrINS_6StreamEEEEDaS3_ (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xac18ae)
#8 0x7fb0cac040b8 in handle_stream_list<std::vector<std::shared_ptr<ring::Stream> >, ring::PeerConnection::PeerConnectionImpl::eventLoop()::<lambda(auto:1&)> > /home/hlefeuvre/Development/ring-daemon/src/peer_connection.cpp:521
#9 0x7fb0cac02409 in ring::PeerConnection::PeerConnectionImpl::eventLoop() /home/hlefeuvre/Development/ring-daemon/src/peer_connection.cpp:625
#10 0x7fb0cac0e0c1 in ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1}::operator()() const /home/hlefeuvre/Development/ring-daemon/src/peer_connection.cpp:477
#11 0x7fb0cac1fa0d in void std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>::_M_invoke<>(std::_Index_tuple<>) (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadda0d)
#12 0x7fb0cac1f8d9 in std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>::operator()() (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadd8d9)
#13 0x7fb0cac1f4ba in std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<void>, std::__future_base::_Result_base::_Deleter>, std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::operator()() const (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadd4ba)
#14 0x7fb0cac1f04d in std::_Function_handler<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> (), std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<void>, std::__future_base::_Result_base::_Deleter>, std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void> >::_M_invoke(std::_Any_data const&) (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadd04d)
#15 0x7fb0cac0f1d7 in std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>::operator()() const /usr/include/c++/5/functional:2267
#16 0x7fb0cac0d48c in std::__future_base::_State_baseV2::_M_do_set(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*) /usr/include/c++/5/future:527
#17 0x7fb0cac19e5a in void std::_Mem_fn_base<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*), true>::operator()<std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*, void>(std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*&&, bool*&&) const /usr/include/c++/5/functional:600
#18 0x7fb0cac188e6 in void std::_Bind_simple<std::_Mem_fn<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> (std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)>::_M_invoke<0ul, 1ul, 2ul>(std::_Index_tuple<0ul, 1ul, 2ul>) /usr/include/c++/5/functional:1531
#19 0x7fb0cac15fdd in std::_Bind_simple<std::_Mem_fn<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> (std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)>::operator()() /usr/include/c++/5/functional:1520
#20 0x7fb0cac1240e in void std::__once_call_impl<std::_Bind_simple<std::_Mem_fn<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> (std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> >() /usr/include/c++/5/mutex:706
#21 0x7fb0c999ba98 in __pthread_once_slow (/lib/x86_64-linux-gnu/libpthread.so.0+0xea98)
#22 0x7fb0cabfead9 in __gthread_once /usr/include/x86_64-linux-gnu/c++/5/bits/gthr-default.h:699
#23 0x7fb0cac0efc6 in void std::call_once<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*), std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*>(std::once_flag&, void (std::__future_base::_State_baseV2::*&&)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*), std::__future_base::_State_baseV2*&&, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*&&, bool*&&) /usr/include/c++/5/mutex:738
#24 0x7fb0cac0cec3 in std::__future_base::_State_baseV2::_M_set_result(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>, bool) /usr/include/c++/5/future:387
#25 0x7fb0cac1e61f in std::__future_base::_Async_state_impl<std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::_Async_state_impl(ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} (&&)())::{lambda()#1}::operator()() const /usr/include/c++/5/future:1658
#26 0x7fb0cac21a83 in void std::_Bind_simple<std::__future_base::_Async_state_impl<std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::_Async_state_impl(ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} (&&)())::{lambda()#1} ()>::_M_invoke<>(std::_Index_tuple<>) (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadfa83)
#27 0x7fb0cac21879 in std::_Bind_simple<std::__future_base::_Async_state_impl<std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::_Async_state_impl(ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} (&&)())::{lambda()#1} ()>::operator()() /usr/include/c++/5/functional:1520
#28 0x7fb0cac20953 in std::thread::_Impl<std::_Bind_simple<std::__future_base::_Async_state_impl<std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::_Async_state_impl(ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} (&&)())::{lambda()#1} ()> >::_M_run() (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xade953)
#29 0x7fb0c9e78c7f (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8c7f)
#30 0x7fb0c99946b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
#31 0x7fb0c96ca41c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)
0x62500817e100 is located 0 bytes inside of 8192-byte region [0x62500817e100,0x625008180100)
freed by thread T0 here:
#0 0x7fb0cc983caa in operator delete[](void*) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99caa)
#1 0x7fb0c9eac49d in std::basic_filebuf<char, std::char_traits<char> >::_M_destroy_internal_buffer() (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xec49d)
previously allocated by thread T71 here:
#0 0x7fb0cc9836b2 in operator new[](unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x996b2)
#1 0x7fb0c9eac467 in std::basic_filebuf<char, std::char_traits<char> >::_M_allocate_internal_buffer() (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xec467)
Thread T73 created by T71 here:
#0 0x7fb0cc920253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
#1 0x7fb0c9e78dc2 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8dc2)
Thread T71 created by T2 here:
#0 0x7fb0cc920253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
#1 0x7fb0c9e78dc2 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8dc2)
Thread T2 created by T0 here:
#0 0x7fb0cc920253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
#1 0x7fb0c9e78dc2 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8dc2)
SUMMARY: AddressSanitizer: heap-use-after-free ??:0 ??
Shadow bytes around the buggy address:
0x0c4a81027bd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a81027be0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a81027bf0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a81027c00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a81027c10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c4a81027c20:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a81027c30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a81027c40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a81027c50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a81027c60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a81027c70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==20292==ABORTING
This bug has potential security implications (CWE-416).