jami-daemon issueshttps://git.jami.net/savoirfairelinux/jami-daemon/-/issues2024-03-22T15:44:49Zhttps://git.jami.net/savoirfairelinux/jami-daemon/-/issues/13Add PipeWire support on Linux2024-03-22T15:44:49ZannaAdd PipeWire support on LinuxTo quote the PipeWire website (https://pipewire.org/#about):
"PipeWire is a project that aims to greatly improve handling of audio and video under Linux. It aims to support the usecases currently handled by both PulseAudio and Jack and ...To quote the PipeWire website (https://pipewire.org/#about):
"PipeWire is a project that aims to greatly improve handling of audio and video under Linux. It aims to support the usecases currently handled by both PulseAudio and Jack and at the same time provide same level of powerful handling of Video input and output. It also introduces a security model that makes interacting with audio and video devices from containerized applications easy, with supporting Flatpak applications being the primary goal. Alongside Wayland and Flatpak we expect PipeWire to provide a core building block for the future of Linux application development.
Features include:
* Capture and playback of audio and video with minimal latency.
* Real-time Multimedia processing on audio and video.
* Multiprocess architecture to let applications share multimedia content.
* GStreamer plugins for easy use and integration in current applications.
* Sandboxed applications support.
See Flatpak for more info."
@pgorley What do you think?François-Simon Fauteux-ChapleauFrançois-Simon Fauteux-Chapleauhttps://git.jami.net/savoirfairelinux/jami-daemon/-/issues/14Incoherent packet loss and call fail2024-03-08T19:26:15ZSébastien BlinIncoherent packet loss and call failSometimes, during the call connection, the daemon log an incoherent packet loss (integer overflow) and then the call fails.
This is due when `TlsSession::TlsSessionImpl::flushRxQueue()` receives the same packet sequence number twice.Sometimes, during the call connection, the daemon log an incoherent packet loss (integer overflow) and then the call fails.
This is due when `TlsSession::TlsSessionImpl::flushRxQueue()` receives the same packet sequence number twice.Gnome 2018.07.15Sébastien BlinSébastien Blinhttps://git.jami.net/savoirfairelinux/jami-daemon/-/issues/15Allow Incoming call options doesn't work2024-03-08T19:26:15ZSébastien BlinAllow Incoming call options doesn't work```
ALLOW_CERT_FROM_HISTORY
ALLOW_CERT_FROM_CONTACT
ALLOW_CERT_FROM_TRUSTED
```
doesn't change the behavior of the daemon. If this option is set to false, this should disallow calls from peers.```
ALLOW_CERT_FROM_HISTORY
ALLOW_CERT_FROM_CONTACT
ALLOW_CERT_FROM_TRUSTED
```
doesn't change the behavior of the daemon. If this option is set to false, this should disallow calls from peers.https://git.jami.net/savoirfairelinux/jami-daemon/-/issues/16missing audio during call2024-03-08T19:26:15ZHugo Lefeuvremissing audio during call**Issue:** No audio during Ring video calls.
**Setup:** latest daemon + LRC + GNU/Linux GNOME client master. The other peer uses the MacOS client, latest stable version.
**Daemon logs:**
```
[1530368590.976|14825|accel.cpp :146...**Issue:** No audio during Ring video calls.
**Setup:** latest daemon + LRC + GNU/Linux GNOME client master. The other peer uses the MacOS client, latest stable version.
**Daemon logs:**
```
[1530368590.976|14825|accel.cpp :146 ] Not using hardware accelerated decoding
[1530368590.976|14825|media_decoder.cpp :224 ] Decoding audio using Opus (opus)
[1530368590.976|14825|media_decoder.cpp :489 ] Creating audio resampler
[1530368591.019|10763|sipvoiplink.cpp :1129 ] [INVITE:0x5576d3144508] RX SIP method 6 (INFO)
[1530368591.019|10763|sipvoiplink.cpp :1019 ] handling picture fast update request
[1530368591.019|10763|video_sender.cpp :87 ] Key frame requested
[1530368591.093|14826|media_decoder.cpp :131 ] Using format video4linux2
[1530368591.093|14826|media_decoder.cpp :172 ] Finding video stream info
[mjpeg @ 0x7f5f9c003060] unable to decode APP fields: Invalid data found when processing input
[1530368591.364|14826|accel.cpp :103 ] Using 'vaapi' hardware acceleration with device '/dev/dri/r
enderD128'
[1530368591.364|14826|media_decoder.cpp :224 ] Decoding video using MJPEG (Motion JPEG) (mjpeg)
[1530368591.364|14826|video_input.cpp :366 ] created decoder with video params : size=960X540, fps=30.00
0000
[1530368591.364|14826|sinkclient.cpp :372 ] Start sink <local / Ring Daemon_shm_10763_0>, size=960x540,
mixer=0
[mjpeg @ 0x7f5f9c004820] unable to decode APP fields: Invalid data found when processing input
[1530368591.370|14826|accel.cpp :64 ] Frame format mismatch: expected vaapi_vld, got yuv422p
[1530368591.377|14826|sip_utils.cpp :203 ] Registered thread 0x7f5feeccd130 (0x2A0B)
[1530368591.379|14826|sinkclient.cpp :182 ] ShmHolder[Ring Daemon_shm_10763_0]: new sizes: f=2073600, a
=4147303
[mjpeg @ 0x7f5f9c004820] unable to decode APP fields: Invalid data found when processing input
[1530368591.400|14826|accel.cpp :64 ] Frame format mismatch: expected vaapi_vld, got yuv422p
[mjpeg @ 0x7f5f9c004820] unable to decode APP fields: Invalid data found when processing input
[1530368591.435|14826|accel.cpp :64 ] Frame format mismatch: expected vaapi_vld, got yuv422p
[mjpeg @ 0x7f5f9c004820] unable to decode APP fields: Invalid data found when processing input
[1530368591.467|14826|accel.cpp :64 ] Frame format mismatch: expected vaapi_vld, got yuv422p
[mjpeg @ 0x7f5f9c004820] unable to decode APP fields: Invalid data found when processing input
[1530368591.498|14826|accel.cpp :64 ] Frame format mismatch: expected vaapi_vld, got yuv422p
[1530368591.498|14826|media_decoder.cpp :285 ] Hardware decoding failure
[1530368591.501|14826|media_decoder.cpp :114 ] Trying to open device /dev/video0 with format video4linux2,
pixel format mjpeg, size 960x540, rate 30.000000
[1530368591.537|14826|media_decoder.cpp :131 ] Using format video4linux2
[1530368591.537|14826|media_decoder.cpp :172 ] Finding video stream info
[mjpeg @ 0x7f5f9c0189e0] unable to decode APP fields: Invalid data found when processing input
[1530368591.731|14826|accel.cpp :103 ] Using 'vaapi' hardware acceleration with device '/dev/dri/r
enderD128'
[1530368591.731|14826|media_decoder.cpp :224 ] Decoding video using MJPEG (Motion JPEG) (mjpeg)
[1530368591.731|14826|video_input.cpp :366 ] created decoder with video params : size=960X540, fps=30.00
0000
[1530368591.731|14826|sinkclient.cpp :372 ] Start sink <local / Ring Daemon_shm_10763_0>, size=960x540,
mixer=0
[1530368591.731|14826|video_input.cpp :221 ] Disabling hardware decoding due to previous failure
[mjpeg @ 0x7f5f9c018ec0] unable to decode APP fields: Invalid data found when processing input
[mjpeg @ 0x7f5f9c018ec0] unable to decode APP fields: Invalid data found when processing input
[mjpeg @ 0x7f5f9c018ec0] unable to decode APP fields: Invalid data found when processing input
[mjpeg @ 0x7f5f9c018ec0] unable to decode APP fields: Invalid data found when processing input
[mjpeg @ 0x7f5f9c018ec0] unable to decode APP fields: Invalid data found when processing input
[1530368592.821|14835|accel.cpp :103 ] Using 'vaapi' hardware acceleration with device '/dev/dri/r
enderD128'
[1530368592.821|14835|media_decoder.cpp :224 ] Decoding video using H.264 / AVC / MPEG-4 AVC / MPEG-4 part
10 (h264)
[1530368592.821|14835|sinkclient.cpp :182 ] ShmHolder[Ring Daemon_shm_10763_1]: new sizes: f=0, a=103
[1530368592.821|14835|sinkclient.cpp :148 ] ShmHolder: new holder 'Ring Daemon_shm_10763_1'
[1530368592.822|14835|sinkclient.cpp :372 ] Start sink <2052679725649646304 / Ring Daemon_shm_10763_1>,
size=1280x720, mixer=0
[mjpeg @ 0x7f5f9c018ec0] unable to decode APP fields: Invalid data found when processing input
[1530368592.829|14835|sinkclient.cpp :182 ] ShmHolder[Ring Daemon_shm_10763_1]: new sizes: f=3686400, a
=7372903
[mjpeg @ 0x7f5f9c018ec0] unable to decode APP fields: Invalid data found when processing input
[mjpeg @ 0x7f5f9c018ec0] unable to decode APP fields: Invalid data found when processing input
[mjpeg @ 0x7f5f9c018ec0] unable to decode APP fields: Invalid data found when processing input
[mjpeg @ 0x7f5f9c018ec0] unable to decode APP fields: Invalid data found when processing input
[1530368596.813|10763|manager.cpp :1657 ] [call:2052679725649646304] Remove local audio
[1530368596.813|10763|sipcall.cpp :294 ] [call:2052679725649646304] Terminate SIP session
[1530368596.814|10763|sipcall.cpp :940 ] [call:2052679725649646304] stopping all medias
[1530368596.814|14825|media_decoder.cpp :339 ] Couldn't read frame: Operation not permitted
[1530368596.814|14825|audio_rtp_session.cpp:333 ] fatal error, read failed
[libopus @ 0x7f5fa0002320] 1 frames left in the queue on closing
[1530368596.827|14835|sinkclient.cpp :377 ] Stop sink <2052679725649646304 / Ring Daemon_shm_10763_1>,
mixer=0
[mjpeg @ 0x7f5f9c018ec0] unable to decode APP fields: Invalid data found when processing input
[1530368596.839|14826|sinkclient.cpp :377 ] Stop sink <local / Ring Daemon_shm_10763_0>, mixer=0
[1530368596.839|14826|video_input.cpp :172 ] VideoInput closed
[1530368596.839|10763|call.cpp :198 ] [call:2052679725649646304] state change 1/1, cnx 4/0, code
0
[1530368596.839|10763|call.cpp :221 ] [call:2052679725649646304] emit client call state change HU
NGUP, code 0
[1530368596.839|10763|sipcall.cpp :703 ] [call:2052679725649646304] removeCall()
```
(slightly modified, removed some redundant lines)
**How to reproduce:** Don't know, it appears to happen randomly. Last time it worked.
Then I used my Android client and it worked perfectly.https://git.jami.net/savoirfairelinux/jami-daemon/-/issues/17Account migration status is Broken2024-03-08T19:26:15ZSébastien BlinAccount migration status is BrokenInstead the `ERROR_NEED_MIGRATION` the status `ERROR_GENERIC` is triggered.
# Reproduce step
1. Create a Ring account with a password
2. Remove device_crt* from the `local` directory
3. Launch the daemon and look at the status of the a...Instead the `ERROR_NEED_MIGRATION` the status `ERROR_GENERIC` is triggered.
# Reproduce step
1. Create a Ring account with a password
2. Remove device_crt* from the `local` directory
3. Launch the daemon and look at the status of the account
4. The account got status `ERROR_GENERIC`
# Expected
The account should have a `ERROR_NEED_MIGRATION` to launch the migration view in the client.Gnome 2018.07.15Sébastien BlinSébastien Blinhttps://git.jami.net/savoirfairelinux/jami-daemon/-/issues/18heap-buffer-overflow (OOB read) in msgData2022-11-14T21:52:31ZHugo Lefeuvreheap-buffer-overflow (OOB read) in msgData**Affected**: latest daemon master & earlier. Built with `-O0 -g -fsanitize=address`
**How to reproduce**: Don't know, crash happened in background
**ASAN stacktrace**:
```
[1530642849.947|14374|ringaccount.cpp :3274 ] [Account 9fba...**Affected**: latest daemon master & earlier. Built with `-O0 -g -fsanitize=address`
**How to reproduce**: Don't know, crash happened in background
**ASAN stacktrace**:
```
[1530642849.947|14374|ringaccount.cpp :3274 ] [Account 9fba7138a1fc3f51] found 1 devices for dfbf26a7e179df1c820b6228337b87387aa18461
[1530642850.099|14374|ringaccount.cpp :2014 ] Buddy ded6a9d278d05adac3265a0a69d07bd264e0861a online: (device: 8cab8a934b6fa5965e7c6924afb9a3487751045a)
[1530642850.099|14374|ringaccount.cpp :3274 ] [Account 9fba7138a1fc3f51] found 1 devices for ded6a9d278d05adac3265a0a69d07bd264e0861a
[1530643018.062|20911|p2p.cpp :316 ] [Account 9fba7138a1fc3f51] [CNX] request connection to 59e730f3484cd99742ad4a98cd3f55fc93070d92
[1530643038.063|20911|p2p.cpp :273 ] [CNX] exception during client processing: no response from DHT to E2E request
=================================================================
==14374==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000280378 at pc 0x7fed8da2f0b9 bp 0x7fed820de900 sp 0x7fed820de8f0
READ of size 20 at 0x603000280378 thread T2
#0 0x7fed8da2f0b8 in msgData<0ul, (ring::<unnamed>::CtrlMsgType)1, std::tuple<ring::(anonymous namespace)::CtrlMsg<(ring::<unnamed>::CtrlMsgType)0, void>, ring::(anonymous namespace)::CtrlMsg<(ring::<unnamed>::CtrlMsgType)1, std::tuple<dht::Hash<20ul>, long unsigned int> >, ring::(anonymous namespace)::CtrlMsg<(ring::<unnamed>::CtrlMsgType)2, std::tuple<ring::IpAddr> >, ring::(anonymous namespace)::CtrlMsg<(ring::<unnamed>::CtrlMsgType)3, std::tuple<ring::IpAddr> >, ring::(anonymous namespace)::CtrlMsg<(ring::<unnamed>::CtrlMsgType)4, std::tuple<ring::(anonymous namespace)::PeerConnectionMsg> >, ring::(anonymous namespace)::CtrlMsg<(ring::<unnamed>::CtrlMsgType)5, std::tuple<ring::(anonymous namespace)::PeerConnectionMsg> >, ring::(anonymous namespace)::CtrlMsg<(ring::<unnamed>::CtrlMsgType)6, std::tuple<dht::Hash<20ul>, long unsigned int, std::shared_ptr<dht::crypto::Certificate>, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::function<void(ring::PeerConnection*)> > > >, ring::(anonymous namespace)::CtrlMsgBase> /home/hlefeuvre/Development/ring-daemon/src/ringdht/p2p.cpp:161
#1 0x7fed8da2f108 in ctrlMsgData<(ring::<unnamed>::CtrlMsgType)1, 0ul, ring::(anonymous namespace)::CtrlMsgBase> /home/hlefeuvre/Development/ring-daemon/src/ringdht/p2p.cpp:186
#2 0x7fed8da2fcca in ring::DhtPeerConnector::Impl::eventLoop() /home/hlefeuvre/Development/ring-daemon/src/ringdht/p2p.cpp:637
#3 0x7fed8da416ff in ring::DhtPeerConnector::Impl::Impl(ring::RingAccount&)::{lambda()#1}::operator()() const /home/hlefeuvre/Development/ring-daemon/src/ringdht/p2p.cpp:200
#4 0x7fed8da5de79 in void std::_Bind_simple<ring::DhtPeerConnector::Impl::Impl(ring::RingAccount&)::{lambda()#1} ()>::_M_invoke<>(std::_Index_tuple<>) /usr/include/c++/5/functional:1531
#5 0x7fed8da5d973 in std::_Bind_simple<ring::DhtPeerConnector::Impl::Impl(ring::RingAccount&)::{lambda()#1} ()>::operator()() /usr/include/c++/5/functional:1520
#6 0x7fed8da5cf58 in std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<void>, std::__future_base::_Result_base::_Deleter>, std::_Bind_simple<ring::DhtPeerConnector::Impl::Impl(ring::RingAccount&)::{lambda()#1} ()>, void>::operator()() const /usr/include/c++/5/future:1342
#7 0x7fed8da5c619 in std::_Function_handler<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> (), std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<void>, std::__future_base::_Result_base::_Deleter>, std::_Bind_simple<ring::DhtPeerConnector::Impl::Impl(ring::RingAccount&)::{lambda()#1} ()>, void> >::_M_invoke(std::_Any_data const&) /usr/include/c++/5/functional:1857
#8 0x7fed8d71c1d7 in std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>::operator()() const /usr/include/c++/5/functional:2267
#9 0x7fed8d71a48c in std::__future_base::_State_baseV2::_M_do_set(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*) /usr/include/c++/5/future:527
#10 0x7fed8d726e5a in void std::_Mem_fn_base<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*), true>::operator()<std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*, void>(std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*&&, bool*&&) const /usr/include/c++/5/functional:600
#11 0x7fed8d7258e6 in void std::_Bind_simple<std::_Mem_fn<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> (std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)>::_M_invoke<0ul, 1ul, 2ul>(std::_Index_tuple<0ul, 1ul, 2ul>) /usr/include/c++/5/functional:1531
#12 0x7fed8d722fdd in std::_Bind_simple<std::_Mem_fn<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> (std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)>::operator()() /usr/include/c++/5/functional:1520
#13 0x7fed8d71f40e in void std::__once_call_impl<std::_Bind_simple<std::_Mem_fn<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> (std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> >() /usr/include/c++/5/mutex:706
#14 0x7fed8c4a8a98 in __pthread_once_slow (/lib/x86_64-linux-gnu/libpthread.so.0+0xea98)
#15 0x7fed8d70bad9 in __gthread_once /usr/include/x86_64-linux-gnu/c++/5/bits/gthr-default.h:699
#16 0x7fed8d71bfc6 in void std::call_once<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*), std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*>(std::once_flag&, void (std::__future_base::_State_baseV2::*&&)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*), std::__future_base::_State_baseV2*&&, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*&&, bool*&&) /usr/include/c++/5/mutex:738
#17 0x7fed8d719ec3 in std::__future_base::_State_baseV2::_M_set_result(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>, bool) /usr/include/c++/5/future:387
#18 0x7fed8da5b161 in std::__future_base::_Async_state_impl<std::_Bind_simple<ring::DhtPeerConnector::Impl::Impl(ring::RingAccount&)::{lambda()#1} ()>, void>::_Async_state_impl(ring::DhtPeerConnector::Impl::Impl(ring::RingAccount&)::{lambda()#1} (&&)())::{lambda()#1}::operator()() const /usr/include/c++/5/future:1658
#19 0x7fed8da61805 in void std::_Bind_simple<std::__future_base::_Async_state_impl<std::_Bind_simple<ring::DhtPeerConnector::Impl::Impl(ring::RingAccount&)::{lambda()#1} ()>, void>::_Async_state_impl(ring::DhtPeerConnector::Impl::Impl(ring::RingAccount&)::{lambda()#1} (&&)())::{lambda()#1} ()>::_M_invoke<>(std::_Index_tuple<>) /usr/include/c++/5/functional:1531
#20 0x7fed8da61505 in std::_Bind_simple<std::__future_base::_Async_state_impl<std::_Bind_simple<ring::DhtPeerConnector::Impl::Impl(ring::RingAccount&)::{lambda()#1} ()>, void>::_Async_state_impl(ring::DhtPeerConnector::Impl::Impl(ring::RingAccount&)::{lambda()#1} (&&)())::{lambda()#1} ()>::operator()() /usr/include/c++/5/functional:1520
#21 0x7fed8da6019b in std::thread::_Impl<std::_Bind_simple<std::__future_base::_Async_state_impl<std::_Bind_simple<ring::DhtPeerConnector::Impl::Impl(ring::RingAccount&)::{lambda()#1} ()>, void>::_Async_state_impl(ring::DhtPeerConnector::Impl::Impl(ring::RingAccount&)::{lambda()#1} (&&)())::{lambda()#1} ()> >::_M_run() /usr/include/c++/5/thread:115
#22 0x7fed8c985c7f (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8c7f)
#23 0x7fed8c4a16b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
#24 0x7fed8c1d741c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)
0x603000280380 is located 0 bytes to the right of 32-byte region [0x603000280360,0x603000280380)
allocated by thread T445 here:
#0 0x7fed8f490532 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99532)
#1 0x7fed8da32682 in make_unique<ring::(anonymous namespace)::CtrlMsg<(ring::<unnamed>::CtrlMsgType)1, std::tuple<dht::Hash<20ul> > >, const dht::Hash<20ul>&> /usr/include/c++/5/bits/unique_ptr.h:765
#2 0x7fed8da2a5ec in makeMsg<(ring::<unnamed>::CtrlMsgType)1, dht::Hash<20ul> > /home/hlefeuvre/Development/ring-daemon/src/ringdht/p2p.cpp:153
#3 0x7fed8da426b6 in ring::DhtPeerConnector::Impl::ClientConnector::cancel() /home/hlefeuvre/Development/ring-daemon/src/ringdht/p2p.cpp:299
#4 0x7fed8da41f47 in ring::DhtPeerConnector::Impl::ClientConnector::ClientConnector(ring::DhtPeerConnector::Impl&, dht::Hash<20ul> const&, std::shared_ptr<dht::crypto::Certificate> const&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, std::function<void (ring::PeerConnection*)> const&)::{lambda()#1}::operator()() const /home/hlefeuvre/Development/ring-daemon/src/ringdht/p2p.cpp:274
#5 0x7fed8da5df37 in void std::_Bind_simple<ring::DhtPeerConnector::Impl::ClientConnector::ClientConnector(ring::DhtPeerConnector::Impl&, dht::Hash<20ul> const&, std::shared_ptr<dht::crypto::Certificate> const&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, std::function<void (ring::PeerConnection*)> const&)::{lambda()#1} ()>::_M_invoke<>(std::_Index_tuple<>) /usr/include/c++/5/functional:1531
#6 0x7fed8da5da9f in std::_Bind_simple<ring::DhtPeerConnector::Impl::ClientConnector::ClientConnector(ring::DhtPeerConnector::Impl&, dht::Hash<20ul> const&, std::shared_ptr<dht::crypto::Certificate> const&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, std::function<void (ring::PeerConnection*)> const&)::{lambda()#1} ()>::operator()() /usr/include/c++/5/functional:1520
#7 0x7fed8da5d43c in std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<void>, std::__future_base::_Result_base::_Deleter>, std::_Bind_simple<ring::DhtPeerConnector::Impl::ClientConnector::ClientConnector(ring::DhtPeerConnector::Impl&, dht::Hash<20ul> const&, std::shared_ptr<dht::crypto::Certificate> const&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, std::function<void (ring::PeerConnection*)> const&)::{lambda()#1} ()>, void>::operator()() const /usr/include/c++/5/future:1342
#8 0x7fed8da5ca2a in std::_Function_handler<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> (), std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<void>, std::__future_base::_Result_base::_Deleter>, std::_Bind_simple<ring::DhtPeerConnector::Impl::ClientConnector::ClientConnector(ring::DhtPeerConnector::Impl&, dht::Hash<20ul> const&, std::shared_ptr<dht::crypto::Certificate> const&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, std::function<void (ring::PeerConnection*)> const&)::{lambda()#1} ()>, void> >::_M_invoke(std::_Any_data const&) /usr/include/c++/5/functional:1857
#9 0x7fed8d71c1d7 in std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>::operator()() const /usr/include/c++/5/functional:2267
#10 0x7fed8d71a48c in std::__future_base::_State_baseV2::_M_do_set(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*) /usr/include/c++/5/future:527
#11 0x7fed8d726e5a in void std::_Mem_fn_base<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*), true>::operator()<std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*, void>(std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*&&, bool*&&) const /usr/include/c++/5/functional:600
#12 0x7fed8d7258e6 in void std::_Bind_simple<std::_Mem_fn<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> (std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)>::_M_invoke<0ul, 1ul, 2ul>(std::_Index_tuple<0ul, 1ul, 2ul>) /usr/include/c++/5/functional:1531
#13 0x7fed8d722fdd in std::_Bind_simple<std::_Mem_fn<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> (std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)>::operator()() /usr/include/c++/5/functional:1520
#14 0x7fed8d71f40e in void std::__once_call_impl<std::_Bind_simple<std::_Mem_fn<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> (std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> >() /usr/include/c++/5/mutex:706
#15 0x7fed8c4a8a98 in __pthread_once_slow (/lib/x86_64-linux-gnu/libpthread.so.0+0xea98)
Thread T2 created by T0 here:
#0 0x7fed8f42d253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
#1 0x7fed8c985dc2 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8dc2)
Thread T445 created by T2 here:
#0 0x7fed8f42d253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
#1 0x7fed8c985dc2 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8dc2)
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/hlefeuvre/Development/ring-daemon/src/ringdht/p2p.cpp:161 msgData<0ul, (ring::<unnamed>::CtrlMsgType)1, std::tuple<ring::(anonymous namespace)::CtrlMsg<(ring::<unnamed>::CtrlMsgType)0, void>, ring::(anonymous namespace)::CtrlMsg<(ring::<unnamed>::CtrlMsgType)1, std::tuple<dht::Hash<20ul>, long unsigned int> >, ring::(anonymous namespace)::CtrlMsg<(ring::<unnamed>::CtrlMsgType)2, std::tuple<ring::IpAddr> >, ring::(anonymous namespace)::CtrlMsg<(ring::<unnamed>::CtrlMsgType)3, std::tuple<ring::IpAddr> >, ring::(anonymous namespace)::CtrlMsg<(ring::<unnamed>::CtrlMsgType)4, std::tuple<ring::(anonymous namespace)::PeerConnectionMsg> >, ring::(anonymous namespace)::CtrlMsg<(ring::<unnamed>::CtrlMsgType)5, std::tuple<ring::(anonymous namespace)::PeerConnectionMsg> >, ring::(anonymous namespace)::CtrlMsg<(ring::<unnamed>::CtrlMsgType)6, std::tuple<dht::Hash<20ul>, long unsigned int, std::shared_ptr<dht::crypto::Certificate>, std::vector<std::__cxx11::basic_strin
Shadow bytes around the buggy address:
0x0c0680048010: fa fa 00 00 00 00 fa fa fa fa fa fa fa fa fa fa
0x0c0680048020: fa fa fa fa fd fd fd fd fa fa fd fd fd fa fa fa
0x0c0680048030: fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0680048040: fa fa fa fa fa fa fa fa fd fd fd fd fa fa fd fd
0x0c0680048050: fd fa fa fa fd fd fd fa fa fa fd fd fd fd fa fa
=>0x0c0680048060: fa fa fa fa fa fa fd fd fd fd fa fa 00 00 00[00]
0x0c0680048070: fa fa fd fd fd fa fa fa fa fa fa fa fa fa 00 00
0x0c0680048080: 00 00 fa fa fa fa fa fa fa fa fd fd fd fa fa fa
0x0c0680048090: fd fd fd fa fa fa fa fa fa fa fa fa fd fd fd fd
0x0c06800480a0: fa fa fd fd fd fd fa fa fd fd fd fd fa fa fd fd
0x0c06800480b0: fd fa fa fa fa fa fa fa fa fa fd fd fd fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==14374==ABORTING
```
This bug has potential security implications (CWE-125).Gnome 2018.07.15Sébastien BlinSébastien Blinhttps://git.jami.net/savoirfairelinux/jami-daemon/-/issues/19Able to place calls with disabled account2022-11-14T21:52:31ZPhilippe GorleyAble to place calls with disabled accountSteps:
1. Create an account
2. Disable said account
3. Place a call
Expected result: No call is placed, get an error message
Actual result: Daemon prints "Account is not usable for calling", but client is searching for the peer.Steps:
1. Create an account
2. Disable said account
3. Place a call
Expected result: No call is placed, get an error message
Actual result: Daemon prints "Account is not usable for calling", but client is searching for the peer.Sébastien BlinSébastien Blinhttps://git.jami.net/savoirfairelinux/jami-daemon/-/issues/20heap-use-after-free when canceling file transfer2022-11-14T21:52:31ZHugo Lefeuvreheap-use-after-free when canceling file transfer**Affects**: latest daemon master & earlier. Built with `-O0 -g -fsanitize=address`.
**How to reproduce**: Cancel a file transfer while the file is being sent. While it does not always happen, I managed to reproduce it twice.
**ASAN st...**Affects**: latest daemon master & earlier. Built with `-O0 -g -fsanitize=address`.
**How to reproduce**: Cancel a file transfer while the file is being sent. While it does not always happen, I managed to reproduce it twice.
**ASAN stacktrace no. 1**:
```
[1531169668.821|19662|ringaccount.cpp :3274 ] [Account 9fba7138a1fc3f51] found 0 devices for e6b11a4a3406609c079dcba364b199eac72f0882
[1531169668.821|19662|p2p.cpp :780 ] 0x62300000e110[CNX] aborted, no devices for e6b11a4a3406609c079dcba364b199eac72f0882
[1531169689.507|20021|p2p.cpp :316 ] [Account 9fba7138a1fc3f51] [CNX] request connection to e6b11a4a3406609c079dcba364b199eac72f0882
[1531169689.944|19677|p2p.cpp :585 ] [Account 9fba7138a1fc3f51] [CNX] rx DHT reply from e6b11a4a3406609c079dcba364b199eac72f0882
[1531169689.951|20021|p2p.cpp :342 ] [Account 9fba7138a1fc3f51] [CNX] connecting to TURN relay 158.69.203.51:19418
[1531169689.953|20021|p2p.cpp :354 ] [Account 9fba7138a1fc3f51] [CNX] start TLS session
[1531169689.954|20025|tls_session.cpp :738 ] [TLS] Start client session
[1531169689.970|20025|tls_session.cpp :446 ] [TLS] User identity loaded
[1531169689.970|20025|tls_session.cpp :833 ] [TLS] handshake
[1531169690.395|20025|tls_session.cpp :860 ] [TLS] session established: (TLS1.2)-(ANON-DH)-(AES-256-GCM)
[1531169690.395|20025|tls_session.cpp :866 ] [TLS] renogotiate with certificate authentification
[1531169690.395|20025|tls_session.cpp :833 ] [TLS] handshake
[1531169690.707|20025|tls_session.cpp :860 ] [TLS] session established: (TLS1.2)-(ECDHE-SECP384R1)-(RSA-SHA384)-(AES-256-GCM)
[1531169690.720|20026|peer_connection.cpp:540 ] [CNX] Peer connection to e6b11a4a3406609c079dcba364b199eac72f0882 ready
[1531169691.014|19662|ringaccount.cpp :2014 ] Buddy 60ba2209df97e8f6546f9cbb5b12ad08dbff7c4d online: (device: e6b11a4a3406609c079dcba364b199eac72f0882)
[1531169691.014|19662|ringaccount.cpp :3274 ] [Account 9fba7138a1fc3f51] found 1 devices for 60ba2209df97e8f6546f9cbb5b12ad08dbff7c4d
=================================================================
==19662==ERROR: AddressSanitizer: heap-use-after-free on address 0x62500643c100 at pc 0x7f1b422bfe55 bp 0x7f1b2d68ad10 sp 0x7f1b2d68a4b8
WRITE of size 8191 at 0x62500643c100 thread T67
#0 0x7f1b422bfe54 (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x45e54)
#1 0x7f1b3f800216 in std::__basic_file<char>::xsgetn(char*, long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb0216)
#2 0x7f1b3f83b2e5 in std::basic_filebuf<char, std::char_traits<char> >::underflow() (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xeb2e5)
#3 0x7f1b3f86dfec in std::basic_streambuf<char, std::char_traits<char> >::xsgetn(char*, long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0x11dfec)
#4 0x7f1b3f83ac7d in std::basic_filebuf<char, std::char_traits<char> >::xsgetn(char*, long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xeac7d)
#5 0x7f1b3f8478ea in std::istream::read(char*, long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xf78ea)
#6 0x7f1b405b3964 in ring::SubOutgoingFileTransfer::read(std::vector<unsigned char, std::allocator<unsigned char> >&) const /home/hlefeuvre/Development/ring-daemon/src/data_transfer.cpp:339
#7 0x7f1b405938ae in _ZZN4ring14PeerConnection18PeerConnectionImpl9eventLoopEvENKUlRT_E_clISt10shared_ptrINS_6StreamEEEEDaS3_ (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xac18ae)
#8 0x7f1b405940b8 in handle_stream_list<std::vector<std::shared_ptr<ring::Stream> >, ring::PeerConnection::PeerConnectionImpl::eventLoop()::<lambda(auto:1&)> > /home/hlefeuvre/Development/ring-daemon/src/peer_connection.cpp:521
#9 0x7f1b40592409 in ring::PeerConnection::PeerConnectionImpl::eventLoop() /home/hlefeuvre/Development/ring-daemon/src/peer_connection.cpp:625
#10 0x7f1b4059e0c1 in ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1}::operator()() const /home/hlefeuvre/Development/ring-daemon/src/peer_connection.cpp:477
#11 0x7f1b405afa0d in void std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>::_M_invoke<>(std::_Index_tuple<>) (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadda0d)
#12 0x7f1b405af8d9 in std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>::operator()() (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadd8d9)
#13 0x7f1b405af4ba in std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<void>, std::__future_base::_Result_base::_Deleter>, std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::operator()() const (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadd4ba)
#14 0x7f1b405af04d in std::_Function_handler<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> (), std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<void>, std::__future_base::_Result_base::_Deleter>, std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void> >::_M_invoke(std::_Any_data const&) (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadd04d)
#15 0x7f1b4059f1d7 in std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>::operator()() const /usr/include/c++/5/functional:2267
#16 0x7f1b4059d48c in std::__future_base::_State_baseV2::_M_do_set(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*) /usr/include/c++/5/future:527
#17 0x7f1b405a9e5a in void std::_Mem_fn_base<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*), true>::operator()<std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*, void>(std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*&&, bool*&&) const /usr/include/c++/5/functional:600
#18 0x7f1b405a88e6 in void std::_Bind_simple<std::_Mem_fn<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> (std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)>::_M_invoke<0ul, 1ul, 2ul>(std::_Index_tuple<0ul, 1ul, 2ul>) /usr/include/c++/5/functional:1531
#19 0x7f1b405a5fdd in std::_Bind_simple<std::_Mem_fn<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> (std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)>::operator()() /usr/include/c++/5/functional:1520
#20 0x7f1b405a240e in void std::__once_call_impl<std::_Bind_simple<std::_Mem_fn<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> (std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> >() /usr/include/c++/5/mutex:706
#21 0x7f1b3f32ba98 in __pthread_once_slow (/lib/x86_64-linux-gnu/libpthread.so.0+0xea98)
#22 0x7f1b4058ead9 in __gthread_once /usr/include/x86_64-linux-gnu/c++/5/bits/gthr-default.h:699
#23 0x7f1b4059efc6 in void std::call_once<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*), std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*>(std::once_flag&, void (std::__future_base::_State_baseV2::*&&)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*), std::__future_base::_State_baseV2*&&, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*&&, bool*&&) /usr/include/c++/5/mutex:738
#24 0x7f1b4059cec3 in std::__future_base::_State_baseV2::_M_set_result(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>, bool) /usr/include/c++/5/future:387
#25 0x7f1b405ae61f in std::__future_base::_Async_state_impl<std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::_Async_state_impl(ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} (&&)())::{lambda()#1}::operator()() const /usr/include/c++/5/future:1658
#26 0x7f1b405b1a83 in void std::_Bind_simple<std::__future_base::_Async_state_impl<std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::_Async_state_impl(ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} (&&)())::{lambda()#1} ()>::_M_invoke<>(std::_Index_tuple<>) (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadfa83)
#27 0x7f1b405b1879 in std::_Bind_simple<std::__future_base::_Async_state_impl<std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::_Async_state_impl(ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} (&&)())::{lambda()#1} ()>::operator()() /usr/include/c++/5/functional:1520
#28 0x7f1b405b0953 in std::thread::_Impl<std::_Bind_simple<std::__future_base::_Async_state_impl<std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::_Async_state_impl(ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<[1531169668.821|19662|ringaccount.cpp :3274 ] [Account 9fba7138a1fc3f51] found 0 devices for e6b11a4a3406609c079dcba364b199eac72f0882
[1531169668.821|19662|p2p.cpp :780 ] 0x62300000e110[CNX] aborted, no devices for e6b11a4a3406609c079dcba364b199eac72f0882
[1531169689.507|20021|p2p.cpp :316 ] [Account 9fba7138a1fc3f51] [CNX] request connection to e6b11a4a3406609c079dcba364b199eac72f0882
[1531169689.944|19677|p2p.cpp :585 ] [Account 9fba7138a1fc3f51] [CNX] rx DHT reply from e6b11a4a3406609c079dcba364b199eac72f0882
[1531169689.951|20021|p2p.cpp :342 ] [Account 9fba7138a1fc3f51] [CNX] connecting to TURN relay 158.69.203.51:19418
[1531169689.953|20021|p2p.cpp :354 ] [Account 9fba7138a1fc3f51] [CNX] start TLS session
[1531169689.954|20025|tls_session.cpp :738 ] [TLS] Start client session
[1531169689.970|20025|tls_session.cpp :446 ] [TLS] User identity loaded
[1531169689.970|20025|tls_session.cpp :833 ] [TLS] handshake
[1531169690.395|20025|tls_session.cpp :860 ] [TLS] session established: (TLS1.2)-(ANON-DH)-(AES-256-GCM)
[1531169690.395|20025|tls_session.cpp :866 ] [TLS] renogotiate with certificate authentification
[1531169690.395|20025|tls_session.cpp :833 ] [TLS] handshake
[1531169690.707|20025|tls_session.cpp :860 ] [TLS] session established: (TLS1.2)-(ECDHE-SECP384R1)-(RSA-SHA384)-(AES-256-GCM)
[1531169690.720|20026|peer_connection.cpp:540 ] [CNX] Peer connection to e6b11a4a3406609c079dcba364b199eac72f0882 ready
[1531169691.014|19662|ringaccount.cpp :2014 ] Buddy 60ba2209df97e8f6546f9cbb5b12ad08dbff7c4d online: (device: e6b11a4a3406609c079dcba364b199eac72f0882)
[1531169691.014|19662|ringaccount.cpp :3274 ] [Account 9fba7138a1fc3f51] found 1 devices for 60ba2209df97e8f6546f9cbb5b12ad08dbff7c4d
=================================================================
==19662==ERROR: AddressSanitizer: heap-use-after-free on address 0x62500643c100 at pc 0x7f1b422bfe55 bp 0x7f1b2d68ad10 sp 0x7f1b2d68a4b8
WRITE of size 8191 at 0x62500643c100 thread T67
#0 0x7f1b422bfe54 (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x45e54)
#1 0x7f1b3f800216 in std::__basic_file<char>::xsgetn(char*, long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb0216)
#2 0x7f1b3f83b2e5 in std::basic_filebuf<char, std::char_traits<char> >::underflow() (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xeb2e5)
#3 0x7f1b3f86dfec in std::basic_streambuf<char, std::char_traits<char> >::xsgetn(char*, long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0x11dfec)
#4 0x7f1b3f83ac7d in std::basic_filebuf<char, std::char_traits<char> >::xsgetn(char*, long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xeac7d)
#5 0x7f1b3f8478ea in std::istream::read(char*, long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xf78ea)
#6 0x7f1b405b3964 in ring::SubOutgoingFileTransfer::read(std::vector<unsigned char, std::allocator<unsigned char> >&) const /home/hlefeuvre/Development/ring-daemon/src/data_transfer.cpp:339
#7 0x7f1b405938ae in _ZZN4ring14PeerConnection18PeerConnectionImpl9eventLoopEvENKUlRT_E_clISt10shared_ptrINS_6StreamEEEEDaS3_ (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xac18ae)
#8 0x7f1b405940b8 in handle_stream_list<std::vector<std::shared_ptr<ring::Stream> >, ring::PeerConnection::PeerConnectionImpl::eventLoop()::<lambda(auto:1&)> > /home/hlefeuvre/Development/ring-daemon/src/peer_connection.cpp:521
#9 0x7f1b40592409 in ring::PeerConnection::PeerConnectionImpl::eventLoop() /home/hlefeuvre/Development/ring-daemon/src/peer_connection.cpp:625
#10 0x7f1b4059e0c1 in ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1}::operator()() const /home/hlefeuvre/Development/ring-daemon/src/peer_connection.cpp:477
#11 0x7f1b405afa0d in void std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>::_M_invoke<>(std::_Index_tuple<>) (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadda0d)
#12 0x7f1b405af8d9 in std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>::operator()() (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadd8d9)
#13 0x7f1b405af4ba in std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<void>, std::__future_base::_Result_base::_Deleter>, std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::operator()() const (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadd4ba)
#14 0x7f1b405af04d in std::_Function_handler<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> (), std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<void>, std::__future_base::_Result_base::_Deleter>, std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void> >::_M_invoke(std::_Any_data const&) (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadd04d)
#15 0x7f1b4059f1d7 in std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>::operator()() const /usr/include/c++/5/functional:2267
#16 0x7f1b4059d48c in std::__future_base::_State_baseV2::_M_do_set(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*) /usr/include/c++/5/future:527
#17 0x7f1b405a9e5a in void std::_Mem_fn_base<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*), true>::operator()<std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*, void>(std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*&&, bool*&&) const /usr/include/c++/5/functional:600
#18 0x7f1b405a88e6 in void std::_Bind_simple<std::_Mem_fn<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> (std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)>::_M_invoke<0ul, 1ul, 2ul>(std::_Index_tuple<0ul, 1ul, 2ul>) /usr/include/c++/5/functional:1531
#19 0x7f1b405a5fdd in std::_Bind_simple<std::_Mem_fn<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> (std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)>::operator()() /usr/include/c++/5/functional:1520
#20 0x7f1b405a240e in void std::__once_call_impl<std::_Bind_simple<std::_Mem_fn<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> (std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> >() /usr/include/c++/5/mutex:706
#21 0x7f1b3f32ba98 in __pthread_once_slow (/lib/x86_64-linux-gnu/libpthread.so.0+0xea98)
#22 0x7f1b4058ead9 in __gthread_once /usr/include/x86_64-linux-gnu/c++/5/bits/gthr-default.h:699
#23 0x7f1b4059efc6 in void std::call_once<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*), std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*>(std::once_flag&, void (std::__future_base::_State_baseV2::*&&)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*), std::__future_base::_State_baseV2*&&, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*&&, bool*&&) /usr/include/c++/5/mutex:738
#24 0x7f1b4059cec3 in std::__future_base::_State_baseV2::_M_set_result(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>, bool) /usr/include/c++/5/future:387
#25 0x7f1b405ae61f in std::__future_base::_Async_state_impl<std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::_Async_state_impl(ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} (&&)())::{lambda()#1}::operator()() const /usr/include/c++/5/future:1658
#26 0x7f1b405b1a83 in void std::_Bind_simple<std::__future_base::_Async_state_impl<std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::_Async_state_impl(ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} (&&)())::{lambda()#1} ()>::_M_invoke<>(std::_Index_tuple<>) (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadfa83)
#27 0x7f1b405b1879 in std::_Bind_simple<std::__future_base::_Async_state_impl<std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::_Async_state_impl(ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} (&&)())::{lambda()#1} ()>::operator()() /usr/include/c++/5/functional:1520
#28 0x7f1b405b0953 in std::thread::_Impl<std::_Bind_simple<std::__future_base::_Async_state_impl<std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::_Async_state_impl(ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} (&&)())::{lambda()#1} ()> >::_M_run() (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xade953)
#29 0x7f1b3f808c7f (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8c7f)
#30 0x7f1b3f3246b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
#31 0x7f1b3f05a41c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)
0x62500643c100 is located 0 bytes inside of 8192-byte region [0x62500643c100,0x62500643e100)
freed by thread T0 here:
#0 0x7f1b42313caa in operator delete[](void*) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99caa)
#1 0x7f1b3f83c49d in std::basic_filebuf<char, std::char_traits<char> >::_M_destroy_internal_buffer() (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xec49d)
previously allocated by thread T65 here:
#0 0x7f1b423136b2 in operator new[](unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x996b2)
#1 0x7f1b3f83c467 in std::basic_filebuf<char, std::char_traits<char> >::_M_allocate_internal_buffer() (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xec467)
Thread T67 created by T65 here:
#0 0x7f1b422b0253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
#1 0x7f1b3f808dc2 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8dc2)
Thread T65 created by T2 here:
#0 0x7f1b422b0253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
#1 0x7f1b3f808dc2 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8dc2)
Thread T2 created by T0 here:
#0 0x7f1b422b0253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
#1 0x7f1b3f808dc2 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8dc2)
SUMMARY: AddressSanitizer: heap-use-after-free ??:0 ??
Shadow bytes around the buggy address:
0x0c4a80c7f7d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80c7f7e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80c7f7f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80c7f800: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80c7f810: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c4a80c7f820:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80c7f830: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80c7f840: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80c7f850: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80c7f860: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80c7f870: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==19662==ABORTINGchar, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} (&&)())::{lambda()#1} ()> >::_M_run() (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xade953)
#29 0x7f1b3f808c7f (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8c7f)
#30 0x7f1b3f3246b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
#31 0x7f1b3f05a41c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)
0x62500643c100 is located 0 bytes inside of 8192-byte region [0x62500643c100,0x62500643e100)
freed by thread T0 here:
#0 0x7f1b42313caa in operator delete[](void*) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99caa)
#1 0x7f1b3f83c49d in std::basic_filebuf<char, std::char_traits<char> >::_M_destroy_internal_buffer() (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xec49d)
previously allocated by thread T65 here:
#0 0x7f1b423136b2 in operator new[](unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x996b2)
#1 0x7f1b3f83c467 in std::basic_filebuf<char, std::char_traits<char> >::_M_allocate_internal_buffer() (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xec467)
Thread T67 created by T65 here:
#0 0x7f1b422b0253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
#1 0x7f1b3f808dc2 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8dc2)
Thread T65 created by T2 here:
#0 0x7f1b422b0253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
#1 0x7f1b3f808dc2 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8dc2)
Thread T2 created by T0 here:
#0 0x7f1b422b0253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
#1 0x7f1b3f808dc2 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8dc2)
SUMMARY: AddressSanitizer: heap-use-after-free ??:0 ??
Shadow bytes around the buggy address:
0x0c4a80c7f7d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80c7f7e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80c7f7f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80c7f800: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80c7f810: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c4a80c7f820:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80c7f830: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80c7f840: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80c7f850: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80c7f860: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80c7f870: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==19662==ABORTING
```
**ASAN stacktrace no. 2**:
```
[1531170202.639|20292|ringaccount.cpp :3274 ] [Account 9fba7138a1fc3f51] found 0 devices for e6b11a4a3406609c079dcba364b199eac72f0882
[1531170202.640|20292|p2p.cpp :780 ] 0x62300000e110[CNX] aborted, no devices for e6b11a4a3406609c079dcba364b199eac72f0882
[1531170213.541|20605|p2p.cpp :316 ] [Account 9fba7138a1fc3f51] [CNX] request connection to e6b11a4a3406609c079dcba364b199eac72f0882
[1531170213.959|20307|p2p.cpp :585 ] [Account 9fba7138a1fc3f51] [CNX] rx DHT reply from e6b11a4a3406609c079dcba364b199eac72f0882
[1531170213.965|20605|p2p.cpp :342 ] [Account 9fba7138a1fc3f51] [CNX] connecting to TURN relay 158.69.203.51:19418
[1531170213.968|20605|p2p.cpp :354 ] [Account 9fba7138a1fc3f51] [CNX] start TLS session
[1531170213.968|20606|tls_session.cpp :738 ] [TLS] Start client session
[1531170213.982|20606|tls_session.cpp :446 ] [TLS] User identity loaded
[1531170213.982|20606|tls_session.cpp :833 ] [TLS] handshake
[1531170214.404|20292|ringaccount.cpp :2014 ] Buddy 60ba2209df97e8f6546f9cbb5b12ad08dbff7c4d online: (device: e6b11a4a3406609c079dcba364b199eac72f0882)
[1531170214.404|20292|ringaccount.cpp :3274 ] [Account 9fba7138a1fc3f51] found 1 devices for 60ba2209df97e8f6546f9cbb5b12ad08dbff7c4d
[1531170214.412|20606|tls_session.cpp :860 ] [TLS] session established: (TLS1.2)-(ANON-DH)-(AES-256-GCM)
[1531170214.412|20606|tls_session.cpp :866 ] [TLS] renogotiate with certificate authentification
[1531170214.412|20606|tls_session.cpp :833 ] [TLS] handshake
[1531170214.727|20606|tls_session.cpp :860 ] [TLS] session established: (TLS1.2)-(ECDHE-SECP384R1)-(RSA-SHA384)-(AES-256-GCM)
[1531170214.746|20607|peer_connection.cpp:540 ] [CNX] Peer connection to e6b11a4a3406609c079dcba364b199eac72f0882 ready
=================================================================
==20292==ERROR: AddressSanitizer: heap-use-after-free on address 0x62500817e100 at pc 0x7fb0cc92fe55 bp 0x7fb0b8cdfd10 sp 0x7fb0b8cdf4b8
WRITE of size 8191 at 0x62500817e100 thread T73
#0 0x7fb0cc92fe54 (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x45e54)
#1 0x7fb0c9e70216 in std::__basic_file<char>::xsgetn(char*, long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb0216)
#2 0x7fb0c9eab2e5 in std::basic_filebuf<char, std::char_traits<char> >::underflow() (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xeb2e5)
#3 0x7fb0c9eddfec in std::basic_streambuf<char, std::char_traits<char> >::xsgetn(char*, long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0x11dfec)
#4 0x7fb0c9eaac7d in std::basic_filebuf<char, std::char_traits<char> >::xsgetn(char*, long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xeac7d)
#5 0x7fb0c9eb78ea in std::istream::read(char*, long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xf78ea)
#6 0x7fb0cac23964 in ring::SubOutgoingFileTransfer::read(std::vector<unsigned char, std::allocator<unsigned char> >&) const /home/hlefeuvre/Development/ring-daemon/src/data_transfer.cpp:339
#7 0x7fb0cac038ae in _ZZN4ring14PeerConnection18PeerConnectionImpl9eventLoopEvENKUlRT_E_clISt10shared_ptrINS_6StreamEEEEDaS3_ (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xac18ae)
#8 0x7fb0cac040b8 in handle_stream_list<std::vector<std::shared_ptr<ring::Stream> >, ring::PeerConnection::PeerConnectionImpl::eventLoop()::<lambda(auto:1&)> > /home/hlefeuvre/Development/ring-daemon/src/peer_connection.cpp:521
#9 0x7fb0cac02409 in ring::PeerConnection::PeerConnectionImpl::eventLoop() /home/hlefeuvre/Development/ring-daemon/src/peer_connection.cpp:625
#10 0x7fb0cac0e0c1 in ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1}::operator()() const /home/hlefeuvre/Development/ring-daemon/src/peer_connection.cpp:477
#11 0x7fb0cac1fa0d in void std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>::_M_invoke<>(std::_Index_tuple<>) (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadda0d)
#12 0x7fb0cac1f8d9 in std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>::operator()() (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadd8d9)
#13 0x7fb0cac1f4ba in std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<void>, std::__future_base::_Result_base::_Deleter>, std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::operator()() const (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadd4ba)
#14 0x7fb0cac1f04d in std::_Function_handler<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> (), std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<void>, std::__future_base::_Result_base::_Deleter>, std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void> >::_M_invoke(std::_Any_data const&) (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadd04d)
#15 0x7fb0cac0f1d7 in std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>::operator()() const /usr/include/c++/5/functional:2267
#16 0x7fb0cac0d48c in std::__future_base::_State_baseV2::_M_do_set(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*) /usr/include/c++/5/future:527
#17 0x7fb0cac19e5a in void std::_Mem_fn_base<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*), true>::operator()<std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*, void>(std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*&&, bool*&&) const /usr/include/c++/5/functional:600
#18 0x7fb0cac188e6 in void std::_Bind_simple<std::_Mem_fn<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> (std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)>::_M_invoke<0ul, 1ul, 2ul>(std::_Index_tuple<0ul, 1ul, 2ul>) /usr/include/c++/5/functional:1531
#19 0x7fb0cac15fdd in std::_Bind_simple<std::_Mem_fn<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> (std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)>::operator()() /usr/include/c++/5/functional:1520
#20 0x7fb0cac1240e in void std::__once_call_impl<std::_Bind_simple<std::_Mem_fn<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> (std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*)> >() /usr/include/c++/5/mutex:706
#21 0x7fb0c999ba98 in __pthread_once_slow (/lib/x86_64-linux-gnu/libpthread.so.0+0xea98)
#22 0x7fb0cabfead9 in __gthread_once /usr/include/x86_64-linux-gnu/c++/5/bits/gthr-default.h:699
#23 0x7fb0cac0efc6 in void std::call_once<void (std::__future_base::_State_baseV2::*)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*), std::__future_base::_State_baseV2*, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*>(std::once_flag&, void (std::__future_base::_State_baseV2::*&&)(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*), std::__future_base::_State_baseV2*&&, std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*&&, bool*&&) /usr/include/c++/5/mutex:738
#24 0x7fb0cac0cec3 in std::__future_base::_State_baseV2::_M_set_result(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>, bool) /usr/include/c++/5/future:387
#25 0x7fb0cac1e61f in std::__future_base::_Async_state_impl<std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::_Async_state_impl(ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} (&&)())::{lambda()#1}::operator()() const /usr/include/c++/5/future:1658
#26 0x7fb0cac21a83 in void std::_Bind_simple<std::__future_base::_Async_state_impl<std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::_Async_state_impl(ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} (&&)())::{lambda()#1} ()>::_M_invoke<>(std::_Index_tuple<>) (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xadfa83)
#27 0x7fb0cac21879 in std::_Bind_simple<std::__future_base::_Async_state_impl<std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::_Async_state_impl(ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} (&&)())::{lambda()#1} ()>::operator()() /usr/include/c++/5/functional:1520
#28 0x7fb0cac20953 in std::thread::_Impl<std::_Bind_simple<std::__future_base::_Async_state_impl<std::_Bind_simple<ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} ()>, void>::_Async_state_impl(ring::PeerConnection::PeerConnectionImpl::PeerConnectionImpl(std::function<void ()>&&, ring::Account&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::unique_ptr<ring::GenericSocket<unsigned char>, std::default_delete<ring::GenericSocket<unsigned char> > >)::{lambda()#1} (&&)())::{lambda()#1} ()> >::_M_run() (/home/hlefeuvre/Development/ring-daemon/src/.libs/libring.so.0+0xade953)
#29 0x7fb0c9e78c7f (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8c7f)
#30 0x7fb0c99946b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
#31 0x7fb0c96ca41c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)
0x62500817e100 is located 0 bytes inside of 8192-byte region [0x62500817e100,0x625008180100)
freed by thread T0 here:
#0 0x7fb0cc983caa in operator delete[](void*) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99caa)
#1 0x7fb0c9eac49d in std::basic_filebuf<char, std::char_traits<char> >::_M_destroy_internal_buffer() (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xec49d)
previously allocated by thread T71 here:
#0 0x7fb0cc9836b2 in operator new[](unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x996b2)
#1 0x7fb0c9eac467 in std::basic_filebuf<char, std::char_traits<char> >::_M_allocate_internal_buffer() (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xec467)
Thread T73 created by T71 here:
#0 0x7fb0cc920253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
#1 0x7fb0c9e78dc2 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8dc2)
Thread T71 created by T2 here:
#0 0x7fb0cc920253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
#1 0x7fb0c9e78dc2 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8dc2)
Thread T2 created by T0 here:
#0 0x7fb0cc920253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
#1 0x7fb0c9e78dc2 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8dc2)
SUMMARY: AddressSanitizer: heap-use-after-free ??:0 ??
Shadow bytes around the buggy address:
0x0c4a81027bd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a81027be0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a81027bf0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a81027c00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a81027c10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c4a81027c20:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a81027c30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a81027c40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a81027c50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a81027c60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a81027c70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==20292==ABORTING
```
This bug has potential security implications (CWE-416).Gnome 2018.07.15Sébastien BlinSébastien Blinhttps://git.jami.net/savoirfairelinux/jami-daemon/-/issues/21SIP register fails: No username on digest authentication2024-02-08T18:58:54ZAlba MendezSIP register fails: No username on digest authenticationThis bug has been driving me mad for quite some time. I just installed Ring for Ubuntu 16.04 following official instructions, opened, set up a SIP account with hostname=10.139.205.101, username=10, password=test and it fails to register....This bug has been driving me mad for quite some time. I just installed Ring for Ubuntu 16.04 following official instructions, opened, set up a SIP account with hostname=10.139.205.101, username=10, password=test and it fails to register.
My Asterisk server sends:
From: "main" <sip:10@10.139.205.101>;tag=8005b703-201b-47e8-be88-03d7564a5ba8
To: "main" <sip:10@10.139.205.101>;tag=as3f952c47
...
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="0074f5d0"
And Ring then sends:
From: "main" <sip:10@10.139.205.101>;tag=8005b703-201b-47e8-be88-03d7564a5ba8
To: "main" <sip:10@10.139.205.101>
...
Authorization: Digest , realm="asterisk", nonce="0074f5d0", uri="sip:10.139.205.101", response="631415fcf3715907a48f11fec1e6a880", algorithm=MD5
i.e. notice the space and comma after `Digest`
ring-daemon version 2018-07-07. Bug could be on upstream, for some reason username is not set on `pjsip/src/pjsip/sip_auth_client.c` when adding the Authorization header, [header printed here](https://github.com/asterisk/pjproject/blob/106ec876a371b57bb3db8231a55cb5f368e6266b/pjsip/src/pjsip/sip_auth_msg.c#L73).Next major releaseSébastien BlinSébastien Blinhttps://git.jami.net/savoirfairelinux/jami-daemon/-/issues/22intercom: segfault while deleting self-conversation2022-11-14T21:52:31ZHugo Lefeuvreintercom: segfault while deleting self-conversation**How to reproduce**:
1. Create a conversation with yourself
2. Try to remove it using "Remove conversation" in the smartlist
The daemon segfaults.
**Stacktrace**:
```
Thread 1 "dring" received signal SIGSEGV, Segmentation fault. ...**How to reproduce**:
1. Create a conversation with yourself
2. Try to remove it using "Remove conversation" in the smartlist
The daemon segfaults.
**Stacktrace**:
```
Thread 1 "dring" received signal SIGSEGV, Segmentation fault.
0x00007fffef394153 in asn1_delete_structure2 () from /usr/lib/x86_64-linux-gnu/libtasn1.so.6
(gdb) bt
#0 0x00007fffef394153 in asn1_delete_structure2 () at /usr/lib/x86_64-linux-gnu/libtasn1.so.6
#1 0x00007ffff64ccf09 in gnutls_x509_crl_deinit () at /usr/lib/x86_64-linux-gnu/libgnutls.so.30
#2 0x00007ffff6504544 in gnutls_x509_trust_list_deinit () at /usr/lib/x86_64-linux-gnu/libgnutls.so.30
#3 0x00005555558d9b8e in dht::crypto::TrustList::operator=(dht::crypto::TrustList&&) ()
#4 0x000055555561d064 in ring::tls::TrustStore::rebuildTrust() (this=this@entry=0x555555dc5a48)
at certstore.cpp:549
#5 0x00005555556225d0 in ring::tls::TrustStore::setCertificateStatus(std::shared_ptr<dht::crypto::Certificate>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, ring::tls::TrustStore::PermissionStatus, bool) (this=0x555555dc5a48, cert=std::shared_ptr<dht::crypto::Certificate> (empty) = {...}, cert_id="eb3c27067c4637b99bf9895d5babb2c77c3115b5", status=status@entry=ring::tls::TrustStore::PermissionStatus::UNDEFINED, local=local@entry=false) at certstore.cpp:468
#6 0x0000555555622ddc in ring::tls::TrustStore::setCertificateStatus(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, ring::tls::TrustStore::PermissionStatus) (this=<optimized out>, cert_id="eb3c27067c4637b99bf9895d5babb2c77c3115b5", status=status@entry=ring::tls::TrustStore::PermissionStatus::UNDEFINED) at certstore.cpp:416
#7 0x0000555555677fd2 in ring::RingAccount::removeContact(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, bool) (this=this@entry=
0x555555dc4430, uri="eb3c27067c4637b99bf9895d5babb2c77c3115b5", ban=ban@entry=false)
at ringaccount.cpp:2941
#8 0x000055555560a260 in DRing::removeContact(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, bool) (accountId="bde9e076abf742fb", uri="eb3c27067c4637b99bf9895d5babb2c77c3115b5", ban=<optimized out>) at configurationmanager.cpp:340
#9 0x00005555555d3304 in DBusConfigurationManager::removeContact(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, bool const&) (ban=@0x7fffffffdbff: false, uri="eb3c27067c4637b99bf9895d5babb2c77c3115b5", accountId="bde9e076abf742fb", this=0x555555b48880) at dbusconfigurationmanager.cpp:551
#10 0x00005555555d3304 in cx::ring::Ring::ConfigurationManager_adaptor::_removeContact_stub(DBus::CallMessage const&) (this=0x555555b48880, call=...) at dbusconfigurationmanager.adaptor.h:2323
#11 0x00005555555d0397 in DBus::Callback<cx::ring::Ring::ConfigurationManager_adaptor, DBus::Message, DBus::CallMessage const&>::call(DBus::CallMessage const&) const (this=<optimized out>, param=...)
at /home/hle/Development/ring/ring-daemon/contrib/x86_64-linux-gnu/include/dbus-c++-1/dbus-c++/util.h:283
#12 0x00005555555ebcbe in DBus::Slot<DBus::Message, DBus::CallMessage const&>::call(DBus::CallMessage const&) const ()
#13 0x00005555555eacfd in DBus::InterfaceAdaptor::dispatch_method(DBus::CallMessage const&) ()
#14 0x00005555555f3d92 in DBus::ObjectAdaptor::handle_message(DBus::Message const&) ()
#15 0x00005555555f3427 in DBus::ObjectAdaptor::Private::message_function_stub(DBusConnection*, DBusMessage*, void*) ()
#16 0x00007ffff7bad440 in () at /lib/x86_64-linux-gnu/libdbus-1.so.3
#17 0x00007ffff7b9e20a in dbus_connection_dispatch () at /lib/x86_64-linux-gnu/libdbus-1.so.3
#18 0x00005555555e1d8a in DBus::Connection::Private::do_dispatch() ()
#19 0x00005555555e533e in DBus::Dispatcher::dispatch_pending(std::__cxx11::list<DBus::Connection::Private*, std::allocator<DBus::Connection::Private*> >&) ()
#20 0x00005555555e516e in DBus::Dispatcher::dispatch_pending() ()
#21 0x00005555555e9156 in DBus::BusDispatcher::do_iteration() ()
#22 0x00005555555e8e89 in DBus::BusDispatcher::enter() ()
#23 0x00005555555ac3ff in DBusClient::event_loop() (this=<optimized out>) at dbusclient.cpp:250
#24 0x00005555555a63e2 in main(int, char**) (argc=2, argv=<optimized out>) at main.cpp:236
(gdb) up 7
#7 0x0000555555677fd2 in ring::RingAccount::removeContact (this=this@entry=0x555555dc4430,
uri="eb3c27067c4637b99bf9895d5babb2c77c3115b5", ban=ban@entry=false) at ringaccount.cpp:2941
2941 trust_.setCertificateStatus(uri, ban ? tls::TrustStore::PermissionStatus::BANNED
(gdb) l
2936 c = contacts_.emplace(h, Contact{}).first;
2937 else if (not c->second.isActive() and c->second.banned == ban)
2938 return;
2939 c->second.removed = std::time(nullptr);
2940 c->second.banned = ban;
2941 trust_.setCertificateStatus(uri, ban ? tls::TrustStore::PermissionStatus::BANNED
2942 : tls::TrustStore::PermissionStatus::UNDEFINED);
2943 if (ban and trustRequests_.erase(h) > 0)
2944 saveTrustRequests();
2945 saveContacts();
(gdb) p ban
$1 = false
(gdb)
```Adrien BéraudAdrien Béraudhttps://git.jami.net/savoirfairelinux/jami-daemon/-/issues/23crash of DE during Ring call2022-11-14T21:52:31ZHugo Lefeuvrecrash of DE during Ring call**Affects**: Ring GNU/Linux GNOME client (since 20180625 ?)
**Original messages**: [Ring-dev](http://lists.gnu.org/archive/html/ring/2018-07/msg00002.html), [Mastodon](https://mstdn.io/@hle/100367814979361578)
It was reported by severa...**Affects**: Ring GNU/Linux GNOME client (since 20180625 ?)
**Original messages**: [Ring-dev](http://lists.gnu.org/archive/html/ring/2018-07/msg00002.html), [Mastodon](https://mstdn.io/@hle/100367814979361578)
It was reported by several users from ring-dev and Mastodon that making a video call leads the desktop environment (KDE and GNOME) to crash (possibly because of an X11 issue).
It was supposed that the bug is coming from xorg-nouveau, but some Radeon users seem to be also affected by this bug.https://git.jami.net/savoirfairelinux/jami-daemon/-/issues/27Add AV1 codec support to replace H.264 in the (near) future2022-11-14T21:52:31ZannaAdd AV1 codec support to replace H.264 in the (near) futureTo quote parts of the Mozilla AV1 website (https://research.mozilla.org/av1-media-codecs/):
> **What is AV1?**
>
> AV1 is a new video codec that promises to help companies and individuals transmit high-quality video over the internet e...To quote parts of the Mozilla AV1 website (https://research.mozilla.org/av1-media-codecs/):
> **What is AV1?**
>
> AV1 is a new video codec that promises to help companies and individuals transmit high-quality video over the internet efficiently, without paying royalty fees.
>
> AV1 is the first project to come out of the Alliance for Open Media (AOMedia), a consortium that promotes media codecs, formats, and technologies for the public web. Mozilla joined AOMedia in 2015 as a founding member. Mozilla sponsors open media codecs like AV1 because they have the potential to remove technical and financial barriers for people who want to create and share high-quality media experiences on the open web platform.
>
>**How is AV1 different? What will it replace or change?**
>
> The most popular video format in use today is AVC/H.264. That technology was introduced in 2003 and is owned by the Moving Picture Experts Group (MPEG).
>
> AV1 is different from AVC/H.264 because it:
>
>* Uses next-generation compression technology that is nearly twice as efficient
>* Can transmit high-quality video faster over the internet
>* Has no licensing fees; anyone can compress and decode video files without paying royalties
>* Can deliver higher-quality experiences to end users, even when bandwidth is constrained
>
> MPEG has created a successor to AVC/H.264, known as HEVC (High Efficiency Video Coding) or H.265, which has improved compression. However, uncertainty around HEVC’s licensing fees make it untenable for both web browsers and content creators.
>
> The goal of the AV1 project is to replace AVC/H.264 as the predominant video format for the web and to compete with the HEVC codec, so high-quality video can be shared freely and efficiently on the open web platform.
@pgorley What do you think?https://git.jami.net/savoirfairelinux/jami-daemon/-/issues/30Potential segfault when calling setCredentials and setAccountDetails at the ...2022-11-14T21:52:31ZSébastien BlinPotential segfault when calling setCredentials and setAccountDetails at the same timeBot method unregister the account for doing modifications. If calling at the same time, this can lead to a segfault.
i think doRegister_/other similar methods should be queued or protected by a lockBot method unregister the account for doing modifications. If calling at the same time, this can lead to a segfault.
i think doRegister_/other similar methods should be queued or protected by a lockhttps://git.jami.net/savoirfairelinux/jami-daemon/-/issues/31contactAdded not emitted when a notification as been accepted for the second ...2022-11-14T21:52:31ZSébastien BlincontactAdded not emitted when a notification as been accepted for the second time# Reproduce step
0. receive a message
1. Add a contact with `ConfigurationManager::instance().addContact()`
2. Remove a contact with `ConfigurationManager::instance().removeContact()`
3. receive a new message from the same contact (this...# Reproduce step
0. receive a message
1. Add a contact with `ConfigurationManager::instance().addContact()`
2. Remove a contact with `ConfigurationManager::instance().removeContact()`
3. receive a new message from the same contact (this contact should be in pending contacts)
4. Add a contact with `ConfigurationManager::instance().addContact()`
# Expected result
The client should receives a `contactAdded`
# Current result
`contactAdded` is not emittedhttps://git.jami.net/savoirfairelinux/jami-daemon/-/issues/32macOS Crash leaves me unable to access ring with my account2022-11-14T21:52:31ZMichael S. MoodymacOS Crash leaves me unable to access ring with my accountI installed ring last week, created an account with my preferred username, registering it, and was planning to add new devices this week. I rebooted my Macbook today, ring started up with the system. I was doing other things, and so I to...I installed ring last week, created an account with my preferred username, registering it, and was planning to add new devices this week. I rebooted my Macbook today, ring started up with the system. I was doing other things, and so I told it not to startup with the system, and gracefully closed it. However, about a minute later, the typical message on macOS showing that an application (ring) did not close properly came up (I do have the crash logs, if given guidance to ensure they're sanitized of sensitive information).
I found I was unable to get back into my account. I did attempt to follow (loosely) the instructions I found here from 2017: http://lists.nongnu.org/archive/html/ring/2017-01/msg00008.html relating to recovering a ring account. I do of course have the directory backed up from ~/Library/Application Support/ring but at this time, I haven't been able to get into my account again. I seem to also have backups of the cache directories, assuming that's helpful in any way.
I deleted the ring directory, created a new (unregistered) account, closed the application, and it too crashed again, leaving that account orphaned as well. This seems to be a somewhat show stopping bug that is also preventing me from using my account again, and guidance is certainly appreciated.
Thanks in advance,
Michaelhttps://git.jami.net/savoirfairelinux/jami-daemon/-/issues/318Add "reply" functionality to all Ring clients message systems & UI's2022-09-20T09:09:48ZannaAdd "reply" functionality to all Ring clients message systems & UI'sReplies let you single out the one message to which you’re responding.
Riot.im/Matrix recently added a support for message replies.
https://medium.com/@RiotChat/look-out-its-riot-im-0-16-composer-jitsi-replies-8b29f89271a1
Would love ...Replies let you single out the one message to which you’re responding.
Riot.im/Matrix recently added a support for message replies.
https://medium.com/@RiotChat/look-out-its-riot-im-0-16-composer-jitsi-replies-8b29f89271a1
Would love to see this in Ring clients too (including text message replies, audio message replies and video message replies).
What do you think?Swarm-chatSébastien BlinSébastien Blinhttps://git.jami.net/savoirfairelinux/jami-daemon/-/issues/33After removing GSM and libsamplerate they still needed for compilation2022-11-14T21:52:32ZszotsakiAfter removing GSM and libsamplerate they still needed for compilation2cbbaf7983497e51ea19bf4ba02a8fa35d2402f8 removed GSM and libsamplerate requirements.
After I removed them from the openSUSE build system as well, the compilation fails with the following:
```
[ 228s] CXXLD libring.la
[ 229s] /us...2cbbaf7983497e51ea19bf4ba02a8fa35d2402f8 removed GSM and libsamplerate requirements.
After I removed them from the openSUSE build system as well, the compilation fails with the following:
```
[ 228s] CXXLD libring.la
[ 229s] /usr/lib64/gcc/x86_64-suse-linux/8/../../../../x86_64-suse-linux/bin/ld: cannot find -lgsm
[ 229s] /usr/lib64/gcc/x86_64-suse-linux/8/../../../../x86_64-suse-linux/bin/ld: cannot find -lsamplerate
[ 229s] collect2: error: ld returned 1 exit status
```https://git.jami.net/savoirfairelinux/jami-daemon/-/issues/34Jami daemon crashes right on startup (ring::SIPAccount::checkNATAddress)2022-11-14T21:52:32ZszotsakiJami daemon crashes right on startup (ring::SIPAccount::checkNATAddress)Environment:
- openSUSE Tumbleweed x64
- dring version: 5.1.0.20180720.629aab942
Reproduce steps:
Start dring with: `SIPLOGLEVEL=8 /usr/lib64/ring/dring`
It dumps core right after startup.
Backtrace:
```
#0 ring::SIPAccount::checkNAT...Environment:
- openSUSE Tumbleweed x64
- dring version: 5.1.0.20180720.629aab942
Reproduce steps:
Start dring with: `SIPLOGLEVEL=8 /usr/lib64/ring/dring`
It dumps core right after startup.
Backtrace:
```
#0 ring::SIPAccount::checkNATAddress(pjsip_regc_cbparam*, pj_pool_t*) () at sipaccount.cpp:1766
#1 0x00007ffff77c993a in ring::SIPAccount::onRegister(pjsip_regc_cbparam*) () at /usr/include/c++/8/bits/shared_ptr_base.h:996
#2 0x00007ffff666f8d7 in call_callback (regc=regc@entry=0x5555557df0c8, status=<optimized out>, st_code=<optimized out>, reason=<optimized out>, rdata=<optimized out>, expiration=<optimized out>, contact_cnt=1,
contact=0x7fffffffcbb0, is_unreg=0) at ../src/pjsip-ua/sip_reg.c:775
#3 0x00007ffff667131b in regc_tsx_callback (token=<optimized out>, event=<optimized out>) at ../src/pjsip-ua/sip_reg.c:1345
#4 0x00007ffff622b6fc in tsx_set_state (tsx=tsx@entry=0x5555558685f8, state=state@entry=PJSIP_TSX_STATE_COMPLETED, event_src_type=event_src_type@entry=PJSIP_EVENT_RX_MSG, event_src=0x555555878628, flag=flag@entry=0)
at ../src/pjsip/sip_transaction.c:1267
#5 0x00007ffff622d6e5 in tsx_on_state_proceeding_uac (tsx=0x5555558685f8, event=0x7fffffffce10) at ../src/pjsip/sip_transaction.c:3001
#6 0x00007ffff622ef7e in pjsip_tsx_recv_msg (tsx=tsx@entry=0x5555558685f8, rdata=rdata@entry=0x555555878628) at ../src/pjsip/sip_transaction.c:1827
#7 0x00007ffff622f085 in mod_tsx_layer_on_rx_response (rdata=0x555555878628) at ../src/pjsip/sip_transaction.c:893
#8 0x00007ffff621761f in pjsip_endpt_process_rx_data (endpt=0x555555887da8, rdata=0x555555878628, p=<optimized out>, p_handled=0x7fffffffcf3c) at ../src/pjsip/sip_endpoint.c:901
#9 0x00007ffff62177ee in endpt_on_rx_msg (endpt=0x555555887da8, status=<optimized out>, rdata=0x555555878628) at ../src/pjsip/sip_endpoint.c:1043
#10 0x00007ffff621e219 in pjsip_tpmgr_receive_packet (mgr=<optimized out>, rdata=rdata@entry=0x555555878628) at ../src/pjsip/sip_transport.c:1979
#11 0x00007ffff622127f in udp_on_read_complete (key=0x555555893400, op_key=<optimized out>, bytes_read=<optimized out>) at ../src/pjsip/sip_transport_udp.c:170
#12 0x00007ffff592ad97 in ioqueue_dispatch_read_event (ioqueue=<optimized out>, h=0x555555893400) at ../src/pj/ioqueue_common_abs.c:605
#13 0x00007ffff592c60e in pj_ioqueue_poll (ioqueue=0x555555892b40, timeout=timeout@entry=0x7fffffffd4a0) at ../src/pj/ioqueue_epoll.c:812
#14 0x00007ffff621733a in pjsip_endpt_handle_events2 (endpt=0x555555887da8, max_timeout=max_timeout@entry=0x7ffff79162d0 <ring::SIPVoIPLink::handleEvents()::timeout>, p_count=p_count@entry=0x0) at ../src/pjsip/sip_endpoint.c:744
#15 0x00007ffff62173e7 in pjsip_endpt_handle_events (endpt=<optimized out>, max_timeout=max_timeout@entry=0x7ffff79162d0 <ring::SIPVoIPLink::handleEvents()::timeout>) at ../src/pjsip/sip_endpoint.c:776
#16 0x00007ffff77df3f1 in ring::SIPVoIPLink::handleEvents() () at sipvoiplink.cpp:698
#17 0x00007ffff7767d58 in ring::Manager::pollEvents() () at /usr/include/c++/8/bits/std_function.h:682
#18 0x00007ffff7bbe7dd in DBus::DefaultMainLoop::dispatch() () from /usr/lib64/libdbus-c++-1.so.1
#19 0x00007ffff7bbf201 in DBus::BusDispatcher::enter() () from /usr/lib64/libdbus-c++-1.so.1
#20 0x000055555557bb3f in DBusClient::event_loop() () at /usr/include/c++/8/bits/unique_ptr.h:342
#21 0x000055555557b29f in main () at main.cpp:236
#22 0x00007ffff6d1211b in __libc_start_main (main=0x55555557ae40 <main>, argc=1, argv=0x7fffffffddd8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffddc8) at ../csu/libc-start.c:308
#23 0x000055555557b5ba in _start () at ../sysdeps/x86_64/start.S:120
```
Full [backtrace](/uploads/7d77988d98dd470c9440bc1da20b6989/dring.log) is attached. 0th frame contains a GDB <error>.Ming Rui ZhangMing Rui Zhanghttps://git.jami.net/savoirfairelinux/jami-daemon/-/issues/35heap-use-after-free during exit when video preview is running2022-11-14T21:52:32ZHugo Lefeuvreheap-use-after-free during exit when video preview is running**Affects**: latest daemon master
**How to reproduce**:
1. open GNOME client
2. go to settings and then media settings
3. make sure preview runs
4. quit app using "quit" function
The daemon crashes.
I can't reproduce it with `-pcd` bu...**Affects**: latest daemon master
**How to reproduce**:
1. open GNOME client
2. go to settings and then media settings
3. make sure preview runs
4. quit app using "quit" function
The daemon crashes.
I can't reproduce it with `-pcd` but `-cd` does crash.
**ASan and gdb stacktrace**:
```
=================================================================
==478==ERROR: AddressSanitizer: heap-use-after-free on address 0x608000105fd0 at pc 0x7ffff6ee1676 bp 0x7fffd46c4400 sp 0x7fffd46c3ba8
READ of size 11 at 0x608000105fd0 thread T49
#0 0x7ffff6ee1675 in memcmp (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x77675)
#1 0x7ffff34a1277 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::compare(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) const (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0x121277)
#2 0x475a8a in bool std::operator< <char, std::char_traits<char>, std::allocator<char> >(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /usr/include/c++/5/bits/basic_string.h:4989
#3 0x462a60 in std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >::operator()(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) const /usr/include/c++/5/bits/stl_function.h:387
#4 0x4c413b in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::_M_lower_bound(std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >*, std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /usr/include/c++/5/bits/stl_tree.h:1628
#5 0x4c3694 in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::lower_bound(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /usr/include/c++/5/bits/stl_tree.h:1091
#6 0x4c2f62 in std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::lower_bound(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /usr/include/c++/5/bits/stl_map.h:916
#7 0x521844 in std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::operator[](std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&&) /usr/include/c++/5/bits/stl_map.h:499
#8 0x7da690 in ring::Smartools::setResolution(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int, int) /home/hlefeuvre/Development/ring-daemon/src/smartools.cpp:100
#9 0x9853a9 in ring::video::SinkClient::update(ring::video::Observable<std::shared_ptr<ring::VideoFrame> >*, std::shared_ptr<ring::VideoFrame> const&) /home/hlefeuvre/Development/ring-daemon/src/media/video/sinkclient.cpp:337
#10 0x71570e in ring::video::Observable<std::shared_ptr<ring::VideoFrame> >::notify(std::shared_ptr<ring::VideoFrame>) /home/hlefeuvre/Development/ring-daemon/src/media/video/video_base.h:97
#11 0x71345c in ring::video::VideoGenerator::publishFrame() /home/hlefeuvre/Development/ring-daemon/src/media/video/video_base.cpp:50
#12 0x72c859 in ring::video::VideoInput::captureFrame() /home/hlefeuvre/Development/ring-daemon/src/media/video/video_input.cpp:249
#13 0x72bf6d in ring::video::VideoInput::process() /home/hlefeuvre/Development/ring-daemon/src/media/video/video_input.cpp:162
#14 0x734c5d in void std::_Mem_fn_base<void (ring::video::VideoInput::*)(), true>::operator()<, void>(ring::video::VideoInput*) const /usr/include/c++/5/functional:600
#15 0x733c34 in void std::_Bind<std::_Mem_fn<void (ring::video::VideoInput::*)()> (ring::video::VideoInput*)>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) /usr/include/c++/5/functional:1074
#16 0x732d86 in void std::_Bind<std::_Mem_fn<void (ring::video::VideoInput::*)()> (ring::video::VideoInput*)>::operator()<, void>() /usr/include/c++/5/functional:1133
#17 0x731e1e in std::_Function_handler<void (), std::_Bind<std::_Mem_fn<void (ring::video::VideoInput::*)()> (ring::video::VideoInput*)> >::_M_invoke(std::_Any_data const&) (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x731e1e)
#18 0x4638a3 in std::function<void ()>::operator()() const /usr/include/c++/5/functional:2267
#19 0x7b0ee3 in ring::ThreadLoop::mainloop(std::thread::id&, std::function<bool ()>, std::function<void ()>, std::function<void ()>) /home/hlefeuvre/Development/ring-daemon/src/threadloop.cpp:38
#20 0x7b4b3f in void std::_Mem_fn_base<void (ring::ThreadLoop::*)(std::thread::id&, std::function<bool ()>, std::function<void ()>, std::function<void ()>), true>::operator()<std::reference_wrapper<std::thread::id>, std::function<bool ()>, std::function<void ()>, std::function<void ()>, void>(ring::ThreadLoop*, std::reference_wrapper<std::thread::id>&&, std::function<bool ()>&&, std::function<void ()>&&, std::function<void ()>&&) const (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x7b4b3f)
#21 0x7b4874 in void std::_Bind_simple<std::_Mem_fn<void (ring::ThreadLoop::*)(std::thread::id&, std::function<bool ()>, std::function<void ()>, std::function<void ()>)> (ring::ThreadLoop*, std::reference_wrapper<std::thread::id>, std::function<bool ()>, std::function<void ()>, std::function<void ()>)>::_M_invoke<0ul, 1ul, 2ul, 3ul, 4ul>(std::_Index_tuple<0ul, 1ul, 2ul, 3ul, 4ul>) (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x7b4874)
#22 0x7b45d9 in std::_Bind_simple<std::_Mem_fn<void (ring::ThreadLoop::*)(std::thread::id&, std::function<bool ()>, std::function<void ()>, std::function<void ()>)> (ring::ThreadLoop*, std::reference_wrapper<std::thread::id>, std::function<bool ()>, std::function<void ()>, std::function<void ()>)>::operator()() (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x7b45d9)
#23 0x7b4569 in std::thread::_Impl<std::_Bind_simple<std::_Mem_fn<void (ring::ThreadLoop::*)(std::thread::id&, std::function<bool ()>, std::function<void ()>, std::function<void ()>)> (ring::ThreadLoop*, std::reference_wrapper<std::thread::id>, std::function<bool ()>, std::function<void ()>, std::function<void ()>)> >::_M_run() (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x7b4569)
#24 0x7ffff3438c7f (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8c7f)
#25 0x7ffff49196b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
#26 0x7ffff2b9e41c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)
0x608000105fd0 is located 48 bytes inside of 96-byte region [0x608000105fa0,0x608000106000)
freed by thread T0 here:
#0 0x7ffff6f03b2a in operator delete(void*) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99b2a)
#1 0x4bc9f7 in __gnu_cxx::new_allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::deallocate(std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >*, unsigned long) /usr/include/c++/5/ext/new_allocator.h:110
#2 0x4bc938 in std::allocator_traits<std::allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > > >::deallocate(std::allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >&, std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >*, unsigned long) /usr/include/c++/5/bits/alloc_traits.h:517
#3 0x4bc87e in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::_M_put_node(std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >*) /usr/include/c++/5/bits/stl_tree.h:495
#4 0x4bc719 in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::_M_drop_node(std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >*) /usr/include/c++/5/bits/stl_tree.h:562
#5 0x4bc3fb in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::_M_erase(std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >*) /usr/include/c++/5/bits/stl_tree.h:1614
#6 0x4bc203 in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::~_Rb_tree() /usr/include/c++/5/bits/stl_tree.h:858
#7 0x4bbd35 in std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::~map() /usr/include/c++/5/bits/stl_map.h:96
#8 0x7d9ddf in ring::Smartools::~Smartools() /home/hlefeuvre/Development/ring-daemon/src/smartools.cpp:42
#9 0x7ffff2ad0ff7 (/lib/x86_64-linux-gnu/libc.so.6+0x39ff7)
previously allocated by thread T49 here:
#0 0x7ffff6f03532 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99532)
#1 0x4c4cc9 in __gnu_cxx::new_allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::allocate(unsigned long, void const*) /usr/include/c++/5/ext/new_allocator.h:104
#2 0x4c4a5b in std::allocator_traits<std::allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > > >::allocate(std::allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >&, unsigned long) /usr/include/c++/5/bits/alloc_traits.h:491
#3 0x4c41c0 in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::_M_get_node() /usr/include/c++/5/bits/stl_tree.h:491
#4 0x5226b8 in std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >* std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::_M_create_node<std::piecewise_construct_t const&, std::tuple<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&&>, std::tuple<> >(std::piecewise_construct_t const&, std::tuple<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&&>&&, std::tuple<>&&) /usr/include/c++/5/bits/stl_tree.h:545
#5 0x5221e7 in std::_Rb_tree_iterator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::_M_emplace_hint_unique<std::piecewise_construct_t const&, std::tuple<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&&>, std::tuple<> >(std::_Rb_tree_const_iterator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::piecewise_construct_t const&, std::tuple<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&&>&&, std::tuple<>&&) /usr/include/c++/5/bits/stl_tree.h:2170
#6 0x521951 in std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::operator[](std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&&) /usr/include/c++/5/bits/stl_map.h:502
#7 0x7da730 in ring::Smartools::setResolution(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int, int) /home/hlefeuvre/Development/ring-daemon/src/smartools.cpp:101
#8 0x9853a9 in ring::video::SinkClient::update(ring::video::Observable<std::shared_ptr<ring::VideoFrame> >*, std::shared_ptr<ring::VideoFrame> const&) /home/hlefeuvre/Development/ring-daemon/src/media/video/sinkclient.cpp:337
#9 0x71570e in ring::video::Observable<std::shared_ptr<ring::VideoFrame> >::notify(std::shared_ptr<ring::VideoFrame>) /home/hlefeuvre/Development/ring-daemon/src/media/video/video_base.h:97
#10 0x71345c in ring::video::VideoGenerator::publishFrame() /home/hlefeuvre/Development/ring-daemon/src/media/video/video_base.cpp:50
#11 0x72c859 in ring::video::VideoInput::captureFrame() /home/hlefeuvre/Development/ring-daemon/src/media/video/video_input.cpp:249
#12 0x72bf6d in ring::video::VideoInput::process() /home/hlefeuvre/Development/ring-daemon/src/media/video/video_input.cpp:162
#13 0x734c5d in void std::_Mem_fn_base<void (ring::video::VideoInput::*)(), true>::operator()<, void>(ring::video::VideoInput*) const /usr/include/c++/5/functional:600
#14 0x733c34 in void std::_Bind<std::_Mem_fn<void (ring::video::VideoInput::*)()> (ring::video::VideoInput*)>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) /usr/include/c++/5/functional:1074
#15 0x732d86 in void std::_Bind<std::_Mem_fn<void (ring::video::VideoInput::*)()> (ring::video::VideoInput*)>::operator()<, void>() /usr/include/c++/5/functional:1133
#16 0x731e1e in std::_Function_handler<void (), std::_Bind<std::_Mem_fn<void (ring::video::VideoInput::*)()> (ring::video::VideoInput*)> >::_M_invoke(std::_Any_data const&) (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x731e1e)
#17 0x4638a3 in std::function<void ()>::operator()() const /usr/include/c++/5/functional:2267
#18 0x7b0ee3 in ring::ThreadLoop::mainloop(std::thread::id&, std::function<bool ()>, std::function<void ()>, std::function<void ()>) /home/hlefeuvre/Development/ring-daemon/src/threadloop.cpp:38
#19 0x7b4b3f in void std::_Mem_fn_base<void (ring::ThreadLoop::*)(std::thread::id&, std::function<bool ()>, std::function<void ()>, std::function<void ()>), true>::operator()<std::reference_wrapper<std::thread::id>, std::function<bool ()>, std::function<void ()>, std::function<void ()>, void>(ring::ThreadLoop*, std::reference_wrapper<std::thread::id>&&, std::function<bool ()>&&, std::function<void ()>&&, std::function<void ()>&&) const (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x7b4b3f)
#20 0x7b4874 in void std::_Bind_simple<std::_Mem_fn<void (ring::ThreadLoop::*)(std::thread::id&, std::function<bool ()>, std::function<void ()>, std::function<void ()>)> (ring::ThreadLoop*, std::reference_wrapper<std::thread::id>, std::function<bool ()>, std::function<void ()>, std::function<void ()>)>::_M_invoke<0ul, 1ul, 2ul, 3ul, 4ul>(std::_Index_tuple<0ul, 1ul, 2ul, 3ul, 4ul>) (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x7b4874)
#21 0x7b45d9 in std::_Bind_simple<std::_Mem_fn<void (ring::ThreadLoop::*)(std::thread::id&, std::function<bool ()>, std::function<void ()>, std::function<void ()>)> (ring::ThreadLoop*, std::reference_wrapper<std::thread::id>, std::function<bool ()>, std::function<void ()>, std::function<void ()>)>::operator()() (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x7b45d9)
#22 0x7b4569 in std::thread::_Impl<std::_Bind_simple<std::_Mem_fn<void (ring::ThreadLoop::*)(std::thread::id&, std::function<bool ()>, std::function<void ()>, std::function<void ()>)> (ring::ThreadLoop*, std::reference_wrapper<std::thread::id>, std::function<bool ()>, std::function<void ()>, std::function<void ()>)> >::_M_run() (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x7b4569)
#23 0x7ffff3438c7f (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8c7f)
Thread T49 created by T0 here:
#0 0x7ffff6ea0253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
#1 0x7ffff3438dc2 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8dc2)
SUMMARY: AddressSanitizer: heap-use-after-free ??:0 memcmp
Shadow bytes around the buggy address:
0x0c1080018ba0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
0x0c1080018bb0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
0x0c1080018bc0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
0x0c1080018bd0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
0x0c1080018be0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c1080018bf0: fa fa fa fa fd fd fd fd fd fd[fd]fd fd fd fd fd
0x0c1080018c00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c1080018c10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c1080018c20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c1080018c30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c1080018c40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==478==ABORTING
Thread 50 "dring" received signal SIGABRT, Aborted.
[Switching to Thread 0x7fffd46c8700 (LWP 601)]
0x00007ffff2acc428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
54 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0 0x00007ffff2acc428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
#1 0x00007ffff2ace02a in __GI_abort () at abort.c:89
#2 0x00007ffff6f17d99 in ?? () from /usr/lib/x86_64-linux-gnu/libasan.so.2
#3 0x00007ffff6f0a769 in ?? () from /usr/lib/x86_64-linux-gnu/libasan.so.2
#4 0x00007ffff6f0f5a2 in ?? () from /usr/lib/x86_64-linux-gnu/libasan.so.2
#5 0x00007ffff6f096e6 in __asan_report_error () from /usr/lib/x86_64-linux-gnu/libasan.so.2
#6 0x00007ffff6ee1691 in memcmp () from /usr/lib/x86_64-linux-gnu/libasan.so.2
#7 0x00007ffff34a1278 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::compare(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) const () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#8 0x0000000000475a8b in std::operator< <char, std::char_traits<char>, std::allocator<char> > (__lhs="local height", __rhs="local width") at /usr/include/c++/5/bits/basic_string.h:4989
#9 0x0000000000462a61 in std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >::operator() (this=0x1f41100 <ring::Smartools::getInstance()::instance_>,
__x="local height", __y="local width") at /usr/include/c++/5/bits/stl_function.h:387
#10 0x00000000004c413c in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::_M_lower_bound (this=0x1f41100 <ring::Smartools::getInstance()::instance_>, __x=0x608000105fa0, __y=0x1f41108 <ring::Smartools::getInstance()::instance_+8>, __k="local width")
at /usr/include/c++/5/bits/stl_tree.h:1628
#11 0x00000000004c3695 in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::lower_bound
(this=0x1f41100 <ring::Smartools::getInstance()::instance_>, __k="local width") at /usr/include/c++/5/bits/stl_tree.h:1091
#12 0x00000000004c2f63 in std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::lower_bound (this=0x1f41100 <ring::Smartools::getInstance()::instance_>, __x="local width")
at /usr/include/c++/5/bits/stl_map.h:916
#13 0x0000000000521845 in std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::operator[](std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&&) (
this=0x1f41100 <ring::Smartools::getInstance()::instance_>, __k=<unknown type in /home/hlefeuvre/Development/ring-daemon/bin/dring, CU 0x19c75c, DIE 0x1b821d>)
at /usr/include/c++/5/bits/stl_map.h:499
#14 0x00000000007da691 in ring::Smartools::setResolution (this=0x1f41100 <ring::Smartools::getInstance()::instance_>, id="local", width=1280, height=720) at smartools.cpp:100
#15 0x00000000009853aa in ring::video::SinkClient::update (this=0x60f000044c00, frame_p=std::shared_ptr (count 2, weak 0) 0x607000120050) at sinkclient.cpp:337
#16 0x000000000071570f in ring::video::Observable<std::shared_ptr<ring::VideoFrame> >::notify (this=0x617000056010, data=std::shared_ptr (count 2, weak 0) 0x607000120050) at video_base.h:97
#17 0x000000000071345d in ring::video::VideoGenerator::publishFrame (this=0x617000056010) at video_base.cpp:50
#18 0x000000000072c85a in ring::video::VideoInput::captureFrame (this=0x617000056010) at video_input.cpp:249
#19 0x000000000072bf6e in ring::video::VideoInput::process (this=0x617000056010) at video_input.cpp:162
#20 0x0000000000734c5e in std::_Mem_fn_base<void (ring::video::VideoInput::*)(), true>::operator()<, void>(ring::video::VideoInput*) const (this=0x6030008d4150, __object=0x617000056010)
at /usr/include/c++/5/functional:600
#21 0x0000000000733c35 in std::_Bind<std::_Mem_fn<void (ring::video::VideoInput::*)()> (ring::video::VideoInput*)>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) (this=0x6030008d4150,
__args=<unknown type in /home/hlefeuvre/Development/ring-daemon/bin/dring, CU 0x75e7bf, DIE 0x79c8c4>) at /usr/include/c++/5/functional:1074
#22 0x0000000000732d87 in std::_Bind<std::_Mem_fn<void (ring::video::VideoInput::*)()> (ring::video::VideoInput*)>::operator()<, void>() (this=0x6030008d4150) at /usr/include/c++/5/functional:1133
#23 0x0000000000731e1f in std::_Function_handler<void (), std::_Bind<std::_Mem_fn<void (ring::video::VideoInput::*)()> (ring::video::VideoInput*)> >::_M_invoke(std::_Any_data const&) (__functor=...)
at /usr/include/c++/5/functional:1871
```
This is CWE-416 but security implications are negligible IMO.Hugo LefeuvreHugo Lefeuvrehttps://git.jami.net/savoirfairelinux/jami-daemon/-/issues/36device revokation: password check failure and crash2022-11-14T21:52:32ZHugo Lefeuvredevice revokation: password check failure and crash**Affects**: latest daemon master with opendht from the contribs
**How to reproduce**:
You will need an account A with non-empty password (let's say "123456789")
1. open GNOME client
2. go to account A's settings
3. try to revoke devi...**Affects**: latest daemon master with opendht from the contribs
**How to reproduce**:
You will need an account A with non-empty password (let's say "123456789")
1. open GNOME client
2. go to account A's settings
3. try to revoke device, password is asked
4. enter empty password
Expected: daemon detects bad password and GNOME client displays bad password dialog.
What happens: daemon fails to catch bad password & dht crashes.
**gdb stacktrace**:
```
[1533936396.816|15896|ringaccount.cpp :2119 ] Query for local certificate store: 4e9fcf8b3abab01b5bf17a974090a0c91f7c3f87: 1 found.
[Thread 0x7fffeaddf700 (LWP 15901) exited]
[Thread 0x7fffe8ddb700 (LWP 15905) exited]
[1533936402.917|15896|ringaccount.cpp :3292 ] [Account 9fba7138a1fc3f51] found 1 devices for c2383a4923f3f3ead1b9f725456e8ff9d69581a3
[1533936413.395|15913|ringaccount.cpp :926 ] [Account 9fba7138a1fc3f51] reading account archive
[1533936413.395|15913|fileutils.cpp :424 ] Reading archive from /home/hlefeuvre/.local/share/ring/9fba7138a1fc3f51/export.gz
[1533936414.505|15913|fileutils.cpp :441 ] Error decrypting archive: Can't decrypt data
[1533936414.505|15913|thread_pool.cpp :79 ] Exception running task: Can't decrypt data
Dropping packet with high delay: 0.826318
[1533936418.547|15913|ringaccount.cpp :926 ] [Account 9fba7138a1fc3f51] reading account archive
[1533936418.547|15913|fileutils.cpp :424 ] Reading archive from /home/hlefeuvre/.local/share/ring/9fba7138a1fc3f51/export.gz
[1533936418.547|15913|accountarchive.cpp:31 ] Loading account archive (10664 bytes)
[New Thread 0x7fffe8ddb700 (LWP 15932)]
[Thread 0x7fffe8ddb700 (LWP 15932) exited]
Thread 1 "dring" received signal SIGSEGV, Segmentation fault.
0x0000000000b08f94 in dht::crypto::Certificate::getExpiration() const ()
(gdb) bt
#0 0x0000000000b08f94 in dht::crypto::Certificate::getExpiration() const ()
#1 0x0000000000b0c6a2 in dht::crypto::RevocationList::sign(dht::crypto::PrivateKey const&, dht::crypto::Certificate const&, std::chrono::duration<long, std::ratio<1l, 1000000000l> >) ()
#2 0x00000000006569a7 in dht::crypto::RevocationList::sign (this=0x6030003516b0, id=...) at /home/hlefeuvre/Development/ring-daemon/contrib/x86_64-linux-gnu/include/opendht/crypto.h:212
#3 0x000000000060eeba in ring::RingAccount::<lambda(const std::shared_ptr<dht::crypto::Certificate>&)>::operator()(const std::shared_ptr<dht::crypto::Certificate> &) (__closure=0x6080000958a0,
crt=std::shared_ptr (count 4, weak 0) 0x60800000fe30) at ringaccount.cpp:1123
#4 0x000000000063eda3 in std::_Function_handler<void(const std::shared_ptr<dht::crypto::Certificate>&), ring::RingAccount::revokeDevice(const string&, const string&)::<lambda(const std::shared_ptr<dht::crypto::Certificate>&)> >::_M_invoke(const std::_Any_data &, const std::shared_ptr<dht::crypto::Certificate> &) (__functor=..., __args#0=std::shared_ptr (count 4, weak 0) 0x60800000fe30)
at /usr/include/c++/5/functional:1871
#5 0x0000000000678909 in std::function<void (std::shared_ptr<dht::crypto::Certificate> const&)>::operator()(std::shared_ptr<dht::crypto::Certificate> const&) const (this=0x7fffffffcb80,
__args#0=std::shared_ptr (count 4, weak 0) 0x60800000fe30) at /usr/include/c++/5/functional:2267
#6 0x000000000062720f in ring::RingAccount::findCertificate(dht::Hash<20ul> const&, std::function<void (std::shared_ptr<dht::crypto::Certificate> const&)>&&) (this=0x623000007110, h=...,
cb=<unknown type in /home/hlefeuvre/Development/ring-daemon/bin/dring, CU 0x4b98e6, DIE 0x5f4616>) at ringaccount.cpp:2580
#7 0x000000000060f774 in ring::RingAccount::revokeDevice (this=0x623000007110, password="", device="25a30306bd68013858d55f9edad096c65f523048") at ringaccount.cpp:1133
#8 0x0000000000527061 in DRing::revokeDevice (accountID="9fba7138a1fc3f51", password="", deviceID="25a30306bd68013858d55f9edad096c65f523048") at configurationmanager.cpp:308
#9 0x00000000004d163b in DBusConfigurationManager::revokeDevice (this=0x61500001f980, accountID="9fba7138a1fc3f51", password="", device="25a30306bd68013858d55f9edad096c65f523048")
at dbusconfigurationmanager.cpp:93
#10 0x00000000004dcf7b in cx::ring::Ring::ConfigurationManager_adaptor::_revokeDevice_stub (this=0x61500001f980, call=...) at dbusconfigurationmanager.adaptor.h:1495
#11 0x00000000004fa932 in DBus::Callback<cx::ring::Ring::ConfigurationManager_adaptor, DBus::Message, DBus::CallMessage const&>::call (this=0x6030000249a0, param=...)
at /home/hlefeuvre/Development/ring-daemon/contrib/x86_64-linux-gnu/include/dbus-c++-1/dbus-c++/util.h:283
#12 0x0000000000505cff in DBus::Slot<DBus::Message, DBus::CallMessage const&>::call(DBus::CallMessage const&) const () at /usr/include/c++/5/ext/new_allocator.h:120
#13 0x0000000000504df2 in DBus::InterfaceAdaptor::dispatch_method(DBus::CallMessage const&) () at /usr/include/c++/5/ext/new_allocator.h:120
#14 0x000000000050d777 in DBus::ObjectAdaptor::handle_message(DBus::Message const&) () at /usr/include/c++/5/ext/new_allocator.h:120
#15 0x000000000050ccee in DBus::ObjectAdaptor::Private::message_function_stub(DBusConnection*, DBusMessage*, void*) () at /usr/include/c++/5/ext/new_allocator.h:120
#16 0x00007ffff6c3f813 in ?? () from /lib/x86_64-linux-gnu/libdbus-1.so.3
#17 0x00007ffff6c30d94 in dbus_connection_dispatch () from /lib/x86_64-linux-gnu/libdbus-1.so.3
#18 0x00000000004fc812 in DBus::Connection::Private::do_dispatch() () at /usr/include/c++/5/ext/new_allocator.h:120
#19 0x00000000004ff779 in DBus::Dispatcher::dispatch_pending(std::__cxx11::list<DBus::Connection::Private*, std::allocator<DBus::Connection::Private*> >&) ()
at /usr/include/c++/5/ext/new_allocator.h:120
#20 0x00000000004ff577 in DBus::Dispatcher::dispatch_pending() () at /usr/include/c++/5/ext/new_allocator.h:120
#21 0x00000000005032ca in DBus::BusDispatcher::do_iteration() () at /usr/include/c++/5/ext/new_allocator.h:120
#22 0x0000000000502f78 in DBus::BusDispatcher::enter() () at /usr/include/c++/5/ext/new_allocator.h:120
#23 0x0000000000459fcf in DBusClient::event_loop (this=0x60600000a340) at dbusclient.cpp:250
#24 0x00000000004541d1 in main (argc=2, argv=0x7fffffffdc88) at main.cpp:236
```