=================================================================
==1914124==ERROR: AddressSanitizer: heap-use-after-free on address 0x61900074d460 at pc 0x55b7feb157df bp 0x7f2bedcfae40 sp 0x7f2bedcfae30
READ of size 4 at 0x61900074d460 thread T1
[mjpeg @ 0x6190002b4380] unable to decode APP fields: Invalid data found when processing input
[mjpeg @ 0x6190002b4380] unable to decode APP fields: Invalid data found when processing input
[mjpeg @ 0x6190002b4380] unable to decode APP fields: Invalid data found when processing input
[mjpeg @ 0x6190002b4380] unable to decode APP fields: Invalid data found when processing input
[mjpeg @ 0x6190002b4380] unable to decode APP fields: Invalid data found when processing input
#0 0x55b7feb157de in jami::Sdp::getIceCandidates[abi:cxx11](unsigned int) const /home/sblin/ring-project/daemon/src/sip/sdp.cpp:740
[mjpeg @ 0x6190002b4380] unable to decode APP fields: Invalid data found when processing input
#1 0x55b7feb7e12f in operator() /home/sblin/ring-project/daemon/src/sip/sipcall.cpp:1047
#2 0x55b7feb7e67e in jami::SIPCall::getAllRemoteCandidates() /home/sblin/ring-project/daemon/src/sip/sipcall.cpp:1060
#3 0x55b7feb82262 in operator() /home/sblin/ring-project/daemon/src/sip/sipcall.cpp:1346
#4 0x55b7feb8cf67 in _M_invoke /usr/include/c++/9/bits/std_function.h:285
#5 0x55b7fea7452f in std::function<bool ()>::operator()() const /usr/include/c++/9/bits/std_function.h:688
#6 0x55b7feafc80f in jami::RepeatedTask::run() /home/sblin/ring-project/daemon/src/scheduled_executor.h:76
#7 0x55b7feaf8c56 in operator() /home/sblin/ring-project/daemon/src/scheduled_executor.cpp:87
#8 0x55b7feafbf79 in _M_invoke /usr/include/c++/9/bits/std_function.h:300
#9 0x55b7fe56c807 in std::function<void ()>::operator()() const /usr/include/c++/9/bits/std_function.h:688
#10 0x55b7feafc6bb in jami::Task::run() /home/sblin/ring-project/daemon/src/scheduled_executor.h:55
#11 0x55b7feaf9160 in operator() /home/sblin/ring-project/daemon/src/scheduled_executor.cpp:98
#12 0x55b7feafb3d6 in _M_invoke /usr/include/c++/9/bits/std_function.h:300
#13 0x55b7fe56c807 in std::function<void ()>::operator()() const /usr/include/c++/9/bits/std_function.h:688
#14 0x55b7feaf99b9 in jami::ScheduledExecutor::loop() /home/sblin/ring-project/daemon/src/scheduled_executor.cpp:124
#15 0x55b7feaf7ed0 in operator() /home/sblin/ring-project/daemon/src/scheduled_executor.cpp:28
#16 0x55b7feafc5f9 in __invoke_impl<void, jami::ScheduledExecutor::ScheduledExecutor()::<lambda()> > /usr/include/c++/9/bits/invoke.h:60
#17 0x55b7feafc5ae in __invoke<jami::ScheduledExecutor::ScheduledExecutor()::<lambda()> > /usr/include/c++/9/bits/invoke.h:95
#18 0x55b7feafc55b in _M_invoke<0> /usr/include/c++/9/thread:244
#19 0x55b7feafc531 in operator() /usr/include/c++/9/thread:251
#20 0x55b7feafc515 in _M_run /usr/include/c++/9/thread:195
#21 0x7f2bfc44bd83 (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xd6d83)
#22 0x7f2bfe3a9608 in start_thread /build/glibc-ZN95T4/glibc-2.31/nptl/pthread_create.c:477
#23 0x7f2bfc139292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)
0x61900074d460 is located 736 bytes inside of 1024-byte region [0x61900074d180,0x61900074d580)
freed by thread T1005 here:
#0 0x7f2bfece77cf in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x10d7cf)
#1 0x55b7fef7f1d2 in pj_pool_destroy_int (/home/sblin/ring-project/daemon/bin/dring+0xead1d2)
previously allocated by thread T1005 here:
#0 0x7f2bfece7bc8 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8)
#1 0x55b7fef77d27 in default_block_alloc (/home/sblin/ring-project/daemon/bin/dring+0xea5d27)
Thread T1 created by T0 here:
#0 0x7f2bfec14805 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
#1 0x7f2bfc44c048 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xd7048)
#2 0x55b7feaf8138 in jami::ScheduledExecutor::ScheduledExecutor() /home/sblin/ring-project/daemon/src/scheduled_executor.cpp:29
[mjpeg @ 0x6190002b4380] unable to decode APP fields: Invalid data found when processing input
#3 0x55b7fe9db7e6 in jami::Manager::ManagerPimpl::ManagerPimpl(jami::Manager&) /home/sblin/ring-project/daemon/src/manager.cpp:447
#4 0x55b7fe9def76 in jami::Manager::Manager() /home/sblin/ring-project/daemon/src/manager.cpp:726
#5 0x55b7fe9ded3d in jami::Manager::instance() /home/sblin/ring-project/daemon/src/manager.cpp:702
#6 0x55b7fe59a89d in DRing::init(DRing::InitFlag) /home/sblin/ring-project/daemon/src/ring_api.cpp:57
[mjpeg @ 0x6190002b4380] unable to decode APP fields: Invalid data found when processing input
#7 0x55b7fe473d0f in DBusClient::initLibrary(int) /home/sblin/ring-project/daemon/bin/dbus/dbusclient.cpp:245
#8 0x55b7fe468891 in DBusClient::DBusClient(int, bool) /home/sblin/ring-project/daemon/bin/dbus/dbusclient.cpp:108
#9 0x55b7fe467f9f in void __gnu_cxx::new_allocator<DBusClient>::construct<DBusClient, int&, bool&>(DBusClient*, int&, bool&) (/home/sblin/ring-project/daemon/bin/dring+0x395f9f)
#10 0x55b7fe467d63 in void std::allocator_traits<std::allocator<DBusClient> >::construct<DBusClient, int&, bool&>(std::allocator<DBusClient>&, DBusClient*, int&, bool&) (/home/sblin/ring-project/daemon/bin/dring+0x395d63)
#11 0x55b7fe467994 in std::_Sp_counted_ptr_inplace<DBusClient, std::allocator<DBusClient>, (__gnu_cxx::_Lock_policy)2>::_Sp_counted_ptr_inplace<int&, bool&>(std::allocator<DBusClient>, int&, bool&) (/home/sblin/ring-project/daemon/bin/dring+0x395994)
#12 0x55b7fe46735a in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::__shared_count<DBusClient, std::allocator<DBusClient>, int&, bool&>(DBusClient*&, std::_Sp_alloc_shared_tag<std::allocator<DBusClient> >, int&, bool&) (/home/sblin/ring-project/daemon/bin/dring+0x39535a)
#13 0x55b7fe466ead in std::__shared_ptr<DBusClient, (__gnu_cxx::_Lock_policy)2>::__shared_ptr<std::allocator<DBusClient>, int&, bool&>(std::_Sp_alloc_shared_tag<std::allocator<DBusClient> >, int&, bool&) (/home/sblin/ring-project/daemon/bin/dring+0x394ead)
#14 0x55b7fe46636e in std::shared_ptr<DBusClient>::shared_ptr<std::allocator<DBusClient>, int&, bool&>(std::_Sp_alloc_shared_tag<std::allocator<DBusClient> >, int&, bool&) (/home/sblin/ring-project/daemon/bin/dring+0x39436e)
#15 0x55b7fe46589e in std::shared_ptr<DBusClient> std::allocate_shared<DBusClient, std::allocator<DBusClient>, int&, bool&>(std::allocator<DBusClient> const&, int&, bool&) (/home/sblin/ring-project/daemon/bin/dring+0x39389e)
#16 0x55b7fe464ece in std::shared_ptr<DBusClient> std::make_shared<DBusClient, int&, bool&>(int&, bool&) (/home/sblin/ring-project/daemon/bin/dring+0x392ece)
#17 0x55b7fe463c41 in main /home/sblin/ring-project/daemon/bin/main.cpp:218
#18 0x7f2bfc03e0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
Thread T1005 created by T26 here:
#0 0x7f2bfec14805 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
#1 0x7f2bfc44c048 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xd7048)
#2 0x55b7feaf8138 in jami::ScheduledExecutor::ScheduledExecutor() /home/sblin/ring-project/daemon/src/scheduled_executor.cpp:29
#3 0x55b7fee0255b in jami::tls::ChanneledSIPTransport::ChanneledSIPTransport(pjsip_endpoint*, int, std::shared_ptr<jami::ChannelSocket> const&, jami::IpAddr const&, jami::IpAddr const&, std::function<void ()>&&) /home/sblin/ring-project/daemon/src/jamidht/channeled_transport.cpp:46
[mjpeg @ 0x6190002b4380] unable to decode APP fields: Invalid data found when processing input
#4 0x55b7febc0133 in std::_MakeUniq<jami::tls::ChanneledSIPTransport>::__single_object std::make_unique<jami::tls::ChanneledSIPTransport, pjsip_endpoint*&, pjsip_transport_type_e&, std::shared_ptr<jami::ChannelSocket> const&, jami::IpAddr&, jami::IpAddr&, std::function<void ()> >(pjsip_endpoint*&, pjsip_transport_type_e&, std::shared_ptr<jami::ChannelSocket> const&, jami::IpAddr&, jami::IpAddr&, std::function<void ()>&&) /usr/include/c++/9/bits/unique_ptr.h:857
#5 0x55b7febbafd2 in jami::SipTransportBroker::getChanneledTransport(std::shared_ptr<jami::ChannelSocket> const&, std::function<void ()>&&) /home/sblin/ring-project/daemon/src/sip/siptransport.cpp:452
[mjpeg @ 0x6190002b4380] unable to decode APP fields: Invalid data found when processing input
#6 0x55b7fe6e2e01 in jami::JamiAccount::cacheSIPConnection(std::shared_ptr<jami::ChannelSocket>&&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, dht::Hash<20ul> const&) /home/sblin/ring-project/daemon/src/jamidht/jamiaccount.cpp:3776
#7 0x55b7fe6be1cd in operator() /home/sblin/ring-project/daemon/src/jamidht/jamiaccount.cpp:2229
#8 0x55b7fe6f809e in _M_invoke /usr/include/c++/9/bits/std_function.h:300
[mjpeg @ 0x6190002b4380] unable to decode APP fields: Invalid data found when processing input
#9 0x55b7fee32f69 in std::function<void (dht::Hash<20ul> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::shared_ptr<jami::ChannelSocket>)>::operator()(dht::Hash<20ul> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::shared_ptr<jami::ChannelSocket>) const /usr/include/c++/9/bits/std_function.h:688
#10 0x55b7fee1b62a in operator() /home/sblin/ring-project/daemon/src/jamidht/connectionmanager.cpp:774
#11 0x55b7fee233eb in _M_invoke /usr/include/c++/9/bits/std_function.h:300
[mjpeg @ 0x6190002b4380] unable to decode APP fields: Invalid data found when processing input
#12 0x55b7fe84fe28 in std::function<void (dht::Hash<20ul> const&, std::shared_ptr<jami::ChannelSocket> const&)>::operator()(dht::Hash<20ul> const&, std::shared_ptr<jami::ChannelSocket> const&) const /usr/include/c++/9/bits/std_function.h:688
#13 0x55b7fe841fe4 in operator() /home/sblin/ring-project/daemon/src/jamidht/multiplexed_socket.cpp:267
#14 0x55b7fe848508 in _M_invoke /usr/include/c++/9/bits/std_function.h:300
#15 0x55b7fefbd369 in std::thread::_State_impl<std::thread::_Invoker<std::tuple<dht::ThreadPool::run(std::function<void ()>&&)::{lambda()#1}> > >::_M_run() (/home/sblin/ring-project/daemon/bin/dring+0xeeb369)
#16 0x7f2b8309c507 (<unknown module>)
Thread T26 created by T0 here:
#0 0x7f2bfec14805 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
#1 0x7f2bfc44c048 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xd7048)
#2 0x62300004f8e7 (<unknown module>)
SUMMARY: AddressSanitizer: heap-use-after-free /home/sblin/ring-project/daemon/src/sip/sdp.cpp:740 in jami::Sdp::getIceCandidates[abi:cxx11](unsigned int) const
Shadow bytes around the buggy address:
0x0c32800e1a30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c32800e1a40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c32800e1a50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c32800e1a60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c32800e1a70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c32800e1a80: fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd
0x0c32800e1a90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c32800e1aa0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c32800e1ab0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c32800e1ac0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c32800e1ad0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==1914124==ABORTING