heap-use-after-free in PulseLayer::getCaptureDeviceList (#45) · Issues · savoirfairelinux / jami-daemon

heap-use-after-free in PulseLayer::getCaptureDeviceList

Affects: latest ring daemon master

PulseLayer::getCaptureDeviceList seems to be affected by a race condition and resulting heap-use-after-free (media/audio/pulseaudio/pulselayer.cpp:242).

Logs with ASan crash report:

fe38c3ef98edd87ace33efb3183230194f8fba88
[1536090351.878| 6964|ringaccount.cpp   :2591 ] Can't set certificate status for existing contacts 3c2a2fae84be1713e6d68d39360faa7441220c00
[1536090351.882| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
[1536090351.903| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
[1536090351.912| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
[1536090351.922| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
[1536090351.931| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
[1536090351.942| 6964|namedirectory.cpp :66   ] Can't parse URI: 
[1536090351.942| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
[1536090351.945| 6964|namedirectory.cpp :66   ] Can't parse URI: 
[1536090351.950| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
[1536090351.961| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
[1536090351.968| 6964|manager.cpp       :2414 ] Audio manager chosen already in use. No changes made. 
[1536090351.968| 6964|configurationmanager.cpp:621  ] Get audio plugin default
[1536090351.970| 6964|pulselayer.cpp    :153  ] Waiting....
[1536090351.970| 7013|pulselayer.cpp    :153  ] Waiting....
[1536090351.970| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
[1536090351.970| 7013|pulselayer.cpp    :153  ] Waiting....
[1536090351.971| 7013|pulselayer.cpp    :157  ] Connection to PulseAudio server established
[1536090351.971| 7013|pulselayer.cpp    :186  ] Updating PulseAudio sink list
[1536090351.971| 7013|pulselayer.cpp    :202  ] Updating PulseAudio source list
[1536090351.971| 7013|pulselayer.cpp    :218  ] Updating PulseAudio server infos
[1536090351.971| 6964|manager.cpp       :2164 ] No audio layer created, possibly built without audio support
=================================================================
==6964==ERROR: AddressSanitizer: heap-use-after-free on address 0x61800001f188 at pc 0x0000008cd866 bp 0x7fff07e3e190 sp 0x7fff07e3e180
READ of size 8 at 0x61800001f188 thread T0
[1536090351.972| 7013|pulselayer.cpp    :635  ] PulseAudio server info:
    Server name: pulseaudio
    Server version: 8.0
    Default Sink alsa_output.pci-0000_00_1b.0.analog-stereo
    Default Source alsa_input.usb-046d_HD_Pro_Webcam_C920_8A8B667F-02.analog-stereo
    Default Sample Specification: s16le 2ch 44100Hz
    Default Channel Map: front-left,front-right

[1536090352.012| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
[1536090352.020| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
[1536090352.029| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
[1536090352.039| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
    #0 0x8cd865 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_length(unsigned long) /usr/include/c++/5/bits/basic_string.h:131
    #1 0x8cd865 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_set_length(unsigned long) /usr/include/c++/5/bits/basic_string.h:164
    #2 0x8cd865 in void std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_construct<char*>(char*, char*, std::forward_iterator_tag) /usr/include/c++/5/bits/basic_string.tcc:236
    #3 0x8cd865 in void std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_construct_aux<char*>(char*, char*, std::__false_type) /usr/include/c++/5/bits/basic_string.h:195
    #4 0x8cd865 in void std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_construct<char*>(char*, char*) /usr/include/c++/5/bits/basic_string.h:214
    #5 0x8cd865 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /usr/include/c++/5/bits/basic_string.h:400
    #6 0x8cd865 in void __gnu_cxx::new_allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >::construct<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&>(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /usr/include/c++/5/ext/new_allocator.h:120
    #7 0x8cd865 in void std::allocator_traits<std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >::construct<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&>(std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /usr/include/c++/5/bits/alloc_traits.h:530
    #8 0x8cd865 in void std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >::emplace_back<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&>(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /usr/include/c++/5/bits/vector.tcc:96
    #9 0x8cd865 in ring::PulseLayer::getCaptureDeviceList[abi:cxx11]() const /home/hlefeuvre/Development/ring-daemon/src/media/audio/pulseaudio/pulselayer.cpp:242
[1536090352.048| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
[1536090352.057| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
[1536090352.067| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
[1536090352.076| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
[1536090352.086| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
[1536090352.094| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
[1536090352.102| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
    #10 0x6fd2ea in ring::Manager::getAudioInputDeviceList[abi:cxx11]() /home/hlefeuvre/Development/ring-daemon/src/manager.cpp:2223
[1536090352.114| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
    #11 0x50acb7 in DRing::getAudioInputDeviceList[abi:cxx11]() /home/hlefeuvre/Development/ring-daemon/src/client/configurationmanager.cpp:578
    #12 0x4bf03f in DBusConfigurationManager::getAudioInputDeviceList[abi:cxx11]() /home/hlefeuvre/Development/ring-daemon/bin/dbus/dbusconfigurationmanager.cpp:265
    #13 0x4bf03f in cx::ring::Ring::ConfigurationManager_adaptor::_getAudioInputDeviceList_stub(DBus::CallMessage const&) /home/hlefeuvre/Development/ring-daemon/bin/dbus/dbusconfigurationmanager.adaptor.h:1993
    #14 0x4b0cb4 in DBus::Callback<cx::ring::Ring::ConfigurationManager_adaptor, DBus::Message, DBus::CallMessage const&>::call(DBus::CallMessage const&) const /home/hlefeuvre/Development/ring-daemon/contrib/x86_64-linux-gnu/include/dbus-c++-1/dbus-c++/util.h:283
    #15 0x4e39ee in DBus::Slot<DBus::Message, DBus::CallMessage const&>::call(DBus::CallMessage const&) const (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x4e39ee)
    #16 0x4e280f in DBus::InterfaceAdaptor::dispatch_method(DBus::CallMessage const&) (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x4e280f)
    #17 0x4ecf1a in DBus::ObjectAdaptor::handle_message(DBus::Message const&) (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x4ecf1a)
    #18 0x4ec491 in DBus::ObjectAdaptor::Private::message_function_stub(DBusConnection*, DBusMessage*, void*) (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x4ec491)
    #19 0x7fb37e9cc812  (/lib/x86_64-linux-gnu/libdbus-1.so.3+0x21812)
    #20 0x7fb37e9bdd93 in dbus_connection_dispatch (/lib/x86_64-linux-gnu/libdbus-1.so.3+0x12d93)
    #21 0x4d97b1 in DBus::Connection::Private::do_dispatch() (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x4d97b1)
    #22 0x4dd080 in DBus::Dispatcher::dispatch_pending(std::__cxx11::list<DBus::Connection::Private*, std::allocator<DBus::Connection::Private*> >&) (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x4dd080)
    #23 0x4dce7e in DBus::Dispatcher::dispatch_pending() (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x4dce7e)
    #24 0x4e0c0d in DBus::BusDispatcher::do_iteration() (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x4e0c0d)
    #25 0x4e08bb in DBus::BusDispatcher::enter() (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x4e08bb)
    #26 0x4590a2 in DBusClient::event_loop() /home/hlefeuvre/Development/ring-daemon/bin/dbus/dbusclient.cpp:250
    #27 0x45131f in main /home/hlefeuvre/Development/ring-daemon/bin/main.cpp:236
    #28 0x7fb37a84482f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #29 0x457f18 in _start (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x457f18)

0x61800001f188 is located 264 bytes inside of 896-byte region [0x61800001f080,0x61800001f400)
freed by thread T34 (threaded-ml) here:
    #0 0x7fb37ec90b2a in operator delete(void*) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99b2a)
    #1 0x8d5953 in __gnu_cxx::new_allocator<ring::PaDeviceInfos>::deallocate(ring::PaDeviceInfos*, unsigned long) /usr/include/c++/5/ext/new_allocator.h:110
    #2 0x8d5953 in std::allocator_traits<std::allocator<ring::PaDeviceInfos> >::deallocate(std::allocator<ring::PaDeviceInfos>&, ring::PaDeviceInfos*, unsigned long) /usr/include/c++/5/bits/alloc_traits.h:517
    #3 0x8d5953 in std::_Vector_base<ring::PaDeviceInfos, std::allocator<ring::PaDeviceInfos> >::_M_deallocate(ring::PaDeviceInfos*, unsigned long) /usr/include/c++/5/bits/stl_vector.h:178
    #4 0x8d5953 in void std::vector<ring::PaDeviceInfos, std::allocator<ring::PaDeviceInfos> >::_M_emplace_back_aux<ring::PaDeviceInfos>(ring::PaDeviceInfos&&) /usr/include/c++/5/bits/vector.tcc:438

previously allocated by thread T34 (threaded-ml) here:
    #0 0x7fb37ec90532 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99532)
    #1 0x8d4e1b in __gnu_cxx::new_allocator<ring::PaDeviceInfos>::allocate(unsigned long, void const*) /usr/include/c++/5/ext/new_allocator.h:104
    #2 0x8d4e1b in std::allocator_traits<std::allocator<ring::PaDeviceInfos> >::allocate(std::allocator<ring::PaDeviceInfos>&, unsigned long) /usr/include/c++/5/bits/alloc_traits.h:491
    #3 0x8d4e1b in std::_Vector_base<ring::PaDeviceInfos, std::allocator<ring::PaDeviceInfos> >::_M_allocate(unsigned long) /usr/include/c++/5/bits/stl_vector.h:170
    #4 0x8d4e1b in void std::vector<ring::PaDeviceInfos, std::allocator<ring::PaDeviceInfos> >::_M_emplace_back_aux<ring::PaDeviceInfos>(ring::PaDeviceInfos&&) /usr/include/c++/5/bits/vector.tcc:412
    #5 0x15aed8f  (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x15aed8f)

Thread T34 (threaded-ml) created by T0 here:
    #0 0x7fb37ec2d253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
    #1 0x7fb37a1e984c in pa_thread_new (/usr/lib/x86_64-linux-gnu/pulseaudio/libpulsecommon-8.0.so+0x4f84c)

SUMMARY: AddressSanitizer: heap-use-after-free /usr/include/c++/5/bits/basic_string.h:131 std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_length(unsigned long)
Shadow bytes around the buggy address:
  0x0c307fffbde0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c307fffbdf0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c307fffbe00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c307fffbe10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c307fffbe20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c307fffbe30: fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c307fffbe40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c307fffbe50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c307fffbe60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c307fffbe70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c307fffbe80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
==6964==ABORTING

**Affects:** latest ring daemon master

PulseLayer::getCaptureDeviceList seems to be affected by a race condition and resulting heap-use-after-free (media/audio/pulseaudio/pulselayer.cpp:242).

**Logs with ASan crash report:**

```
fe38c3ef98edd87ace33efb3183230194f8fba88
[1536090351.878| 6964|ringaccount.cpp   :2591 ] Can't set certificate status for existing contacts 3c2a2fae84be1713e6d68d39360faa7441220c00
[1536090351.882| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
[1536090351.903| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
[1536090351.912| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
[1536090351.922| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
[1536090351.931| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
[1536090351.942| 6964|namedirectory.cpp :66   ] Can't parse URI: 
[1536090351.942| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
[1536090351.945| 6964|namedirectory.cpp :66   ] Can't parse URI: 
[1536090351.950| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
[1536090351.961| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
[1536090351.968| 6964|manager.cpp       :2414 ] Audio manager chosen already in use. No changes made. 
[1536090351.968| 6964|configurationmanager.cpp:621  ] Get audio plugin default
[1536090351.970| 6964|pulselayer.cpp    :153  ] Waiting....
[1536090351.970| 7013|pulselayer.cpp    :153  ] Waiting....
[1536090351.970| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
[1536090351.970| 7013|pulselayer.cpp    :153  ] Waiting....
[1536090351.971| 7013|pulselayer.cpp    :157  ] Connection to PulseAudio server established
[1536090351.971| 7013|pulselayer.cpp    :186  ] Updating PulseAudio sink list
[1536090351.971| 7013|pulselayer.cpp    :202  ] Updating PulseAudio source list
[1536090351.971| 7013|pulselayer.cpp    :218  ] Updating PulseAudio server infos
[1536090351.971| 6964|manager.cpp       :2164 ] No audio layer created, possibly built without audio support
=================================================================
==6964==ERROR: AddressSanitizer: heap-use-after-free on address 0x61800001f188 at pc 0x0000008cd866 bp 0x7fff07e3e190 sp 0x7fff07e3e180
READ of size 8 at 0x61800001f188 thread T0
[1536090351.972| 7013|pulselayer.cpp    :635  ] PulseAudio server info:
    Server name: pulseaudio
    Server version: 8.0
    Default Sink alsa_output.pci-0000_00_1b.0.analog-stereo
    Default Source alsa_input.usb-046d_HD_Pro_Webcam_C920_8A8B667F-02.analog-stereo
    Default Sample Specification: s16le 2ch 44100Hz
    Default Channel Map: front-left,front-right

[1536090352.012| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
[1536090352.020| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
[1536090352.029| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
[1536090352.039| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
    #0 0x8cd865 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_length(unsigned long) /usr/include/c++/5/bits/basic_string.h:131
    #1 0x8cd865 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_set_length(unsigned long) /usr/include/c++/5/bits/basic_string.h:164
    #2 0x8cd865 in void std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_construct<char*>(char*, char*, std::forward_iterator_tag) /usr/include/c++/5/bits/basic_string.tcc:236
    #3 0x8cd865 in void std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_construct_aux<char*>(char*, char*, std::__false_type) /usr/include/c++/5/bits/basic_string.h:195
    #4 0x8cd865 in void std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_construct<char*>(char*, char*) /usr/include/c++/5/bits/basic_string.h:214
    #5 0x8cd865 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /usr/include/c++/5/bits/basic_string.h:400
    #6 0x8cd865 in void __gnu_cxx::new_allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >::construct<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&>(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /usr/include/c++/5/ext/new_allocator.h:120
    #7 0x8cd865 in void std::allocator_traits<std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >::construct<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&>(std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /usr/include/c++/5/bits/alloc_traits.h:530
    #8 0x8cd865 in void std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >::emplace_back<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&>(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /usr/include/c++/5/bits/vector.tcc:96
    #9 0x8cd865 in ring::PulseLayer::getCaptureDeviceList[abi:cxx11]() const /home/hlefeuvre/Development/ring-daemon/src/media/audio/pulseaudio/pulselayer.cpp:242
[1536090352.048| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
[1536090352.057| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
[1536090352.067| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
[1536090352.076| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
[1536090352.086| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
[1536090352.094| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
[1536090352.102| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
    #10 0x6fd2ea in ring::Manager::getAudioInputDeviceList[abi:cxx11]() /home/hlefeuvre/Development/ring-daemon/src/manager.cpp:2223
[1536090352.114| 6985|certstore.cpp     :75   ] CertificateStore: loaded 12 local certificates.
    #11 0x50acb7 in DRing::getAudioInputDeviceList[abi:cxx11]() /home/hlefeuvre/Development/ring-daemon/src/client/configurationmanager.cpp:578
    #12 0x4bf03f in DBusConfigurationManager::getAudioInputDeviceList[abi:cxx11]() /home/hlefeuvre/Development/ring-daemon/bin/dbus/dbusconfigurationmanager.cpp:265
    #13 0x4bf03f in cx::ring::Ring::ConfigurationManager_adaptor::_getAudioInputDeviceList_stub(DBus::CallMessage const&) /home/hlefeuvre/Development/ring-daemon/bin/dbus/dbusconfigurationmanager.adaptor.h:1993
    #14 0x4b0cb4 in DBus::Callback<cx::ring::Ring::ConfigurationManager_adaptor, DBus::Message, DBus::CallMessage const&>::call(DBus::CallMessage const&) const /home/hlefeuvre/Development/ring-daemon/contrib/x86_64-linux-gnu/include/dbus-c++-1/dbus-c++/util.h:283
    #15 0x4e39ee in DBus::Slot<DBus::Message, DBus::CallMessage const&>::call(DBus::CallMessage const&) const (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x4e39ee)
    #16 0x4e280f in DBus::InterfaceAdaptor::dispatch_method(DBus::CallMessage const&) (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x4e280f)
    #17 0x4ecf1a in DBus::ObjectAdaptor::handle_message(DBus::Message const&) (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x4ecf1a)
    #18 0x4ec491 in DBus::ObjectAdaptor::Private::message_function_stub(DBusConnection*, DBusMessage*, void*) (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x4ec491)
    #19 0x7fb37e9cc812  (/lib/x86_64-linux-gnu/libdbus-1.so.3+0x21812)
    #20 0x7fb37e9bdd93 in dbus_connection_dispatch (/lib/x86_64-linux-gnu/libdbus-1.so.3+0x12d93)
    #21 0x4d97b1 in DBus::Connection::Private::do_dispatch() (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x4d97b1)
    #22 0x4dd080 in DBus::Dispatcher::dispatch_pending(std::__cxx11::list<DBus::Connection::Private*, std::allocator<DBus::Connection::Private*> >&) (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x4dd080)
    #23 0x4dce7e in DBus::Dispatcher::dispatch_pending() (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x4dce7e)
    #24 0x4e0c0d in DBus::BusDispatcher::do_iteration() (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x4e0c0d)
    #25 0x4e08bb in DBus::BusDispatcher::enter() (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x4e08bb)
    #26 0x4590a2 in DBusClient::event_loop() /home/hlefeuvre/Development/ring-daemon/bin/dbus/dbusclient.cpp:250
    #27 0x45131f in main /home/hlefeuvre/Development/ring-daemon/bin/main.cpp:236
    #28 0x7fb37a84482f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #29 0x457f18 in _start (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x457f18)

0x61800001f188 is located 264 bytes inside of 896-byte region [0x61800001f080,0x61800001f400)
freed by thread T34 (threaded-ml) here:
    #0 0x7fb37ec90b2a in operator delete(void*) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99b2a)
    #1 0x8d5953 in __gnu_cxx::new_allocator<ring::PaDeviceInfos>::deallocate(ring::PaDeviceInfos*, unsigned long) /usr/include/c++/5/ext/new_allocator.h:110
    #2 0x8d5953 in std::allocator_traits<std::allocator<ring::PaDeviceInfos> >::deallocate(std::allocator<ring::PaDeviceInfos>&, ring::PaDeviceInfos*, unsigned long) /usr/include/c++/5/bits/alloc_traits.h:517
    #3 0x8d5953 in std::_Vector_base<ring::PaDeviceInfos, std::allocator<ring::PaDeviceInfos> >::_M_deallocate(ring::PaDeviceInfos*, unsigned long) /usr/include/c++/5/bits/stl_vector.h:178
    #4 0x8d5953 in void std::vector<ring::PaDeviceInfos, std::allocator<ring::PaDeviceInfos> >::_M_emplace_back_aux<ring::PaDeviceInfos>(ring::PaDeviceInfos&&) /usr/include/c++/5/bits/vector.tcc:438

previously allocated by thread T34 (threaded-ml) here:
    #0 0x7fb37ec90532 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99532)
    #1 0x8d4e1b in __gnu_cxx::new_allocator<ring::PaDeviceInfos>::allocate(unsigned long, void const*) /usr/include/c++/5/ext/new_allocator.h:104
    #2 0x8d4e1b in std::allocator_traits<std::allocator<ring::PaDeviceInfos> >::allocate(std::allocator<ring::PaDeviceInfos>&, unsigned long) /usr/include/c++/5/bits/alloc_traits.h:491
    #3 0x8d4e1b in std::_Vector_base<ring::PaDeviceInfos, std::allocator<ring::PaDeviceInfos> >::_M_allocate(unsigned long) /usr/include/c++/5/bits/stl_vector.h:170
    #4 0x8d4e1b in void std::vector<ring::PaDeviceInfos, std::allocator<ring::PaDeviceInfos> >::_M_emplace_back_aux<ring::PaDeviceInfos>(ring::PaDeviceInfos&&) /usr/include/c++/5/bits/vector.tcc:412
    #5 0x15aed8f  (/home/hlefeuvre/Development/ring-daemon/bin/dring+0x15aed8f)

Thread T34 (threaded-ml) created by T0 here:
    #0 0x7fb37ec2d253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
    #1 0x7fb37a1e984c in pa_thread_new (/usr/lib/x86_64-linux-gnu/pulseaudio/libpulsecommon-8.0.so+0x4f84c)

SUMMARY: AddressSanitizer: heap-use-after-free /usr/include/c++/5/bits/basic_string.h:131 std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_length(unsigned long)
Shadow bytes around the buggy address:
  0x0c307fffbde0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c307fffbdf0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c307fffbe00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c307fffbe10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c307fffbe20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c307fffbe30: fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c307fffbe40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c307fffbe50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c307fffbe60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c307fffbe70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c307fffbe80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
==6964==ABORTING
```

heap-use-after-free in PulseLayer::getCaptureDeviceList

Related issues