DVDOverlayCodecFFmpeg: Fix for distorted subtitles in 3D modes #26
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
I hope that this is the appropriate KODI branch for future LibreELEC releases. |
popcornmix
force-pushed
the
gbm
branch
2 times, most recently
from
959f279 to
acc1577
Compare
popcornmix
force-pushed
the
gbm
branch
3 times, most recently
from
2767440 to
ffc173b
Compare
popcornmix
force-pushed
the
gbm
branch
2 times, most recently
from
cbafa5c to
46685b1
Compare
popcornmix
force-pushed
the
gbm
branch
2 times, most recently
from
ab395ae to
f3a9069
Compare
popcornmix
force-pushed
the
gbm
branch
5 times, most recently
from
bceab1b to
26c3aa2
Compare
popcornmix
force-pushed
the
gbm
branch
3 times, most recently
from
3a6d97b to
f43eb27
Compare
popcornmix
force-pushed
the
gbm
branch
2 times, most recently
from
6cf3d8a to
417bb73
Compare
popcornmix
pushed a commit
that referenced
this pull request
Oct 10, 2022
There was tried to open local add-on with value "m_localAddon" where at repo content not set!
This has created the following crash:
```gdb
Thread 1 "kodi.bin" received signal SIGSEGV, Segmentation fault.
0x0000555557be400e in CGUIDialogAddonInfo::UpdateControls (this=0x55555bdf8a30, performButtonFocus=PerformButtonFocus::CHOICE_YES) at /home/alwin/Dev/kodi/kodi/xbmc/addons/gui/GUIDialogAddonInfo.cpp:263
263 const bool hasSettings = m_localAddon->CanHaveAddonOrInstanceSettings();
(gdb)
(gdb) bt
#0 0x0000555557be400e in CGUIDialogAddonInfo::UpdateControls(PerformButtonFocus) (this=0x55555bdf8a30, performButtonFocus=PerformButtonFocus::CHOICE_YES)
at /home/alwin/Dev/kodi/kodi/xbmc/addons/gui/GUIDialogAddonInfo.cpp:263
#1 0x0000555557be2d95 in CGUIDialogAddonInfo::OnInitWindow() (this=0x55555bdf8a30) at /home/alwin/Dev/kodi/kodi/xbmc/addons/gui/GUIDialogAddonInfo.cpp:169
#2 0x0000555557a62565 in CGUIWindow::OnMessage(CGUIMessage&) (this=0x55555bdf8a30, message=...) at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIWindow.cpp:588
#3 0x00005555579d4bef in CGUIDialog::OnMessage(CGUIMessage&) (this=0x55555bdf8a30, message=...) at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIDialog.cpp:92
#4 0x0000555557be2bfc in CGUIDialogAddonInfo::OnMessage(CGUIMessage&) (this=0x55555bdf8a30, message=...) at /home/alwin/Dev/kodi/kodi/xbmc/addons/gui/GUIDialogAddonInfo.cpp:152
#5 0x00005555579d5092 in CGUIDialog::Open_Internal(bool, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)
(this=0x55555bdf8a30, bProcessRenderLoop=true, param="") at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIDialog.cpp:169
#6 0x00005555579d52a2 in CGUIDialog::Open(bool, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (this=0x55555bdf8a30, bProcessRenderLoop=true, param="")
at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIDialog.cpp:201
#7 0x00005555579d5182 in CGUIDialog::Open(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (this=0x55555bdf8a30, param="")
at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIDialog.cpp:187
#8 0x0000555557be99df in CGUIDialogAddonInfo::ShowForItem(std::shared_ptr<CFileItem> const&) (item=std::shared_ptr<CFileItem> (use count 6, weak count 0) = {...})
at /home/alwin/Dev/kodi/kodi/xbmc/addons/gui/GUIDialogAddonInfo.cpp:806
#9 0x0000555557bf7e4c in CGUIWindowAddonBrowser::OnClick(int, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (this=0x55555bdcdbb0, iItem=1, player="")
at /home/alwin/Dev/kodi/kodi/xbmc/addons/gui/GUIWindowAddonBrowser.cpp:256
#10 0x00005555576ae097 in CGUIMediaWindow::OnSelect(int) (this=0x55555bdcdbb0, item=1) at /home/alwin/Dev/kodi/kodi/xbmc/windows/GUIMediaWindow.cpp:1186
#11 0x00005555576a759d in CGUIMediaWindow::OnMessage(CGUIMessage&) (this=0x55555bdcdbb0, message=...) at /home/alwin/Dev/kodi/kodi/xbmc/windows/GUIMediaWindow.cpp:309
#12 0x0000555557bf6f1d in CGUIWindowAddonBrowser::OnMessage(CGUIMessage&) (this=0x55555bdcdbb0, message=...) at /home/alwin/Dev/kodi/kodi/xbmc/addons/gui/GUIWindowAddonBrowser.cpp:150
#13 0x00005555579b1b42 in CGUIControl::SendWindowMessage(CGUIMessage&) const (this=0x55555cdfee90, message=...) at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIControl.cpp:313
#14 0x000055555799edb2 in CGUIBaseContainer::OnClick(int) (this=0x55555cdfee90, actionID=7) at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIBaseContainer.cpp:873
#15 0x000055555799c917 in CGUIBaseContainer::OnAction(CAction const&) (this=0x55555cdfee90, action=...) at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIBaseContainer.cpp:450
#16 0x00005555579df9ab in CGUIFixedListContainer::OnAction(CAction const&) (this=0x55555cdfee90, action=...) at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIFixedListContainer.cpp:70
#17 0x0000555557a6197b in CGUIWindow::OnAction(CAction const&) (this=0x55555bdcdbb0, action=...) at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIWindow.cpp:425
#18 0x00005555576a6938 in CGUIMediaWindow::OnAction(CAction const&) (this=0x55555bdcdbb0, action=...) at /home/alwin/Dev/kodi/kodi/xbmc/windows/GUIMediaWindow.cpp:188
#19 0x0000555557a6f570 in CGUIWindowManager::HandleAction(CAction const&) const (this=0x55555b404e80, action=...) at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIWindowManager.cpp:1173
#20 0x0000555557a6f2d3 in CGUIWindowManager::OnAction(CAction const&) const (this=0x55555b404e80, action=...) at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIWindowManager.cpp:1118
#21 0x0000555557d216ad in CApplication::OnAction(CAction const&) (this=0x55555affd9f0, action=...) at /home/alwin/Dev/kodi/kodi/xbmc/Application.cpp:968
#22 0x0000555557939465 in CInputManager::ExecuteInputAction(CAction const&) (this=0x55555b12cc30, action=...) at /home/alwin/Dev/kodi/kodi/xbmc/input/InputManager.cpp:718
#23 0x0000555557938d05 in CInputManager::HandleKey(CKey const&) (this=0x55555b12cc30, key=...) at /home/alwin/Dev/kodi/kodi/xbmc/input/InputManager.cpp:653
#24 0x0000555557939047 in CInputManager::OnKeyUp(CKey const&) (this=0x55555b12cc30, key=...) at /home/alwin/Dev/kodi/kodi/xbmc/input/InputManager.cpp:666
#25 0x0000555557937484 in CInputManager::OnEvent(XBMC_Event&) (this=0x55555b12cc30, newEvent=...) at /home/alwin/Dev/kodi/kodi/xbmc/input/InputManager.cpp:345
#26 0x0000555557d1d0db in CApplication::HandlePortEvents() (this=0x55555affd9f0) at /home/alwin/Dev/kodi/kodi/xbmc/Application.cpp:317
#27 0x0000555557d257d3 in CApplication::FrameMove(bool, bool) (this=0x55555affd9f0, processEvents=true, processGUI=true) at /home/alwin/Dev/kodi/kodi/xbmc/Application.cpp:1752
#28 0x0000555557d25e29 in CApplication::Run() (this=0x55555affd9f0) at /home/alwin/Dev/kodi/kodi/xbmc/Application.cpp:1855
xbmc#29 0x000055555787b5e8 in XBMC_Run(bool, std::shared_ptr<CAppParams> const&) (renderGUI=true, params=std::shared_ptr<CAppParams> (use count 3, weak count 0) = {...})
at /home/alwin/Dev/kodi/kodi/xbmc/platform/xbmc.cpp:64
xbmc#30 0x0000555557025f89 in main(int, char**) (argc=1, argv=0x7fffffffdb28) at /home/alwin/Dev/kodi/kodi/xbmc/platform/posix/main.cpp:69
```
popcornmix
pushed a commit
that referenced
this pull request
Apr 30, 2024
Only remove the child if the node is actually a child.
==51989==ERROR: AddressSanitizer: heap-use-after-free on address 0x511003b69210 at pc 0x5ce4b249275e bp 0x7fff43e1d430 sp 0x7fff43e1d428
READ of size 8 at 0x511003b69210 thread T0
#0 0x5ce4b249275d in TiXmlAttributeSet::First() /usr/include/tinyxml.h:915:50
#1 0x5ce4b2492098 in TiXmlElement::FirstAttribute() /usr/include/tinyxml.h:1087:61
#2 0x5ce4b2bb091e in CGUIIncludes::ResolveParametersForNode(TiXmlElement*, std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>>> const&) xbmc/guilib/GUIIncludes.cpp:586:37
#3 0x5ce4b2bae9bb in CGUIIncludes::ResolveIncludes(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:485:9
#4 0x5ce4b2ba8eaf in CGUIIncludes::Resolve(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:312:3
#5 0x5ce4b2ba8fce in CGUIIncludes::Resolve(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:318:5
#6 0x5ce4b3e808d3 in ADDON::CSkinInfo::ResolveIncludes(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/addons/Skin.cpp:307:14
#7 0x5ce4b2e00084 in CGUIWindow::Prepare(std::unique_ptr<TiXmlElement, std::default_delete<TiXmlElement>> const&) xbmc/guilib/GUIWindow.cpp:168:15
#8 0x5ce4b2dff45e in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:15
#9 0x5ce4b2dfd540 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14
#10 0x5ce4b2e1cac5 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7
#11 0x5ce4b2e14c77 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52
#12 0x5ce4b19ce9d2 in CGUIWindowHome::OnMessage(CGUIMessage&) xbmc/windows/GUIWindowHome.cpp:182:22
#13 0x5ce4b2e613a1 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15
#14 0x5ce4b2e5ce3c in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5
#15 0x5ce4b683ad63 in int (anonymous namespace)::ActivateWindow<true>(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/GUIBuiltins.cpp:109:52
#16 0x5ce4b6822865 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14
#17 0x5ce4b34047ff in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32
#18 0x5ce4b3400a16 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14
#19 0x5ce4b34058a0 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp
#20 0x5ce4b2e52261 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23
#21 0x5ce4b2e7cc7f in CGUIWindowManager::DispatchThreadMessages() xbmc/guilib/GUIWindowManager.cpp:1572:7
#22 0x5ce4b3405bfa in CApplication::Process() xbmc/application/Application.cpp:3139:48
#23 0x5ce4b33ddc98 in CApplication::Run() xbmc/application/Application.cpp:1855:5
#24 0x5ce4b251b323 in XBMC_Run xbmc/platform/xbmc.cpp:61:26
#25 0x5ce4af14af0f in main xbmc/platform/posix/main.cpp:70:16
#26 0x76d804243ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#27 0x76d804243d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#28 0x5ce4af010b94 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa317b94) (BuildId: 923aa634157be6adc50052366abd3ca0edfeffc0)
0x511003b69210 is located 208 bytes inside of 216-byte region [0x511003b69140,0x511003b69218)
freed by thread T0 here:
#0 0x5ce4af148d72 in operator delete(void*, unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44fd72) (BuildId: 923aa634157be6adc50052366abd3ca0edfeffc0)
#1 0x76d80670ea48 in TiXmlNode::RemoveChild(TiXmlNode*) (/usr/lib/libtinyxml.so.0+0x8a48) (BuildId: 2f5d236264d4d695dbe432f41e1eb46c7bc2d5d4)
#2 0x5ce4b2bae9a3 in CGUIIncludes::ResolveIncludes(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:482:9
#3 0x5ce4b2ba8eaf in CGUIIncludes::Resolve(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:312:3
#4 0x5ce4b2ba8fce in CGUIIncludes::Resolve(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:318:5
#5 0x5ce4b3e808d3 in ADDON::CSkinInfo::ResolveIncludes(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/addons/Skin.cpp:307:14
#6 0x5ce4b2e00084 in CGUIWindow::Prepare(std::unique_ptr<TiXmlElement, std::default_delete<TiXmlElement>> const&) xbmc/guilib/GUIWindow.cpp:168:15
#7 0x5ce4b2dff45e in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:15
#8 0x5ce4b2dfd540 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14
#9 0x5ce4b2e1cac5 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7
#10 0x5ce4b2e14c77 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52
#11 0x5ce4b19ce9d2 in CGUIWindowHome::OnMessage(CGUIMessage&) xbmc/windows/GUIWindowHome.cpp:182:22
#12 0x5ce4b2e613a1 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15
#13 0x5ce4b2e5ce3c in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5
#14 0x5ce4b683ad63 in int (anonymous namespace)::ActivateWindow<true>(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/GUIBuiltins.cpp:109:52
#15 0x5ce4b6822865 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14
#16 0x5ce4b34047ff in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32
#17 0x5ce4b3400a16 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14
#18 0x5ce4b34058a0 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp
#19 0x5ce4b2e52261 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23
#20 0x5ce4b2e7cc7f in CGUIWindowManager::DispatchThreadMessages() xbmc/guilib/GUIWindowManager.cpp:1572:7
#21 0x5ce4b3405bfa in CApplication::Process() xbmc/application/Application.cpp:3139:48
#22 0x5ce4b33ddc98 in CApplication::Run() xbmc/application/Application.cpp:1855:5
#23 0x5ce4b251b323 in XBMC_Run xbmc/platform/xbmc.cpp:61:26
#24 0x5ce4af14af0f in main xbmc/platform/posix/main.cpp:70:16
#25 0x76d804243ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
previously allocated by thread T0 here:
#0 0x5ce4af147e12 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44ee12) (BuildId: 923aa634157be6adc50052366abd3ca0edfeffc0)
#1 0x76d806711497 in TiXmlElement::Clone() const (/usr/lib/libtinyxml.so.0+0xb497) (BuildId: 2f5d236264d4d695dbe432f41e1eb46c7bc2d5d4)
SUMMARY: AddressSanitizer: heap-use-after-free /usr/include/tinyxml.h:915:50 in TiXmlAttributeSet::First()
Shadow bytes around the buggy address:
0x511003b68f80: 00 00 00 fa fa fa fa fa fa fa fa fa fa fa fa fa
0x511003b69000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x511003b69080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x511003b69100: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x511003b69180: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x511003b69200: fd fd[fd]fa fa fa fa fa fa fa fa fa fa fa fa fa
0x511003b69280: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x511003b69300: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x511003b69380: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x511003b69400: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x511003b69480: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==51989==ABORTING
(cherry picked from commit 52988c9)
popcornmix
pushed a commit
that referenced
this pull request
Apr 30, 2024
See comment in code for information.
==30885==ERROR: AddressSanitizer: heap-use-after-free on address 0x51800050bbe8 at pc 0x56aa085d20db bp 0x7ffd92777f50 sp 0x7ffd92777f48
READ of size 1 at 0x51800050bbe8 thread T0
#0 0x56aa085d20da in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:86:9
#1 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40
#2 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27
#3 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28
#4 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29
#5 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27
#6 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20
#7 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11
#8 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54
#9 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29
#10 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10
#11 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5
#12 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7
#13 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43
#14 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17
#15 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7
#16 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26
#17 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16
#18 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#19 0x7517fb043d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#20 0x56aa04d91c54 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa317c54) (BuildId: 7f84180dd757174de6de03b115843129667234d3)
0x51800050bbe8 is located 872 bytes inside of 880-byte region [0x51800050b880,0x51800050bbf0)
freed by thread T0 here:
#0 0x56aa04ec996a in operator delete(void*) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44f96a) (BuildId: 7f84180dd757174de6de03b115843129667234d3)
#1 0x56aa08ae24d1 in CGUIStaticItem::~CGUIStaticItem() xbmc/guilib/GUIStaticItem.h:55:38
#2 0x56aa05922763 in std::_Sp_counted_ptr<CGUIStaticItem*, (__gnu_cxx::_Lock_policy)2>::_M_dispose() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:428:9
#3 0x56aa04ecd0bc in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:346:8
#4 0x56aa04eccca9 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1071:11
#5 0x56aa050d1c6c in std::__shared_ptr<CGUIListItem, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1524:31
#6 0x56aa050c6ee8 in std::shared_ptr<CGUIListItem>::~shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr.h:175:11
#7 0x56aa08465110 in void std::_Destroy<std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:151:19
#8 0x56aa0846505e in void std::_Destroy_aux<false>::__destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:163:6
#9 0x56aa08465024 in void std::_Destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:195:7
#10 0x56aa084a624b in void std::_Destroy<std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*, std::allocator<std::shared_ptr<CGUIListItem>>&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/alloc_traits.h:947:7
#11 0x56aa084a624b in std::vector<std::shared_ptr<CGUIListItem>, std::allocator<std::shared_ptr<CGUIListItem>>>::~vector() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_vector.h:732:2
#12 0x56aa086169e5 in CGUIBaseContainer::~CGUIBaseContainer() xbmc/guilib/GUIBaseContainer.cpp:117:1
#13 0x56aa08c4a148 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59
#14 0x56aa08c4a198 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59
#15 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5
#16 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3
#17 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1
#18 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5
#19 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3
#20 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1
#21 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5
#22 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3
#23 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1
#24 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5
#25 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3
#26 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1
#27 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5
#28 0x56aa08b9f39d in CGUIWindow::ClearAll() xbmc/guilib/GUIWindow.cpp:816:21
xbmc#29 0x56aa08b9ed97 in CGUIWindow::FreeResources(bool) xbmc/guilib/GUIWindow.cpp:799:53
xbmc#30 0x56aa08bf8e34 in CGUIWindowManager::DeInitialize() xbmc/guilib/GUIWindowManager.cpp:1452:14
xbmc#31 0x56aa09264d22 in CApplicationSkinHandling::UnloadSkin() xbmc/application/ApplicationSkinHandling.cpp:235:29
xbmc#32 0x56aa0925e0fd in CApplicationSkinHandling::LoadSkin(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/application/ApplicationSkinHandling.cpp:111:3
xbmc#33 0x56aa0926a8e6 in CApplicationSkinHandling::ReloadSkin(bool) xbmc/application/ApplicationSkinHandling.cpp:390:7
xbmc#34 0x56aa0c635399 in ReloadSkin(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/SkinBuiltins.cpp:46:12
xbmc#35 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14
xbmc#36 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32
xbmc#37 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14
xbmc#38 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp
xbmc#39 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23
xbmc#40 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52
xbmc#41 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40
xbmc#42 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27
xbmc#43 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28
xbmc#44 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29
xbmc#45 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27
xbmc#46 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20
xbmc#47 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11
xbmc#48 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54
xbmc#49 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29
xbmc#50 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10
xbmc#51 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5
xbmc#52 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7
xbmc#53 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43
xbmc#54 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17
xbmc#55 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7
xbmc#56 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26
xbmc#57 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16
xbmc#58 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
previously allocated by thread T0 here:
#0 0x56aa04ec8ed2 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44eed2) (BuildId: 7f84180dd757174de6de03b115843129667234d3)
#1 0x56aa084b3183 in CStaticListProvider::CStaticListProvider(TiXmlElement const*, int) xbmc/guilib/listproviders/StaticProvider.cpp:28:33
#2 0x56aa0849c590 in std::__detail::_MakeUniq<CStaticListProvider>::__single_object std::make_unique<CStaticListProvider, TiXmlElement const*, int&>(TiXmlElement const*&&, int&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/unique_ptr.h:1070:34
#3 0x56aa0849bac7 in IListProvider::CreateSingle(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:34:12
#4 0x56aa0849b582 in IListProvider::Create(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:25:12
#5 0x56aa0864bbe8 in CGUIBaseContainer::LoadListProvider(TiXmlElement*, int, bool) xbmc/guilib/GUIBaseContainer.cpp:1282:20
#6 0x56aa0871b1c3 in CGUIControlFactory::Create(int, CRectGen<float> const&, TiXmlElement*, bool) xbmc/guilib/GUIControlFactory.cpp:1543:17
#7 0x56aa08b884c4 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:281:38
#8 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9
#9 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9
#10 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9
#11 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9
#12 0x56aa08b87cf6 in CGUIWindow::Load(TiXmlElement*) xbmc/guilib/GUIWindow.cpp:264:11
#13 0x56aa08b80657 in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:10
#14 0x56aa08b7e6c0 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14
#15 0x56aa08b9dc45 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7
#16 0x56aa08b95df7 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52
#17 0x56aa08be2521 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15
#18 0x56aa08bddfbc in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5
#19 0x56aa0c5b75f3 in int (anonymous namespace)::ActivateWindow<false>(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/GUIBuiltins.cpp:109:52
#20 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14
#21 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32
#22 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14
#23 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp
#24 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23
#25 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52
#26 0x56aa0867f896 in CGUIButtonControl::OnClick() xbmc/guilib/GUIButtonControl.cpp:393:16
#27 0x56aa08677e86 in CGUIButtonControl::OnAction(CAction const&) xbmc/guilib/GUIButtonControl.cpp:212:5
#28 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27
xbmc#29 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20
xbmc#30 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11
xbmc#31 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54
xbmc#32 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29
xbmc#33 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10
xbmc#34 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5
xbmc#35 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7
xbmc#36 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43
xbmc#37 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17
xbmc#38 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7
xbmc#39 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26
xbmc#40 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16
xbmc#41 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
SUMMARY: AddressSanitizer: heap-use-after-free xbmc/guilib/GUIAction.cpp:86:9 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const
Shadow bytes around the buggy address:
0x51800050b900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x51800050b980: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x51800050ba00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x51800050ba80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x51800050bb00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x51800050bb80: fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fa fa
0x51800050bc00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x51800050bc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x51800050bd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x51800050bd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x51800050be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==30885==ABORTING
(cherry picked from commit 9e4cfd2)
popcornmix
pushed a commit
that referenced
this pull request
Apr 30, 2024
When using a skin that doesn't provide a CGUIEditControl, GUIDialogSettingsBase
creates its own. When switching to a skin that does provide one, it loads it
from the skin, overwrites the pointer to its own edit control (memory leak!)
but still thinks it owns the control because m_newOriginalEdit is true. In
DeleteControls() it then deletes the edit control that it doesn't own.
Cleaning up and resetting the flag in FreeControls() solves the problem.
ASAN error:
==29999==ERROR: AddressSanitizer: heap-use-after-free on address 0x51d0015bd080 at pc 0x5dcd1a23e410 bp 0x7ffe96645b50 sp 0x7ffe96645b48
READ of size 8 at 0x51d0015bd080 thread T0
#0 0x5dcd1a23e40f in CGUIDialogSettingsBase::DeleteControls() xbmc/settings/dialogs/GUIDialogSettingsBase.cpp:476:5
#1 0x5dcd1a22b1c0 in CGUIDialogSettingsBase::~CGUIDialogSettingsBase() xbmc/settings/dialogs/GUIDialogSettingsBase.cpp:77:3
#2 0x5dcd1a27e8a8 in CGUIDialogSettingsManagerBase::~CGUIDialogSettingsManagerBase() xbmc/settings/dialogs/GUIDialogSettingsManagerBase.cpp:19:63
#3 0x5dcd19fee328 in CGUIWindowSettingsCategory::~CGUIWindowSettingsCategory() xbmc/settings/windows/GUIWindowSettingsCategory.cpp:66:57
#4 0x5dcd19fee438 in CGUIWindowSettingsCategory::~CGUIWindowSettingsCategory() xbmc/settings/windows/GUIWindowSettingsCategory.cpp:66:57
#5 0x5dcd1899e2ea in CGUIWindowManager::DestroyWindow(int) xbmc/guilib/GUIWindowManager.cpp:489:5
#6 0x5dcd1899d5bd in CGUIWindowManager::DestroyWindows() xbmc/guilib/GUIWindowManager.cpp:459:5
#7 0x5dcd18f2e94e in CApplication::Cleanup() xbmc/application/Application.cpp:1917:34
#8 0x5dcd18f2d405 in CApplication::Run() xbmc/application/Application.cpp:1876:3
#9 0x5dcd1806a143 in XBMC_Run xbmc/platform/xbmc.cpp:61:26
#10 0x5dcd14c97b2f in main xbmc/platform/posix/main.cpp:70:16
#11 0x7fb259c43ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#12 0x7fb259c43d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#13 0x5dcd14b5d7b4 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa3197b4) (BuildId: e4bf2336bbd9ba3ae66ffab4d8a0bca77c50c089)
0x51d0015bd080 is located 0 bytes inside of 2096-byte region [0x51d0015bd080,0x51d0015bd8b0)
freed by thread T0 here:
#0 0x5dcd14c954ca in operator delete(void*) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa4514ca) (BuildId: e4bf2336bbd9ba3ae66ffab4d8a0bca77c50c089)
#1 0x5dcd18582f01 in CGUIEditControl::~CGUIEditControl() xbmc/guilib/GUIEditControl.cpp:106:39
#2 0x5dcd18526695 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5
#3 0x5dcd1896d04d in CGUIWindow::ClearAll() xbmc/guilib/GUIWindow.cpp:816:21
#4 0x5dcd1896ca47 in CGUIWindow::FreeResources(bool) xbmc/guilib/GUIWindow.cpp:799:53
#5 0x5dcd189c6ae4 in CGUIWindowManager::DeInitialize() xbmc/guilib/GUIWindowManager.cpp:1452:14
#6 0x5dcd190329d2 in CApplicationSkinHandling::UnloadSkin() xbmc/application/ApplicationSkinHandling.cpp:235:29
#7 0x5dcd18f2dd81 in CApplication::Cleanup() xbmc/application/Application.cpp:1895:47
#8 0x5dcd18f2d405 in CApplication::Run() xbmc/application/Application.cpp:1876:3
#9 0x5dcd1806a143 in XBMC_Run xbmc/platform/xbmc.cpp:61:26
#10 0x5dcd14c97b2f in main xbmc/platform/posix/main.cpp:70:16
#11 0x7fb259c43ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
previously allocated by thread T0 here:
#0 0x5dcd14c94a32 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa450a32) (BuildId: e4bf2336bbd9ba3ae66ffab4d8a0bca77c50c089)
#1 0x5dcd184dd051 in CGUIControlFactory::Create(int, CRectGen<float> const&, TiXmlElement*, bool) xbmc/guilib/GUIControlFactory.cpp:1298:17
#2 0x5dcd18956174 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:281:38
#3 0x5dcd189559a6 in CGUIWindow::Load(TiXmlElement*) xbmc/guilib/GUIWindow.cpp:264:11
#4 0x5dcd18578d5a in CGUIDialog::Load(TiXmlElement*) xbmc/guilib/GUIDialog.cpp:39:22
#5 0x5dcd1894e307 in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:10
#6 0x5dcd1894c370 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14
#7 0x5dcd1896b8f5 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7
#8 0x5dcd18963aa7 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52
#9 0x5dcd1857a996 in CGUIDialog::OnMessage(CGUIMessage&) xbmc/guilib/GUIDialog.cpp:93:19
#10 0x5dcd1a2332c2 in CGUIDialogSettingsBase::OnMessage(CGUIMessage&) xbmc/settings/dialogs/GUIDialogSettingsBase.cpp:264:22
#11 0x5dcd19feeab3 in CGUIWindowSettingsCategory::OnMessage(CGUIMessage&) xbmc/settings/windows/GUIWindowSettingsCategory.cpp:75:38
#12 0x5dcd189b01d1 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15
#13 0x5dcd189abc6c in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5
#14 0x5dcd189a9ac5 in CGUIWindowManager::ActivateWindow(int, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindowManager.cpp:779:3
#15 0x5dcd19030b15 in CApplicationSkinHandling::LoadSkin(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/application/ApplicationSkinHandling.cpp:186:50
#16 0x5dcd19038596 in CApplicationSkinHandling::ReloadSkin(bool) xbmc/application/ApplicationSkinHandling.cpp:390:7
#17 0x5dcd1c404429 in ReloadSkin(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/SkinBuiltins.cpp:46:12
#18 0x5dcd1c372a75 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14
#19 0x5dcd18f1bf6a in CApplication::OnApplicationMessage(KODI::MESSAGING::ThreadMessage*) xbmc/application/Application.cpp:1577:30
#20 0x5dcd18f27390 in non-virtual thunk to CApplication::OnApplicationMessage(KODI::MESSAGING::ThreadMessage*) xbmc/application/Application.cpp
#21 0x5dcd181b400d in KODI::MESSAGING::CApplicationMessenger::ProcessMessage(KODI::MESSAGING::ThreadMessage*) xbmc/messaging/ApplicationMessenger.cpp:244:17
#22 0x5dcd181b6325 in KODI::MESSAGING::CApplicationMessenger::ProcessMessages() xbmc/messaging/ApplicationMessenger.cpp:217:5
#23 0x5dcd18f5501a in CApplication::Process() xbmc/application/Application.cpp:3156:38
#24 0x5dcd18f2cac8 in CApplication::Run() xbmc/application/Application.cpp:1855:5
#25 0x5dcd1806a143 in XBMC_Run xbmc/platform/xbmc.cpp:61:26
#26 0x5dcd14c97b2f in main xbmc/platform/posix/main.cpp:70:16
#27 0x7fb259c43ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
SUMMARY: AddressSanitizer: heap-use-after-free xbmc/settings/dialogs/GUIDialogSettingsBase.cpp:476:5 in CGUIDialogSettingsBase::DeleteControls()
Shadow bytes around the buggy address:
0x51d0015bce00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x51d0015bce80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x51d0015bcf00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x51d0015bcf80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x51d0015bd000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x51d0015bd080:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x51d0015bd100: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x51d0015bd180: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x51d0015bd200: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x51d0015bd280: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x51d0015bd300: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==29999==ABORTING
(cherry picked from commit 3be3878)
popcornmix
pushed a commit
that referenced
this pull request
Jul 31, 2024
Only remove the child if the node is actually a child.
==51989==ERROR: AddressSanitizer: heap-use-after-free on address 0x511003b69210 at pc 0x5ce4b249275e bp 0x7fff43e1d430 sp 0x7fff43e1d428
READ of size 8 at 0x511003b69210 thread T0
#0 0x5ce4b249275d in TiXmlAttributeSet::First() /usr/include/tinyxml.h:915:50
#1 0x5ce4b2492098 in TiXmlElement::FirstAttribute() /usr/include/tinyxml.h:1087:61
#2 0x5ce4b2bb091e in CGUIIncludes::ResolveParametersForNode(TiXmlElement*, std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>>> const&) xbmc/guilib/GUIIncludes.cpp:586:37
#3 0x5ce4b2bae9bb in CGUIIncludes::ResolveIncludes(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:485:9
#4 0x5ce4b2ba8eaf in CGUIIncludes::Resolve(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:312:3
#5 0x5ce4b2ba8fce in CGUIIncludes::Resolve(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:318:5
#6 0x5ce4b3e808d3 in ADDON::CSkinInfo::ResolveIncludes(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/addons/Skin.cpp:307:14
#7 0x5ce4b2e00084 in CGUIWindow::Prepare(std::unique_ptr<TiXmlElement, std::default_delete<TiXmlElement>> const&) xbmc/guilib/GUIWindow.cpp:168:15
#8 0x5ce4b2dff45e in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:15
#9 0x5ce4b2dfd540 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14
#10 0x5ce4b2e1cac5 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7
#11 0x5ce4b2e14c77 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52
#12 0x5ce4b19ce9d2 in CGUIWindowHome::OnMessage(CGUIMessage&) xbmc/windows/GUIWindowHome.cpp:182:22
#13 0x5ce4b2e613a1 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15
#14 0x5ce4b2e5ce3c in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5
#15 0x5ce4b683ad63 in int (anonymous namespace)::ActivateWindow<true>(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/GUIBuiltins.cpp:109:52
#16 0x5ce4b6822865 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14
#17 0x5ce4b34047ff in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32
#18 0x5ce4b3400a16 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14
#19 0x5ce4b34058a0 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp
#20 0x5ce4b2e52261 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23
#21 0x5ce4b2e7cc7f in CGUIWindowManager::DispatchThreadMessages() xbmc/guilib/GUIWindowManager.cpp:1572:7
#22 0x5ce4b3405bfa in CApplication::Process() xbmc/application/Application.cpp:3139:48
#23 0x5ce4b33ddc98 in CApplication::Run() xbmc/application/Application.cpp:1855:5
#24 0x5ce4b251b323 in XBMC_Run xbmc/platform/xbmc.cpp:61:26
#25 0x5ce4af14af0f in main xbmc/platform/posix/main.cpp:70:16
#26 0x76d804243ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#27 0x76d804243d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#28 0x5ce4af010b94 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa317b94) (BuildId: 923aa634157be6adc50052366abd3ca0edfeffc0)
0x511003b69210 is located 208 bytes inside of 216-byte region [0x511003b69140,0x511003b69218)
freed by thread T0 here:
#0 0x5ce4af148d72 in operator delete(void*, unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44fd72) (BuildId: 923aa634157be6adc50052366abd3ca0edfeffc0)
#1 0x76d80670ea48 in TiXmlNode::RemoveChild(TiXmlNode*) (/usr/lib/libtinyxml.so.0+0x8a48) (BuildId: 2f5d236264d4d695dbe432f41e1eb46c7bc2d5d4)
#2 0x5ce4b2bae9a3 in CGUIIncludes::ResolveIncludes(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:482:9
#3 0x5ce4b2ba8eaf in CGUIIncludes::Resolve(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:312:3
#4 0x5ce4b2ba8fce in CGUIIncludes::Resolve(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:318:5
#5 0x5ce4b3e808d3 in ADDON::CSkinInfo::ResolveIncludes(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/addons/Skin.cpp:307:14
#6 0x5ce4b2e00084 in CGUIWindow::Prepare(std::unique_ptr<TiXmlElement, std::default_delete<TiXmlElement>> const&) xbmc/guilib/GUIWindow.cpp:168:15
#7 0x5ce4b2dff45e in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:15
#8 0x5ce4b2dfd540 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14
#9 0x5ce4b2e1cac5 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7
#10 0x5ce4b2e14c77 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52
#11 0x5ce4b19ce9d2 in CGUIWindowHome::OnMessage(CGUIMessage&) xbmc/windows/GUIWindowHome.cpp:182:22
#12 0x5ce4b2e613a1 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15
#13 0x5ce4b2e5ce3c in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5
#14 0x5ce4b683ad63 in int (anonymous namespace)::ActivateWindow<true>(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/GUIBuiltins.cpp:109:52
#15 0x5ce4b6822865 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14
#16 0x5ce4b34047ff in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32
#17 0x5ce4b3400a16 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14
#18 0x5ce4b34058a0 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp
#19 0x5ce4b2e52261 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23
#20 0x5ce4b2e7cc7f in CGUIWindowManager::DispatchThreadMessages() xbmc/guilib/GUIWindowManager.cpp:1572:7
#21 0x5ce4b3405bfa in CApplication::Process() xbmc/application/Application.cpp:3139:48
#22 0x5ce4b33ddc98 in CApplication::Run() xbmc/application/Application.cpp:1855:5
#23 0x5ce4b251b323 in XBMC_Run xbmc/platform/xbmc.cpp:61:26
#24 0x5ce4af14af0f in main xbmc/platform/posix/main.cpp:70:16
#25 0x76d804243ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
previously allocated by thread T0 here:
#0 0x5ce4af147e12 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44ee12) (BuildId: 923aa634157be6adc50052366abd3ca0edfeffc0)
#1 0x76d806711497 in TiXmlElement::Clone() const (/usr/lib/libtinyxml.so.0+0xb497) (BuildId: 2f5d236264d4d695dbe432f41e1eb46c7bc2d5d4)
SUMMARY: AddressSanitizer: heap-use-after-free /usr/include/tinyxml.h:915:50 in TiXmlAttributeSet::First()
Shadow bytes around the buggy address:
0x511003b68f80: 00 00 00 fa fa fa fa fa fa fa fa fa fa fa fa fa
0x511003b69000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x511003b69080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x511003b69100: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x511003b69180: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x511003b69200: fd fd[fd]fa fa fa fa fa fa fa fa fa fa fa fa fa
0x511003b69280: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x511003b69300: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x511003b69380: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x511003b69400: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x511003b69480: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==51989==ABORTING
popcornmix
pushed a commit
that referenced
this pull request
Jul 31, 2024
See comment in code for information.
==30885==ERROR: AddressSanitizer: heap-use-after-free on address 0x51800050bbe8 at pc 0x56aa085d20db bp 0x7ffd92777f50 sp 0x7ffd92777f48
READ of size 1 at 0x51800050bbe8 thread T0
#0 0x56aa085d20da in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:86:9
#1 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40
#2 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27
#3 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28
#4 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29
#5 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27
#6 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20
#7 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11
#8 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54
#9 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29
#10 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10
#11 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5
#12 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7
#13 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43
#14 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17
#15 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7
#16 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26
#17 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16
#18 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#19 0x7517fb043d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#20 0x56aa04d91c54 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa317c54) (BuildId: 7f84180dd757174de6de03b115843129667234d3)
0x51800050bbe8 is located 872 bytes inside of 880-byte region [0x51800050b880,0x51800050bbf0)
freed by thread T0 here:
#0 0x56aa04ec996a in operator delete(void*) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44f96a) (BuildId: 7f84180dd757174de6de03b115843129667234d3)
#1 0x56aa08ae24d1 in CGUIStaticItem::~CGUIStaticItem() xbmc/guilib/GUIStaticItem.h:55:38
#2 0x56aa05922763 in std::_Sp_counted_ptr<CGUIStaticItem*, (__gnu_cxx::_Lock_policy)2>::_M_dispose() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:428:9
#3 0x56aa04ecd0bc in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:346:8
#4 0x56aa04eccca9 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1071:11
#5 0x56aa050d1c6c in std::__shared_ptr<CGUIListItem, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1524:31
#6 0x56aa050c6ee8 in std::shared_ptr<CGUIListItem>::~shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr.h:175:11
#7 0x56aa08465110 in void std::_Destroy<std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:151:19
#8 0x56aa0846505e in void std::_Destroy_aux<false>::__destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:163:6
#9 0x56aa08465024 in void std::_Destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:195:7
#10 0x56aa084a624b in void std::_Destroy<std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*, std::allocator<std::shared_ptr<CGUIListItem>>&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/alloc_traits.h:947:7
#11 0x56aa084a624b in std::vector<std::shared_ptr<CGUIListItem>, std::allocator<std::shared_ptr<CGUIListItem>>>::~vector() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_vector.h:732:2
#12 0x56aa086169e5 in CGUIBaseContainer::~CGUIBaseContainer() xbmc/guilib/GUIBaseContainer.cpp:117:1
#13 0x56aa08c4a148 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59
#14 0x56aa08c4a198 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59
#15 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5
#16 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3
#17 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1
#18 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5
#19 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3
#20 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1
#21 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5
#22 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3
#23 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1
#24 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5
#25 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3
#26 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1
#27 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5
#28 0x56aa08b9f39d in CGUIWindow::ClearAll() xbmc/guilib/GUIWindow.cpp:816:21
xbmc#29 0x56aa08b9ed97 in CGUIWindow::FreeResources(bool) xbmc/guilib/GUIWindow.cpp:799:53
xbmc#30 0x56aa08bf8e34 in CGUIWindowManager::DeInitialize() xbmc/guilib/GUIWindowManager.cpp:1452:14
xbmc#31 0x56aa09264d22 in CApplicationSkinHandling::UnloadSkin() xbmc/application/ApplicationSkinHandling.cpp:235:29
xbmc#32 0x56aa0925e0fd in CApplicationSkinHandling::LoadSkin(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/application/ApplicationSkinHandling.cpp:111:3
xbmc#33 0x56aa0926a8e6 in CApplicationSkinHandling::ReloadSkin(bool) xbmc/application/ApplicationSkinHandling.cpp:390:7
xbmc#34 0x56aa0c635399 in ReloadSkin(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/SkinBuiltins.cpp:46:12
xbmc#35 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14
xbmc#36 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32
xbmc#37 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14
xbmc#38 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp
xbmc#39 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23
xbmc#40 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52
xbmc#41 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40
xbmc#42 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27
xbmc#43 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28
xbmc#44 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29
xbmc#45 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27
xbmc#46 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20
xbmc#47 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11
xbmc#48 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54
xbmc#49 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29
xbmc#50 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10
xbmc#51 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5
xbmc#52 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7
xbmc#53 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43
xbmc#54 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17
xbmc#55 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7
xbmc#56 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26
xbmc#57 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16
xbmc#58 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
previously allocated by thread T0 here:
#0 0x56aa04ec8ed2 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44eed2) (BuildId: 7f84180dd757174de6de03b115843129667234d3)
#1 0x56aa084b3183 in CStaticListProvider::CStaticListProvider(TiXmlElement const*, int) xbmc/guilib/listproviders/StaticProvider.cpp:28:33
#2 0x56aa0849c590 in std::__detail::_MakeUniq<CStaticListProvider>::__single_object std::make_unique<CStaticListProvider, TiXmlElement const*, int&>(TiXmlElement const*&&, int&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/unique_ptr.h:1070:34
#3 0x56aa0849bac7 in IListProvider::CreateSingle(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:34:12
#4 0x56aa0849b582 in IListProvider::Create(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:25:12
#5 0x56aa0864bbe8 in CGUIBaseContainer::LoadListProvider(TiXmlElement*, int, bool) xbmc/guilib/GUIBaseContainer.cpp:1282:20
#6 0x56aa0871b1c3 in CGUIControlFactory::Create(int, CRectGen<float> const&, TiXmlElement*, bool) xbmc/guilib/GUIControlFactory.cpp:1543:17
#7 0x56aa08b884c4 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:281:38
#8 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9
#9 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9
#10 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9
#11 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9
#12 0x56aa08b87cf6 in CGUIWindow::Load(TiXmlElement*) xbmc/guilib/GUIWindow.cpp:264:11
#13 0x56aa08b80657 in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:10
#14 0x56aa08b7e6c0 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14
#15 0x56aa08b9dc45 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7
#16 0x56aa08b95df7 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52
#17 0x56aa08be2521 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15
#18 0x56aa08bddfbc in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5
#19 0x56aa0c5b75f3 in int (anonymous namespace)::ActivateWindow<false>(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/GUIBuiltins.cpp:109:52
#20 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14
#21 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32
#22 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14
#23 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp
#24 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23
#25 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52
#26 0x56aa0867f896 in CGUIButtonControl::OnClick() xbmc/guilib/GUIButtonControl.cpp:393:16
#27 0x56aa08677e86 in CGUIButtonControl::OnAction(CAction const&) xbmc/guilib/GUIButtonControl.cpp:212:5
#28 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27
xbmc#29 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20
xbmc#30 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11
xbmc#31 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54
xbmc#32 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29
xbmc#33 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10
xbmc#34 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5
xbmc#35 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7
xbmc#36 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43
xbmc#37 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17
xbmc#38 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7
xbmc#39 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26
xbmc#40 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16
xbmc#41 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
SUMMARY: AddressSanitizer: heap-use-after-free xbmc/guilib/GUIAction.cpp:86:9 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const
Shadow bytes around the buggy address:
0x51800050b900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x51800050b980: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x51800050ba00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x51800050ba80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x51800050bb00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x51800050bb80: fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fa fa
0x51800050bc00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x51800050bc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x51800050bd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x51800050bd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x51800050be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==30885==ABORTING
popcornmix
pushed a commit
that referenced
this pull request
Jul 31, 2024
When using a skin that doesn't provide a CGUIEditControl, GUIDialogSettingsBase
creates its own. When switching to a skin that does provide one, it loads it
from the skin, overwrites the pointer to its own edit control (memory leak!)
but still thinks it owns the control because m_newOriginalEdit is true. In
DeleteControls() it then deletes the edit control that it doesn't own.
Cleaning up and resetting the flag in FreeControls() solves the problem.
ASAN error:
==29999==ERROR: AddressSanitizer: heap-use-after-free on address 0x51d0015bd080 at pc 0x5dcd1a23e410 bp 0x7ffe96645b50 sp 0x7ffe96645b48
READ of size 8 at 0x51d0015bd080 thread T0
#0 0x5dcd1a23e40f in CGUIDialogSettingsBase::DeleteControls() xbmc/settings/dialogs/GUIDialogSettingsBase.cpp:476:5
#1 0x5dcd1a22b1c0 in CGUIDialogSettingsBase::~CGUIDialogSettingsBase() xbmc/settings/dialogs/GUIDialogSettingsBase.cpp:77:3
#2 0x5dcd1a27e8a8 in CGUIDialogSettingsManagerBase::~CGUIDialogSettingsManagerBase() xbmc/settings/dialogs/GUIDialogSettingsManagerBase.cpp:19:63
#3 0x5dcd19fee328 in CGUIWindowSettingsCategory::~CGUIWindowSettingsCategory() xbmc/settings/windows/GUIWindowSettingsCategory.cpp:66:57
#4 0x5dcd19fee438 in CGUIWindowSettingsCategory::~CGUIWindowSettingsCategory() xbmc/settings/windows/GUIWindowSettingsCategory.cpp:66:57
#5 0x5dcd1899e2ea in CGUIWindowManager::DestroyWindow(int) xbmc/guilib/GUIWindowManager.cpp:489:5
#6 0x5dcd1899d5bd in CGUIWindowManager::DestroyWindows() xbmc/guilib/GUIWindowManager.cpp:459:5
#7 0x5dcd18f2e94e in CApplication::Cleanup() xbmc/application/Application.cpp:1917:34
#8 0x5dcd18f2d405 in CApplication::Run() xbmc/application/Application.cpp:1876:3
#9 0x5dcd1806a143 in XBMC_Run xbmc/platform/xbmc.cpp:61:26
#10 0x5dcd14c97b2f in main xbmc/platform/posix/main.cpp:70:16
#11 0x7fb259c43ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#12 0x7fb259c43d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#13 0x5dcd14b5d7b4 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa3197b4) (BuildId: e4bf2336bbd9ba3ae66ffab4d8a0bca77c50c089)
0x51d0015bd080 is located 0 bytes inside of 2096-byte region [0x51d0015bd080,0x51d0015bd8b0)
freed by thread T0 here:
#0 0x5dcd14c954ca in operator delete(void*) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa4514ca) (BuildId: e4bf2336bbd9ba3ae66ffab4d8a0bca77c50c089)
#1 0x5dcd18582f01 in CGUIEditControl::~CGUIEditControl() xbmc/guilib/GUIEditControl.cpp:106:39
#2 0x5dcd18526695 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5
#3 0x5dcd1896d04d in CGUIWindow::ClearAll() xbmc/guilib/GUIWindow.cpp:816:21
#4 0x5dcd1896ca47 in CGUIWindow::FreeResources(bool) xbmc/guilib/GUIWindow.cpp:799:53
#5 0x5dcd189c6ae4 in CGUIWindowManager::DeInitialize() xbmc/guilib/GUIWindowManager.cpp:1452:14
#6 0x5dcd190329d2 in CApplicationSkinHandling::UnloadSkin() xbmc/application/ApplicationSkinHandling.cpp:235:29
#7 0x5dcd18f2dd81 in CApplication::Cleanup() xbmc/application/Application.cpp:1895:47
#8 0x5dcd18f2d405 in CApplication::Run() xbmc/application/Application.cpp:1876:3
#9 0x5dcd1806a143 in XBMC_Run xbmc/platform/xbmc.cpp:61:26
#10 0x5dcd14c97b2f in main xbmc/platform/posix/main.cpp:70:16
#11 0x7fb259c43ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
previously allocated by thread T0 here:
#0 0x5dcd14c94a32 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa450a32) (BuildId: e4bf2336bbd9ba3ae66ffab4d8a0bca77c50c089)
#1 0x5dcd184dd051 in CGUIControlFactory::Create(int, CRectGen<float> const&, TiXmlElement*, bool) xbmc/guilib/GUIControlFactory.cpp:1298:17
#2 0x5dcd18956174 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:281:38
#3 0x5dcd189559a6 in CGUIWindow::Load(TiXmlElement*) xbmc/guilib/GUIWindow.cpp:264:11
#4 0x5dcd18578d5a in CGUIDialog::Load(TiXmlElement*) xbmc/guilib/GUIDialog.cpp:39:22
#5 0x5dcd1894e307 in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:10
#6 0x5dcd1894c370 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14
#7 0x5dcd1896b8f5 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7
#8 0x5dcd18963aa7 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52
#9 0x5dcd1857a996 in CGUIDialog::OnMessage(CGUIMessage&) xbmc/guilib/GUIDialog.cpp:93:19
#10 0x5dcd1a2332c2 in CGUIDialogSettingsBase::OnMessage(CGUIMessage&) xbmc/settings/dialogs/GUIDialogSettingsBase.cpp:264:22
#11 0x5dcd19feeab3 in CGUIWindowSettingsCategory::OnMessage(CGUIMessage&) xbmc/settings/windows/GUIWindowSettingsCategory.cpp:75:38
#12 0x5dcd189b01d1 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15
#13 0x5dcd189abc6c in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5
#14 0x5dcd189a9ac5 in CGUIWindowManager::ActivateWindow(int, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindowManager.cpp:779:3
#15 0x5dcd19030b15 in CApplicationSkinHandling::LoadSkin(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/application/ApplicationSkinHandling.cpp:186:50
#16 0x5dcd19038596 in CApplicationSkinHandling::ReloadSkin(bool) xbmc/application/ApplicationSkinHandling.cpp:390:7
#17 0x5dcd1c404429 in ReloadSkin(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/SkinBuiltins.cpp:46:12
#18 0x5dcd1c372a75 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14
#19 0x5dcd18f1bf6a in CApplication::OnApplicationMessage(KODI::MESSAGING::ThreadMessage*) xbmc/application/Application.cpp:1577:30
#20 0x5dcd18f27390 in non-virtual thunk to CApplication::OnApplicationMessage(KODI::MESSAGING::ThreadMessage*) xbmc/application/Application.cpp
#21 0x5dcd181b400d in KODI::MESSAGING::CApplicationMessenger::ProcessMessage(KODI::MESSAGING::ThreadMessage*) xbmc/messaging/ApplicationMessenger.cpp:244:17
#22 0x5dcd181b6325 in KODI::MESSAGING::CApplicationMessenger::ProcessMessages() xbmc/messaging/ApplicationMessenger.cpp:217:5
#23 0x5dcd18f5501a in CApplication::Process() xbmc/application/Application.cpp:3156:38
#24 0x5dcd18f2cac8 in CApplication::Run() xbmc/application/Application.cpp:1855:5
#25 0x5dcd1806a143 in XBMC_Run xbmc/platform/xbmc.cpp:61:26
#26 0x5dcd14c97b2f in main xbmc/platform/posix/main.cpp:70:16
#27 0x7fb259c43ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
SUMMARY: AddressSanitizer: heap-use-after-free xbmc/settings/dialogs/GUIDialogSettingsBase.cpp:476:5 in CGUIDialogSettingsBase::DeleteControls()
Shadow bytes around the buggy address:
0x51d0015bce00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x51d0015bce80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x51d0015bcf00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x51d0015bcf80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x51d0015bd000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x51d0015bd080:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x51d0015bd100: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x51d0015bd180: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x51d0015bd200: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x51d0015bd280: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x51d0015bd300: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==29999==ABORTING
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See: xbmc#16362
Description
Motivation and Context
How Has This Been Tested?
Screenshots (if appropriate):
Types of change
Checklist: