mqp · December 6, 2017 22:42
diff --git a/gistfile1.txt b/gistfile1.txt
 ==24300==ERROR: AddressSanitizer: heap-use-after-free on address 0x612000859908 at pc 0x5639a5226111 bp 0x7fdea5b5e200 sp 0x7fdea5b5e1f0
 READ of size 8 at 0x612000859908 thread T1937 (icesend 2661940)
    #0 0x5639a5226110 in janus_ice_send_thread /home/mquander/src/janus-gateway/ice.c:3360
    #1 0x7fdf95d21644  (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x72644)
    #2 0x7fdf945347fb in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x77fb)
    #3 0x7fdf94261b0e in clone (/lib/x86_64-linux-gnu/libc.so.6+0x114b0e)

 0x612000859908 is located 200 bytes inside of 280-byte region [0x612000859840,0x612000859958)
 freed by thread T1918 (iceloop 2661940) here:
    #0 0x7fdf9653c7b8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7b8)
    #1 0x5639a51eacaf in janus_ice_stream_free /home/mquander/src/janus-gateway/ice.c:1254
    #2 0x5639a51ea625 in janus_ice_stream_destroy /home/mquander/src/janus-gateway/ice.c:1219
    #3 0x5639a51e9168 in janus_ice_webrtc_free /home/mquander/src/janus-gateway/ice.c:1157
    #4 0x5639a52085c0 in janus_ice_thread /home/mquander/src/janus-gateway/ice.c:2359
    #5 0x7fdf95d21644  (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x72644)

 previously allocated by thread T1876 (pool) here:
    #0 0x7fdf9653cd38 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded38)
    #1 0x7fdf95cff5d0 in g_malloc0 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x505d0)
    #2 0x5639a524d4e4 in janus_process_incoming_request /home/mquander/src/janus-gateway/janus.c:1290
    #3 0x5639a5260f58 in janus_transport_task /home/mquander/src/janus-gateway/janus.c:2581
    #4 0x7fdf95d2200f  (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x7300f)

 Thread T1937 (icesend 2661940) created by T1918 (iceloop 2661940) here:
    #0 0x7fdf96495d2f in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x37d2f)
    #1 0x7fdf95d3f39f  (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x9039f)

 Thread T1918 (iceloop 2661940) created by T1876 (pool) here:
    #0 0x7fdf96495d2f in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x37d2f)
    #1 0x7fdf95d3f39f  (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x9039f)

 Thread T1876 (pool) created by T10 (ws thread) here:
    #0 0x7fdf96495d2f in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x37d2f)
    #1 0x7fdf95d3f39f  (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x9039f)

 Thread T10 (ws thread) created by T0 here:
    #0 0x7fdf96495d2f in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x37d2f)
    #1 0x7fdf95d3f39f  (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x9039f)

 SUMMARY: AddressSanitizer: heap-use-after-free /home/mquander/src/janus-gateway/ice.c:3360 in janus_ice_send_thread
 Shadow bytes around the buggy address:
  0x0c24801032d0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c24801032e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c24801032f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2480103300: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c2480103310: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 =>0x0c2480103320: fd[fd]fd fd fd fd fd fd fd fd fd fa fa fa fa fa
  0x0c2480103330: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c2480103340: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2480103350: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2480103360: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2480103370: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
 ==24300==ABORTING
	==24300==ERROR: AddressSanitizer: heap-use-after-free on address 0x612000859908 at pc 0x5639a5226111 bp 0x7fdea5b5e200 sp 0x7fdea5b5e1f0
	READ of size 8 at 0x612000859908 thread T1937 (icesend 2661940)
	#0 0x5639a5226110 in janus_ice_send_thread /home/mquander/src/janus-gateway/ice.c:3360
	#1 0x7fdf95d21644 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x72644)
	#2 0x7fdf945347fb in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x77fb)
	#3 0x7fdf94261b0e in clone (/lib/x86_64-linux-gnu/libc.so.6+0x114b0e)

	0x612000859908 is located 200 bytes inside of 280-byte region [0x612000859840,0x612000859958)
	freed by thread T1918 (iceloop 2661940) here:
	#0 0x7fdf9653c7b8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7b8)
	#1 0x5639a51eacaf in janus_ice_stream_free /home/mquander/src/janus-gateway/ice.c:1254
	#2 0x5639a51ea625 in janus_ice_stream_destroy /home/mquander/src/janus-gateway/ice.c:1219
	#3 0x5639a51e9168 in janus_ice_webrtc_free /home/mquander/src/janus-gateway/ice.c:1157
	#4 0x5639a52085c0 in janus_ice_thread /home/mquander/src/janus-gateway/ice.c:2359
	#5 0x7fdf95d21644 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x72644)

	previously allocated by thread T1876 (pool) here:
	#0 0x7fdf9653cd38 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded38)
	#1 0x7fdf95cff5d0 in g_malloc0 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x505d0)
	#2 0x5639a524d4e4 in janus_process_incoming_request /home/mquander/src/janus-gateway/janus.c:1290
	#3 0x5639a5260f58 in janus_transport_task /home/mquander/src/janus-gateway/janus.c:2581
	#4 0x7fdf95d2200f (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x7300f)

	Thread T1937 (icesend 2661940) created by T1918 (iceloop 2661940) here:
	#0 0x7fdf96495d2f in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x37d2f)
	#1 0x7fdf95d3f39f (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x9039f)

	Thread T1918 (iceloop 2661940) created by T1876 (pool) here:
	#0 0x7fdf96495d2f in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x37d2f)
	#1 0x7fdf95d3f39f (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x9039f)

	Thread T1876 (pool) created by T10 (ws thread) here:
	#0 0x7fdf96495d2f in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x37d2f)
	#1 0x7fdf95d3f39f (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x9039f)

	Thread T10 (ws thread) created by T0 here:
	#0 0x7fdf96495d2f in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x37d2f)
	#1 0x7fdf95d3f39f (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x9039f)

	SUMMARY: AddressSanitizer: heap-use-after-free /home/mquander/src/janus-gateway/ice.c:3360 in janus_ice_send_thread
	Shadow bytes around the buggy address:
	0x0c24801032d0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
	0x0c24801032e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
	0x0c24801032f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
	0x0c2480103300: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
	0x0c2480103310: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
	=>0x0c2480103320: fd[fd]fd fd fd fd fd fd fd fd fd fa fa fa fa fa
	0x0c2480103330: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
	0x0c2480103340: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
	0x0c2480103350: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
	0x0c2480103360: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
	0x0c2480103370: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
	Shadow byte legend (one shadow byte represents 8 application bytes):
	Addressable: 00
	Partially addressable: 01 02 03 04 05 06 07
	Heap left redzone: fa
	Freed heap region: fd
	Stack left redzone: f1
	Stack mid redzone: f2
	Stack right redzone: f3
	Stack after return: f5
	Stack use after scope: f8
	Global redzone: f9
	Global init order: f6
	Poisoned by user: f7
	Container overflow: fc
	Array cookie: ac
	Intra object redzone: bb
	ASan internal: fe
	Left alloca redzone: ca
	Right alloca redzone: cb
	==24300==ABORTING