<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-Style-Type" content="text/css" />
<meta name="generator" content="pandoc" />
<title></title>
<style type="text/css">code{white-space: pre;}</style>
</head>
<body>
<p>I forgot to include logs of the relevant case, see further down in this email.</p>
<p>On 2017-03-02 17:40, Filip Roséen wrote:</p>
<blockquote style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;color:#500050">
<pre><code> There is a relationshop between the value of txt->i_line_count and
txt->line stating that the value of txt->line is undefined if
txt->i_line_count is zero.
As the above might seem simple enough, it leads to a case double-free
if one does not pay attention and check the value of txt->i_line_count
prior to working with txt->line; as in TextUnload.
These changes make sure that we do not read from txt->line unless we
know that it is safe.
---</code></pre>
</blockquote>
<pre><code>==11375==ERROR: AddressSanitizer: attempting double-free on 0x621000048900 in thread T7:
#0 0x7fd8cb2abae0 in __interceptor_free /build/gcc-multilib/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:45
#1 0x7fd8a687e294 in TextUnload /home/refp/work/videolan/vlc/git/modules/demux/subtitle.c:848
#2 0x7fd8a6886a18 in Open /home/refp/work/videolan/vlc/git/modules/demux/subtitle.c:563
#3 0x7fd8cab8b7cc in generic_start /home/refp/work/videolan/vlc/git/src/modules/modules.c:349
#4 0x7fd8cab8b99d in module_load /home/refp/work/videolan/vlc/git/src/modules/modules.c:183
#5 0x7fd8cab8c535 in vlc_module_load /home/refp/work/videolan/vlc/git/src/modules/modules.c:275
#6 0x7fd8cab8cd15 in module_need /home/refp/work/videolan/vlc/git/src/modules/modules.c:364
#7 0x7fd8cabd5295 in demux_NewAdvanced /home/refp/work/videolan/vlc/git/src/input/demux.c:260
#8 0x7fd8cabfe842 in InputDemuxNew /home/refp/work/videolan/vlc/git/src/input/input.c:2365
#9 0x7fd8cabfe842 in InputSourceNew /home/refp/work/videolan/vlc/git/src/input/input.c:2475
#10 0x7fd8cabfe9b8 in input_SlaveSourceAdd /home/refp/work/videolan/vlc/git/src/input/input.c:3112
#11 0x7fd8cac05a0b in LoadSlaves /home/refp/work/videolan/vlc/git/src/input/input.c:1138
#12 0x7fd8cac05a0b in Init /home/refp/work/videolan/vlc/git/src/input/input.c:1330
#13 0x7fd8cac07870 in Run /home/refp/work/videolan/vlc/git/src/input/input.c:486
#14 0x7fd8c9d42453 in start_thread (/usr/lib/libpthread.so.0+0x7453)
#15 0x7fd8c9a857de in __GI___clone (/usr/lib/libc.so.6+0xe87de)
0x621000048900 is located 0 bytes inside of 4000-byte region [0x621000048900,0x6210000498a0)
freed by thread T7 here:
#0 0x7fd8cb2abae0 in __interceptor_free /build/gcc-multilib/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:45
#1 0x7fd8a68868f4 in TextLoad /home/refp/work/videolan/vlc/git/modules/demux/subtitle.c:836
#2 0x7fd8a68868f4 in Open /home/refp/work/videolan/vlc/git/modules/demux/subtitle.c:537
#3 0x7fd8cab8b7cc in generic_start /home/refp/work/videolan/vlc/git/src/modules/modules.c:349
#4 0x7fd8cab8b99d in module_load /home/refp/work/videolan/vlc/git/src/modules/modules.c:183
#5 0x7fd8cab8c535 in vlc_module_load /home/refp/work/videolan/vlc/git/src/modules/modules.c:275
#6 0x7fd8cab8cd15 in module_need /home/refp/work/videolan/vlc/git/src/modules/modules.c:364
#7 0x7fd8cabd5295 in demux_NewAdvanced /home/refp/work/videolan/vlc/git/src/input/demux.c:260
#8 0x7fd8cabfe842 in InputDemuxNew /home/refp/work/videolan/vlc/git/src/input/input.c:2365
#9 0x7fd8cabfe842 in InputSourceNew /home/refp/work/videolan/vlc/git/src/input/input.c:2475
#10 0x7fd8cabfe9b8 in input_SlaveSourceAdd /home/refp/work/videolan/vlc/git/src/input/input.c:3112
#11 0x7fd8cac05a0b in LoadSlaves /home/refp/work/videolan/vlc/git/src/input/input.c:1138
#12 0x7fd8cac05a0b in Init /home/refp/work/videolan/vlc/git/src/input/input.c:1330
#13 0x7fd8cac07870 in Run /home/refp/work/videolan/vlc/git/src/input/input.c:486
#14 0x7fd8c9d42453 in start_thread (/usr/lib/libpthread.so.0+0x7453)
#15 0x7fd8c9a857de in __GI___clone (/usr/lib/libc.so.6+0xe87de)
previously allocated by thread T7 here:
#0 0x7fd8cb2ac000 in __interceptor_calloc /build/gcc-multilib/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:70
#1 0x7fd8a6886757 in TextLoad /home/refp/work/videolan/vlc/git/modules/demux/subtitle.c:810
#2 0x7fd8a6886757 in Open /home/refp/work/videolan/vlc/git/modules/demux/subtitle.c:537
#3 0x7fd8cab8b7cc in generic_start /home/refp/work/videolan/vlc/git/src/modules/modules.c:349
#4 0x7fd8cab8b99d in module_load /home/refp/work/videolan/vlc/git/src/modules/modules.c:183
#5 0x7fd8cab8c535 in vlc_module_load /home/refp/work/videolan/vlc/git/src/modules/modules.c:275
#6 0x7fd8cab8cd15 in module_need /home/refp/work/videolan/vlc/git/src/modules/modules.c:364
#7 0x7fd8cabd5295 in demux_NewAdvanced /home/refp/work/videolan/vlc/git/src/input/demux.c:260
#8 0x7fd8cabfe842 in InputDemuxNew /home/refp/work/videolan/vlc/git/src/input/input.c:2365
#9 0x7fd8cabfe842 in InputSourceNew /home/refp/work/videolan/vlc/git/src/input/input.c:2475
#10 0x7fd8cabfe9b8 in input_SlaveSourceAdd /home/refp/work/videolan/vlc/git/src/input/input.c:3112
#11 0x7fd8cac05a0b in LoadSlaves /home/refp/work/videolan/vlc/git/src/input/input.c:1138
#12 0x7fd8cac05a0b in Init /home/refp/work/videolan/vlc/git/src/input/input.c:1330
#13 0x7fd8cac07870 in Run /home/refp/work/videolan/vlc/git/src/input/input.c:486
#14 0x7fd8c9d42453 in start_thread (/usr/lib/libpthread.so.0+0x7453)
#15 0x7fd8c9a857de in __GI___clone (/usr/lib/libc.so.6+0xe87de)
Thread T7 created by T2 here:
#0 0x7fd8cb216468 in __interceptor_pthread_create /build/gcc-multilib/src/gcc/libsanitizer/asan/asan_interceptors.cc:236
#1 0x7fd8cac957ca in vlc_clone_attr /home/refp/work/videolan/vlc/git/src/posix/thread.c:482
#2 0x7fd8cac96159 in vlc_clone /home/refp/work/videolan/vlc/git/src/posix/thread.c:494
#3 0x7fd8cabfb707 in input_Start /home/refp/work/videolan/vlc/git/src/input/input.c:180
#4 0x7fd8cab9dbe1 in PlayItem /home/refp/work/videolan/vlc/git/src/playlist/thread.c:215
#5 0x7fd8cab9dbe1 in Next /home/refp/work/videolan/vlc/git/src/playlist/thread.c:478
#6 0x7fd8cab9dbe1 in Thread /home/refp/work/videolan/vlc/git/src/playlist/thread.c:501
#7 0x7fd8c9d42453 in start_thread (/usr/lib/libpthread.so.0+0x7453)
Thread T2 created by T0 here:
#0 0x7fd8cb216468 in __interceptor_pthread_create /build/gcc-multilib/src/gcc/libsanitizer/asan/asan_interceptors.cc:236
#1 0x7fd8cac957ca in vlc_clone_attr /home/refp/work/videolan/vlc/git/src/posix/thread.c:482
#2 0x7fd8cac96159 in vlc_clone /home/refp/work/videolan/vlc/git/src/posix/thread.c:494
#3 0x7fd8cab9a821 in playlist_Activate /home/refp/work/videolan/vlc/git/src/playlist/thread.c:54
#4 0x7fd8cab9fd40 in playlist_Create /home/refp/work/videolan/vlc/git/src/playlist/engine.c:285
#5 0x7fd8cab988a8 in intf_GetPlaylist /home/refp/work/videolan/vlc/git/src/interface/interface.c:148
#6 0x7fd8cab988a8 in intf_InsertItem /home/refp/work/videolan/vlc/git/src/interface/interface.c:169
#7 0x7fd8cab6d9aa in GetFilenames /home/refp/work/videolan/vlc/git/src/libvlc.c:603
#8 0x7fd8cab6d9aa in libvlc_InternalInit /home/refp/work/videolan/vlc/git/src/libvlc.c:483
#9 0x7fd8cafaf000 in libvlc_new /home/refp/work/videolan/vlc/git/lib/core.c:59
#10 0x40195d in main /home/refp/work/videolan/vlc/git/bin/vlc.c:228
#11 0x7fd8c99bd290 in __libc_start_main (/usr/lib/libc.so.6+0x20290)
SUMMARY: AddressSanitizer: double-free /build/gcc-multilib/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:45 in __interceptor_free</code></pre>
</body>
</html>