• Thomas Guillem's avatar
    DCP: fix heap-use-after-free on xml_ReaderNextNode error · 6cc343a2
    Thomas Guillem authored
    ==9090==ERROR: AddressSanitizer: heap-use-after-free on address 0x602000173170 at pc 0x7f8a86e19063 bp 0x7f8a7bbf9230 sp 0x7f8a7bbf89e0
    READ of size 2 at 0x602000173170 thread T10
    [000061200002c080] dbus interface debug: Getting All properties
    [000061200002c080] dbus interface debug: Getting All properties
        #0 0x7f8a86e19062  (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x3c062)
        #1 0x7f8a84dda3b6 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string(char const*, std::allocator<char> const&) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0x1203b6)
        #2 0x7f8a4d1bfef1 in XmlFile::ReadNextNode(demux_t*, xml_reader_t*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) ../../modules/access/dcp/dcpparser.cpp:750
        #3 0x7f8a4d1c0d82 in PKL::Parse() ../../modules/access/dcp/dcpparser.cpp:864
        #4 0x7f8a4d1bbe32 in AssetMap::Parse() ../../modules/access/dcp/dcpparser.cpp:291
        #5 0x7f8a4d1b2f7c in parseXML(demux_t*) ../../modules/access/dcp/dcp.cpp:1011
        #6 0x7f8a4d1b2b12 in dcpInit(demux_t*) ../../modules/access/dcp/dcp.cpp:942
        #7 0x7f8a4d1ad3c2 in Open ../../modules/access/dcp/dcp.cpp:326
        #8 0x7f8a8653b97d in generic_start ../../src/modules/modules.c:356
        #9 0x7f8a8653acd4 in module_load ../../src/modules/modules.c:183
        #10 0x7f8a8653b328 in vlc_module_load ../../src/modules/modules.c:279
        #11 0x7f8a8653bace in module_need ../../src/modules/modules.c:371
        #12 0x7f8a8658c8c5 in demux_NewAdvanced ../../src/input/demux.c:270
        #13 0x7f8a865c84c7 in InputDemuxNew ../../src/input/input.c:2403
        #14 0x7f8a865c8e89 in InputSourceNew ../../src/input/input.c:2555
        #15 0x7f8a865c15bf in Init ../../src/input/input.c:1303
        #16 0x7f8a865bc641 in Run ../../src/input/input.c:498
        #17 0x7f8a857ee493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
        #18 0x7f8a8532cafe in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe8afe)
    
    0x602000173170 is located 0 bytes inside of 12-byte region [0x602000173170,0x60200017317c)
    freed by thread T10 here:
        #0 0x7f8a86e9ea10 in free (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1a10)
        #1 0x7f8a78a29181 in ReaderNextNode ../../modules/misc/xml/libxml.c:217
        #2 0x7f8a4d1ba838 in xml_ReaderNextNode ../../include/vlc_xml.h:87
        #3 0x7f8a4d1bfec2 in XmlFile::ReadNextNode(demux_t*, xml_reader_t*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) ../../modules/access/dcp/dcpparser.cpp:744
        #4 0x7f8a4d1c0d82 in PKL::Parse() ../../modules/access/dcp/dcpparser.cpp:864
        #5 0x7f8a4d1bbe32 in AssetMap::Parse() ../../modules/access/dcp/dcpparser.cpp:291
        #6 0x7f8a4d1b2f7c in parseXML(demux_t*) ../../modules/access/dcp/dcp.cpp:1011
        #7 0x7f8a4d1b2b12 in dcpInit(demux_t*) ../../modules/access/dcp/dcp.cpp:942
        #8 0x7f8a4d1ad3c2 in Open ../../modules/access/dcp/dcp.cpp:326
        #9 0x7f8a8653b97d in generic_start ../../src/modules/modules.c:356
        #10 0x7f8a8653acd4 in module_load ../../src/modules/modules.c:183
        #11 0x7f8a8653b328 in vlc_module_load ../../src/modules/modules.c:279
        #12 0x7f8a8653bace in module_need ../../src/modules/modules.c:371
        #13 0x7f8a8658c8c5 in demux_NewAdvanced ../../src/input/demux.c:270
        #14 0x7f8a865c84c7 in InputDemuxNew ../../src/input/input.c:2403
        #15 0x7f8a865c8e89 in InputSourceNew ../../src/input/input.c:2555
        #16 0x7f8a865c15bf in Init ../../src/input/input.c:1303
        #17 0x7f8a865bc641 in Run ../../src/input/input.c:498
        #18 0x7f8a857ee493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
    
    (cherry picked from commit 1b1de3b7)
    Signed-off-by: Jean-Baptiste Kempf's avatarJean-Baptiste Kempf <jb@videolan.org>
    6cc343a2
Name
Last commit
Last update
..
access Loading commit data...
access_output Loading commit data...
arm_neon Loading commit data...
audio_filter Loading commit data...
audio_mixer Loading commit data...
audio_output Loading commit data...
codec Loading commit data...
control Loading commit data...
demux Loading commit data...
gui Loading commit data...
hw Loading commit data...
keystore Loading commit data...
logger Loading commit data...
lua Loading commit data...
meta_engine Loading commit data...
misc Loading commit data...
mux Loading commit data...
notify Loading commit data...
packetizer Loading commit data...
services_discovery Loading commit data...
spu Loading commit data...
stream_extractor Loading commit data...
stream_filter Loading commit data...
stream_out Loading commit data...
text_renderer Loading commit data...
video_chroma Loading commit data...
video_filter Loading commit data...
video_output Loading commit data...
video_splitter Loading commit data...
visualization Loading commit data...
.gitignore Loading commit data...
MODULES_LIST Loading commit data...
Makefile.am Loading commit data...
common.am Loading commit data...
list.sh Loading commit data...
module.rc.in Loading commit data...