Skip to content

Resumption dialog: use after free

Exit VLC via Ctrl+C while the resumption dialog is pending:

=================================================================
==14242==ERROR: AddressSanitizer: heap-use-after-free on address 0x6110000efd48 at pc 0x7f021d8e0764 bp 0x7f01f8904560 sp 0x7f01f8904558
READ of size 8 at 0x6110000efd48 thread T7
    [#0](https://code.videolan.org/videolan/vlc/-/issues/0) 0x7f021d8e0763 in input_GetItem ../../src/input/input.c:277
    [#1](https://code.videolan.org/videolan/vlc/-/issues/1) 0x7f020acf6b30 in PLModel::processInputItemUpdate(input_thread_t*) ../../../../modules/gui/qt4/components/playlist/playlist_model.cpp:573
    [#2](https://code.videolan.org/videolan/vlc/-/issues/2) 0x7f020980165c in QMetaObject::activate(QObject*, int, int, void**) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2f365c)
    [#3](https://code.videolan.org/videolan/vlc/-/issues/3) 0x7f020ad4715e in MainInputManager::inputChanged(input_thread_t*) /home/remi/videolan/vlc/build/modules/gui/qt4/input_manager.moc.cpp:927
    [#4](https://code.videolan.org/videolan/vlc/-/issues/4) 0x7f02098023da in QObject::event(QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2f43da)
    [#5](https://code.videolan.org/videolan/vlc/-/issues/5) 0x7f020a48bb0b in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x13eb0b)
    [#6](https://code.videolan.org/videolan/vlc/-/issues/6) 0x7f020a490d6d in QApplication::notify(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x143d6d)
    [#7](https://code.videolan.org/videolan/vlc/-/issues/7) 0x7f02097d4542 in QCoreApplication::notifyInternal(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2c6542)
    [#8](https://code.videolan.org/videolan/vlc/-/issues/8) 0x7f02097d647a in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2c847a)
    [#9](https://code.videolan.org/videolan/vlc/-/issues/9) 0x7f02098284d2 (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x31a4d2)
    [#10](https://code.videolan.org/videolan/vlc/-/issues/10) 0x7f0208ffde03 in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x48e03)
    [#11](https://code.videolan.org/videolan/vlc/-/issues/11) 0x7f0208ffe047 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x49047)
    [#12](https://code.videolan.org/videolan/vlc/-/issues/12) 0x7f0208ffe0eb in g_main_context_iteration (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x490eb)
    [#13](https://code.videolan.org/videolan/vlc/-/issues/13) 0x7f02098288c6 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x31a8c6)
    [#14](https://code.videolan.org/videolan/vlc/-/issues/14) 0x7f02097d1ec1 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2c3ec1)
    [#15](https://code.videolan.org/videolan/vlc/-/issues/15) 0x7f02097d95fc in QCoreApplication::exec() (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2cb5fc)
    [#16](https://code.videolan.org/videolan/vlc/-/issues/16) 0x7f020abf778f in Thread ../../../../modules/gui/qt4/qt4.cpp:566
    [#17](https://code.videolan.org/videolan/vlc/-/issues/17) 0x7f021ee970c9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x80c9)
    [#18](https://code.videolan.org/videolan/vlc/-/issues/18) 0x7f021e9c806c in clone (/lib/x86_64-linux-gnu/libc.so.6+0xe606c)

0x6110000efd48 is located 200 bytes inside of 208-byte region [0x6110000efc80,0x6110000efd50)
freed by thread T7 here:
    [#0](https://code.videolan.org/videolan/vlc/-/issues/0) 0x7f0220072887 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x54887)
    [#1](https://code.videolan.org/videolan/vlc/-/issues/1) 0x7f021da06ace in vlc_object_destroy ../../src/misc/objects.c:286
    [#2](https://code.videolan.org/videolan/vlc/-/issues/2) 0x7f021da07f49 in vlc_object_release ../../src/misc/objects.c:526
    [#3](https://code.videolan.org/videolan/vlc/-/issues/3) 0x7f020ac1786f in InputManager::delInput() ../../../../modules/gui/qt4/input_manager.cpp:185
    [#4](https://code.videolan.org/videolan/vlc/-/issues/4) 0x7f01f8903d3f ([stack:14249]+0xfdd3f)

previously allocated by thread T2 here:
    [#0](https://code.videolan.org/videolan/vlc/-/issues/0) 0x7f0220072a9f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x54a9f)
    [#1](https://code.videolan.org/videolan/vlc/-/issues/1) 0x7f021da0586a in vlc_custom_create ../../src/misc/objects.c:128
    [#2](https://code.videolan.org/videolan/vlc/-/issues/2) 0x7f021d8e08f5 in Create ../../src/input/input.c:295
    [#3](https://code.videolan.org/videolan/vlc/-/issues/3) 0x7f021d8dffc0 in input_Create ../../src/input/input.c:129
    [#4](https://code.videolan.org/videolan/vlc/-/issues/4) 0x7f021d83d413 in PlayItem ../../src/playlist/thread.c:211
    [#5](https://code.videolan.org/videolan/vlc/-/issues/5) 0x7f021d83fa5f in LoopRequest ../../src/playlist/thread.c:492
    [#6](https://code.videolan.org/videolan/vlc/-/issues/6) 0x7f021d83fea0 in Thread ../../src/playlist/thread.c:536
    [#7](https://code.videolan.org/videolan/vlc/-/issues/7) 0x7f021ee970c9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x80c9)

Thread T7 created by T0 here:
    [#0](https://code.videolan.org/videolan/vlc/-/issues/0) 0x7f0220041b0a in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23b0a)
    [#1](https://code.videolan.org/videolan/vlc/-/issues/1) 0x7f021da31e3a in vlc_clone_attr ../../src/posix/thread.c:653
    [#2](https://code.videolan.org/videolan/vlc/-/issues/2) 0x7f021da32004 in vlc_clone ../../src/posix/thread.c:678
    [#3](https://code.videolan.org/videolan/vlc/-/issues/3) 0x7f020abf708a in Open ../../../../modules/gui/qt4/qt4.cpp:393

Thread T2 created by T0 here:
    [#0](https://code.videolan.org/videolan/vlc/-/issues/0) 0x7f0220041b0a in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23b0a)
    [#1](https://code.videolan.org/videolan/vlc/-/issues/1) 0x7f021da31e3a in vlc_clone_attr ../../src/posix/thread.c:653
    [#2](https://code.videolan.org/videolan/vlc/-/issues/2) 0x7f021da32004 in vlc_clone ../../src/posix/thread.c:678
    [#3](https://code.videolan.org/videolan/vlc/-/issues/3) 0x7f021d83ba41 in playlist_Activate ../../src/playlist/thread.c:54
    [#4](https://code.videolan.org/videolan/vlc/-/issues/4) 0x7f021d844048 in playlist_Create ../../src/playlist/engine.c:300
    [#5](https://code.videolan.org/videolan/vlc/-/issues/5) 0x7f021d838bbb in intf_GetPlaylist ../../src/interface/interface.c:150
    [#6](https://code.videolan.org/videolan/vlc/-/issues/6) 0x7f021d838d6a in libvlc_InternalAddIntf ../../src/interface/interface.c:187
    [#7](https://code.videolan.org/videolan/vlc/-/issues/7) 0x7f021d81d8bc in libvlc_InternalInit ../../src/libvlc.c:448
    [#8](https://code.videolan.org/videolan/vlc/-/issues/8) 0x7f021fda9b61 in libvlc_new ../../lib/core.c:59
    [#9](https://code.videolan.org/videolan/vlc/-/issues/9) 0x40225e in main ../../bin/vlc.c:229
    [#10](https://code.videolan.org/videolan/vlc/-/issues/10) 0x7f021e903b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)

SUMMARY: AddressSanitizer: heap-use-after-free ../../src/input/input.c:277 input_GetItem
Shadow bytes around the buggy address:
  0x0c2280015f50: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa
  0x0c2280015f60: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c2280015f70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2280015f80: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
  0x0c2280015f90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c2280015fa0: fd fd fd fd fd fd fd fd fd[fd]fa fa fa fa fa fa
  0x0c2280015fb0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c2280015fc0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2280015fd0: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2280015fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c2280015ff0: 00 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Contiguous container OOB:fc
  ASan internal:           fe
==14242==ABORTING
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

VideoLAN code repository instance