[oss-fuzz 5922789724061696] double free in ty.c
Ref.:
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 3696130486
INFO: Loaded 1 modules (95337 inline 8-bit counters): 95337 [0x56a3cc295868, 0x56a3cc2accd1),
INFO: Loaded 1 PC tables (95337 PCs): 95337 [0x56a3cc2accd8,0x56a3cc421368),
/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_vlc_ec7da601ad4ba2548e708a6a10d97e34bc915675/revisions/vlc-demux-dec-libfuzzer-ty: Running 1 inputs 100 time(s) each.
Running: /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/crash-df0d372de783d0429bb3273f831af45f21f6f3d8
free(): double free detected in tcache 2
UndefinedBehaviorSanitizer:DEADLYSIGNAL
==402==ERROR: UndefinedBehaviorSanitizer: ABRT on unknown address 0x053900000192 (pc 0x7deca9ce100b bp 0x7ffca2f39680 sp 0x7ffca2f39330 T402)
#0 0x7deca9ce100b in raise /build/glibc-LcI20x/glibc-2.31/sysdeps/unix/sysv/linux/raise.c:51:1
#1 0x7deca9cc0858 in abort /build/glibc-LcI20x/glibc-2.31/stdlib/abort.c:79:7
#2 0x7deca9d2b26d in __libc_message /build/glibc-LcI20x/glibc-2.31/sysdeps/posix/libc_fatal.c:155:5
#3 0x7deca9d332fb in malloc_printerr /build/glibc-LcI20x/glibc-2.31/malloc/malloc.c:5347:3
#4 0x7deca9d34f6c in _int_free /build/glibc-LcI20x/glibc-2.31/malloc/malloc.c:4201:3
#5 0x56a3cbc91e5a in Close /src/vlc/modules/demux/ty.c:567:5
#6 0x56a3cbeb97d6 in module_unneed /src/vlc/src/modules/modules.c:291:9
#7 0x56a3cbee5878 in demux_DestroyDemux /src/vlc/src/input/demux.c:89:5
#8 0x56a3cbf1be87 in vlc_stream_Delete /src/vlc/src/input/stream.c:150:5
#9 0x56a3cbbbdfe5 in demux_Delete /src/vlc/include/vlc_demux.h:298:5
#10 0x56a3cbbbdfe5 in demux_process_stream /src/vlc/test/src/input/demux-run.c:336:5
#11 0x56a3cbbbd98f in LLVMFuzzerTestOneInput /src/vlc/test/vlc-demux-libfuzzer.c:63:5
#12 0x56a3cbb14c0d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13
#13 0x56a3cbaff982 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:329:6
#14 0x56a3cbb05850 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:865:9
#15 0x56a3cbb31382 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#16 0x7deca9cc2082 in __libc_start_main /build/glibc-LcI20x/glibc-2.31/csu/libc-start.c:308:16
#17 0x56a3cbaf8a6d in _start
==402==Register values:
rax = 0x0000000000000000 rbx = 0x00007deca9c9b780 rcx = 0x00007deca9ce100b rdx = 0x0000000000000000
rdi = 0x0000000000000002 rsi = 0x00007ffca2f39330 rbp = 0x00007ffca2f39680 rsp = 0x00007ffca2f39330
r8 = 0x0000000000000000 r9 = 0x00007ffca2f39330 r10 = 0x0000000000000008 r11 = 0x0000000000000246
r12 = 0x00007ffca2f395a0 r13 = 0x0000000000000010 r14 = 0x00007decaa07e000 r15 = 0x0000000000000001
UndefinedBehaviorSanitizer can not provide additional info.
SUMMARY: UndefinedBehaviorSanitizer: ABRT (/lib/x86_64-linux-gnu/libc.so.6+0x4300b) (BuildId: 0702430aef5fa3dda43986563e9ffcc47efbd75e)
==402==ABORTINGSamples: