Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cygwin Compile Error: SHM_DEST #7

Closed
terranpro opened this issue Apr 11, 2014 · 1 comment
Closed

Cygwin Compile Error: SHM_DEST #7

terranpro opened this issue Apr 11, 2014 · 1 comment

Comments

@terranpro
Copy link

Hi guys,

Ran into a compile error building today's latest from my cygwin machine:

/home/Brian/elisp/foreign/rtags/src/rct/rct/SharedMemory.cpp: In member function ‘bool     SharedMemory::init(key_t, int, SharedMemory::CreateMode)’:
/home/Brian/elisp/foreign/rtags/src/rct/rct/SharedMemory.cpp:44:29: error: ‘SHM_DEST’ was not declared in this scope
         ds.shm_perm.mode |= SHM_DEST;

Offending line:

#if !defined(OS_Darwin) && !defined(OS_FreeBSD)
      ds.shm_perm.mode |= SHM_DEST;
#endif 

It appears this isn't defined in my Cygwin
(CYGWIN_NT-6.1-WOW64 Kenobi 1.7.27(0.271/5/3) 2013-12-09 11:57 i686 Cygwin)

I added an extra preproc && !defined(__CYGWIN__) and it builds and operation looks OK, but I'm not sure what/if there are any consequences.

Thanks,
Brian

@jhanssen
Copy link
Collaborator

Just fixed this in 31cdc46.

This code is not used in rtags so there shouldn't be any negative consequences for this.

smoofra added a commit to smoofra/rct that referenced this issue Jul 29, 2015
Connections can have their SocketClient callbacks called after they have been
free'd, because the SignalSlot that is holding on to a reference for them isn't
doing it through a shared pointer.  I've got a project that reliably triggers
this behavior in rdm, I think because rp is also crashing and the resulting
SIGPIPE closes down the socket in an unusual way.  Or something.

The patch is to disconnect all the SignalSlots when the Connection is torn down,
to make sure those non-counted references don't stick around.

Connection free'd here:

* thread Andersbakken#1: tid = 0xf7793, 0x00000001000abc94 rdm`Connection::~Connection(this=0x00000001060b6600) + 4 at Connection.cpp:22, queue = 'com.apple.main-thread', stop reason = breakpoint 1.2
  * frame #0: 0x00000001000abc94 rdm`Connection::~Connection(this=0x00000001060b6600) + 4 at Connection.cpp:22
    frame Andersbakken#1: 0x000000010008ab47 rdm`std::__1::__shared_ptr_pointer<Connection*, std::__1::default_delete<Connection>, std::__1::allocator<Connection> >::__on_zero_shared() [inlined] std::__1::default_delete<Connection>::operator(__ptr=0x00000001060b6600)(Connection*) const + 13 at memory:2459
    frame Andersbakken#2: 0x000000010008ab3a rdm`std::__1::__shared_ptr_pointer<Connection*, std::__1::default_delete<Connection>, std::__1::allocator<Connection> >::__on_zero_shared(this=<unavailable>) + 10 at memory:3700
    frame Andersbakken#3: 0x00007fff8b10ecb8 libc++.1.dylib`std::__1::__shared_weak_count::__release_shared() + 44
    frame Andersbakken#4: 0x00000001000ac5fa rdm`Connection::onDataAvailable(std::__1::shared_ptr<SocketClient> const&, Buffer&&) [inlined] std::__1::shared_ptr<Connection>::~shared_ptr() + 1498 at memory:4490
    frame Andersbakken#5: 0x00000001000ac5f2 rdm`Connection::onDataAvailable(std::__1::shared_ptr<SocketClient> const&, Buffer&&) [inlined] std::__1::shared_ptr<Connection>::~shared_ptr() at memory:4488
    frame Andersbakken#6: 0x00000001000ac5f2 rdm`Connection::onDataAvailable(this=0x00000001060b6600, (null)=<unavailable>, buf=0x00000001026c6a28) + 1490 at Connection.cpp:195
    frame Andersbakken#7: 0x00000001000c58b1 rdm`void Signal<std::__1::function<void (std::__1::shared_ptr<SocketClient> const&, Buffer&&)> >::operator()<std::__1::shared_ptr<SocketClient>&, Buffer>(std::__1::shared_ptr<SocketClient>&&&, Buffer&&) [inlined] std::__1::function<void (std::__1::shared_ptr<SocketClient> const&, Buffer&&)>::operator()(std::__1::shared_ptr<SocketClient> const&, Buffer&&) const + 145 at functional:1793
    frame Andersbakken#8: 0x00000001000c5899 rdm`void Signal<std::__1::function<void (std::__1::shared_ptr<SocketClient> const&, Buffer&&)> >::operator(this=<unavailable>, args=0x00007fff5fbfd590, args=0x00000001026c6a28)<std::__1::shared_ptr<SocketClient>&, Buffer>(std::__1::shared_ptr<SocketClient>&&&, Buffer&&) + 121 at SignalSlot.h:69
    frame Andersbakken#9: 0x00000001000c30fa rdm`SocketClient::socketCallback(this=0x00000001026c67a0, f=<unavailable>, mode=<unavailable>) + 1546 at SocketClient.cpp:601
    frame Andersbakken#10: 0x00000001000b2bca rdm`EventLoop::fireSocket(int, unsigned int) [inlined] std::__1::function<void (int, unsigned int)>::operator(__arg=<unavailable>, __arg=<unavailable>)(int, unsigned int) const + 266 at functional:1793
    frame Andersbakken#11: 0x00000001000b2bb0 rdm`EventLoop::fireSocket(this=<unavailable>, fd=<unavailable>, mode=1) + 240 at EventLoop.cpp:684
    frame Andersbakken#12: 0x00000001000b2a17 rdm`EventLoop::processSocketEvents(this=0x000000010270ddf0, events=0x00007fff5fbfd760, eventCount=<unavailable>) + 471 at EventLoop.cpp:823
    frame Andersbakken#13: 0x00000001000b2f6a rdm`EventLoop::exec(this=0x000000010270ddf0, timeoutTime=<unavailable>) + 730 at EventLoop.cpp:941
    frame Andersbakken#14: 0x0000000100006a7f rdm`main(argc=<unavailable>, argv=<unavailable>) + 12239 at rdm.cpp:729
    frame Andersbakken#15: 0x00007fff8dd9f5ad libdyld.dylib`start + 1
    frame Andersbakken#16: 0x00007fff8dd9f5ad libdyld.dylib`start + 1

Then used again here

* thread Andersbakken#1: tid = 0xf7793, 0x00007fff926610ae libsystem_kernel.dylib`__pthread_kill + 10, queue = 'com.apple.main-thread', stop reason = signal SIGABRT
  * frame #0: 0x00007fff926610ae libsystem_kernel.dylib`__pthread_kill + 10
    frame Andersbakken#1: 0x00007fff945db665 libsystem_pthread.dylib`pthread_kill + 90
    frame Andersbakken#2: 0x00007fff9a6793fb libsystem_c.dylib`abort + 129
    frame Andersbakken#3: 0x00007fff90d50f81 libc++abi.dylib`abort_message + 257
    frame Andersbakken#4: 0x00007fff90d7696a libc++abi.dylib`default_terminate_handler() + 46
    frame Andersbakken#5: 0x00007fff90d7419e libc++abi.dylib`std::__terminate(void (*)()) + 8
    frame Andersbakken#6: 0x00007fff90d7422d libc++abi.dylib`std::terminate() + 77
    frame Andersbakken#7: 0x00000001000adb13 rdm`Connection::onClientDisconnected(std::__1::shared_ptr<SocketClient> const&) + 147 at Connection.cpp:34
    frame Andersbakken#8: 0x00000001000adb0e rdm`Connection::onClientDisconnected(this=<unavailable>, (null)=<unavailable>) + 142 at Connection.h:110
    frame Andersbakken#9: 0x00000001000c547e rdm`void Signal<std::__1::function<void (std::__1::shared_ptr<SocketClient> const&)> >::operator()<std::__1::shared_ptr<SocketClient>&>(std::__1::shared_ptr<SocketClient>&&&) [inlined] std::__1::function<void (std::__1::shared_ptr<SocketClient> const&)>::operator()(std::__1::shared_ptr<SocketClient> const&) const + 142 at functional:1793
    frame Andersbakken#10: 0x00000001000c5469 rdm`void Signal<std::__1::function<void (std::__1::shared_ptr<SocketClient> const&)> >::operator(this=<unavailable>, args=0x00007fff5fbfd590)<std::__1::shared_ptr<SocketClient>&>(std::__1::shared_ptr<SocketClient>&&&) + 121 at SignalSlot.h:69
    frame Andersbakken#11: 0x00000001000c310a rdm`SocketClient::socketCallback(this=0x00000001026c67a0, f=<unavailable>, mode=<unavailable>) + 1562 at SocketClient.cpp:603
    frame Andersbakken#12: 0x00000001000b2bca rdm`EventLoop::fireSocket(int, unsigned int) [inlined] std::__1::function<void (int, unsigned int)>::operator(__arg=<unavailable>, __arg=<unavailable>)(int, unsigned int) const + 266 at functional:1793
    frame Andersbakken#13: 0x00000001000b2bb0 rdm`EventLoop::fireSocket(this=<unavailable>, fd=<unavailable>, mode=1) + 240 at EventLoop.cpp:684
    frame Andersbakken#14: 0x00000001000b2a17 rdm`EventLoop::processSocketEvents(this=0x000000010270ddf0, events=0x00007fff5fbfd760, eventCount=<unavailable>) + 471 at EventLoop.cpp:823
    frame Andersbakken#15: 0x00000001000b2f6a rdm`EventLoop::exec(this=0x000000010270ddf0, timeoutTime=<unavailable>) + 730 at EventLoop.cpp:941
    frame Andersbakken#16: 0x0000000100006a7f rdm`main(argc=<unavailable>, argv=<unavailable>) + 12239 at rdm.cpp:729
    frame Andersbakken#17: 0x00007fff8dd9f5ad libdyld.dylib`start + 1
    frame Andersbakken#18: 0x00007fff8dd9f5ad libdyld.dylib`start + 1

Signed-off-by: Lawrence D'Anna <larry@elder-gods.org>
Andersbakken pushed a commit that referenced this issue Jul 29, 2015
Connections can have their SocketClient callbacks called after they have been
free'd, because the SignalSlot that is holding on to a reference for them isn't
doing it through a shared pointer.  I've got a project that reliably triggers
this behavior in rdm, I think because rp is also crashing and the resulting
SIGPIPE closes down the socket in an unusual way.  Or something.

The patch is to disconnect all the SignalSlots when the Connection is torn down,
to make sure those non-counted references don't stick around.

Connection free'd here:

* thread #1: tid = 0xf7793, 0x00000001000abc94 rdm`Connection::~Connection(this=0x00000001060b6600) + 4 at Connection.cpp:22, queue = 'com.apple.main-thread', stop reason = breakpoint 1.2
  * frame #0: 0x00000001000abc94 rdm`Connection::~Connection(this=0x00000001060b6600) + 4 at Connection.cpp:22
    frame #1: 0x000000010008ab47 rdm`std::__1::__shared_ptr_pointer<Connection*, std::__1::default_delete<Connection>, std::__1::allocator<Connection> >::__on_zero_shared() [inlined] std::__1::default_delete<Connection>::operator(__ptr=0x00000001060b6600)(Connection*) const + 13 at memory:2459
    frame #2: 0x000000010008ab3a rdm`std::__1::__shared_ptr_pointer<Connection*, std::__1::default_delete<Connection>, std::__1::allocator<Connection> >::__on_zero_shared(this=<unavailable>) + 10 at memory:3700
    frame #3: 0x00007fff8b10ecb8 libc++.1.dylib`std::__1::__shared_weak_count::__release_shared() + 44
    frame #4: 0x00000001000ac5fa rdm`Connection::onDataAvailable(std::__1::shared_ptr<SocketClient> const&, Buffer&&) [inlined] std::__1::shared_ptr<Connection>::~shared_ptr() + 1498 at memory:4490
    frame #5: 0x00000001000ac5f2 rdm`Connection::onDataAvailable(std::__1::shared_ptr<SocketClient> const&, Buffer&&) [inlined] std::__1::shared_ptr<Connection>::~shared_ptr() at memory:4488
    frame #6: 0x00000001000ac5f2 rdm`Connection::onDataAvailable(this=0x00000001060b6600, (null)=<unavailable>, buf=0x00000001026c6a28) + 1490 at Connection.cpp:195
    frame #7: 0x00000001000c58b1 rdm`void Signal<std::__1::function<void (std::__1::shared_ptr<SocketClient> const&, Buffer&&)> >::operator()<std::__1::shared_ptr<SocketClient>&, Buffer>(std::__1::shared_ptr<SocketClient>&&&, Buffer&&) [inlined] std::__1::function<void (std::__1::shared_ptr<SocketClient> const&, Buffer&&)>::operator()(std::__1::shared_ptr<SocketClient> const&, Buffer&&) const + 145 at functional:1793
    frame #8: 0x00000001000c5899 rdm`void Signal<std::__1::function<void (std::__1::shared_ptr<SocketClient> const&, Buffer&&)> >::operator(this=<unavailable>, args=0x00007fff5fbfd590, args=0x00000001026c6a28)<std::__1::shared_ptr<SocketClient>&, Buffer>(std::__1::shared_ptr<SocketClient>&&&, Buffer&&) + 121 at SignalSlot.h:69
    frame #9: 0x00000001000c30fa rdm`SocketClient::socketCallback(this=0x00000001026c67a0, f=<unavailable>, mode=<unavailable>) + 1546 at SocketClient.cpp:601
    frame #10: 0x00000001000b2bca rdm`EventLoop::fireSocket(int, unsigned int) [inlined] std::__1::function<void (int, unsigned int)>::operator(__arg=<unavailable>, __arg=<unavailable>)(int, unsigned int) const + 266 at functional:1793
    frame #11: 0x00000001000b2bb0 rdm`EventLoop::fireSocket(this=<unavailable>, fd=<unavailable>, mode=1) + 240 at EventLoop.cpp:684
    frame #12: 0x00000001000b2a17 rdm`EventLoop::processSocketEvents(this=0x000000010270ddf0, events=0x00007fff5fbfd760, eventCount=<unavailable>) + 471 at EventLoop.cpp:823
    frame #13: 0x00000001000b2f6a rdm`EventLoop::exec(this=0x000000010270ddf0, timeoutTime=<unavailable>) + 730 at EventLoop.cpp:941
    frame #14: 0x0000000100006a7f rdm`main(argc=<unavailable>, argv=<unavailable>) + 12239 at rdm.cpp:729
    frame #15: 0x00007fff8dd9f5ad libdyld.dylib`start + 1
    frame #16: 0x00007fff8dd9f5ad libdyld.dylib`start + 1

Then used again here

* thread #1: tid = 0xf7793, 0x00007fff926610ae libsystem_kernel.dylib`__pthread_kill + 10, queue = 'com.apple.main-thread', stop reason = signal SIGABRT
  * frame #0: 0x00007fff926610ae libsystem_kernel.dylib`__pthread_kill + 10
    frame #1: 0x00007fff945db665 libsystem_pthread.dylib`pthread_kill + 90
    frame #2: 0x00007fff9a6793fb libsystem_c.dylib`abort + 129
    frame #3: 0x00007fff90d50f81 libc++abi.dylib`abort_message + 257
    frame #4: 0x00007fff90d7696a libc++abi.dylib`default_terminate_handler() + 46
    frame #5: 0x00007fff90d7419e libc++abi.dylib`std::__terminate(void (*)()) + 8
    frame #6: 0x00007fff90d7422d libc++abi.dylib`std::terminate() + 77
    frame #7: 0x00000001000adb13 rdm`Connection::onClientDisconnected(std::__1::shared_ptr<SocketClient> const&) + 147 at Connection.cpp:34
    frame #8: 0x00000001000adb0e rdm`Connection::onClientDisconnected(this=<unavailable>, (null)=<unavailable>) + 142 at Connection.h:110
    frame #9: 0x00000001000c547e rdm`void Signal<std::__1::function<void (std::__1::shared_ptr<SocketClient> const&)> >::operator()<std::__1::shared_ptr<SocketClient>&>(std::__1::shared_ptr<SocketClient>&&&) [inlined] std::__1::function<void (std::__1::shared_ptr<SocketClient> const&)>::operator()(std::__1::shared_ptr<SocketClient> const&) const + 142 at functional:1793
    frame #10: 0x00000001000c5469 rdm`void Signal<std::__1::function<void (std::__1::shared_ptr<SocketClient> const&)> >::operator(this=<unavailable>, args=0x00007fff5fbfd590)<std::__1::shared_ptr<SocketClient>&>(std::__1::shared_ptr<SocketClient>&&&) + 121 at SignalSlot.h:69
    frame #11: 0x00000001000c310a rdm`SocketClient::socketCallback(this=0x00000001026c67a0, f=<unavailable>, mode=<unavailable>) + 1562 at SocketClient.cpp:603
    frame #12: 0x00000001000b2bca rdm`EventLoop::fireSocket(int, unsigned int) [inlined] std::__1::function<void (int, unsigned int)>::operator(__arg=<unavailable>, __arg=<unavailable>)(int, unsigned int) const + 266 at functional:1793
    frame #13: 0x00000001000b2bb0 rdm`EventLoop::fireSocket(this=<unavailable>, fd=<unavailable>, mode=1) + 240 at EventLoop.cpp:684
    frame #14: 0x00000001000b2a17 rdm`EventLoop::processSocketEvents(this=0x000000010270ddf0, events=0x00007fff5fbfd760, eventCount=<unavailable>) + 471 at EventLoop.cpp:823
    frame #15: 0x00000001000b2f6a rdm`EventLoop::exec(this=0x000000010270ddf0, timeoutTime=<unavailable>) + 730 at EventLoop.cpp:941
    frame #16: 0x0000000100006a7f rdm`main(argc=<unavailable>, argv=<unavailable>) + 12239 at rdm.cpp:729
    frame #17: 0x00007fff8dd9f5ad libdyld.dylib`start + 1
    frame #18: 0x00007fff8dd9f5ad libdyld.dylib`start + 1

Signed-off-by: Lawrence D'Anna <larry@elder-gods.org>
Andersbakken added a commit that referenced this issue Aug 14, 2018
==22897==ERROR: AddressSanitizer: heap-use-after-free on address 0x6180001caca0 at pc 0x55ea6bf72005 bp 0x7ffeb50b88e0 sp 0x7ffeb50b88d0
READ of size 8 at 0x6180001caca0 thread T0
    #0 0x55ea6bf72004 in std::__cxx11::list<Buffer, std::allocator<Buffer> >::begin() const /usr/include/c++/7/bits/stl_list.h:861
    #1 0x55ea6bf72004 in Buffers::size() const src/rct/rct/Buffer.h:113
    #2 0x55ea6bf72004 in Connection::onDataAvailable(std::shared_ptr<SocketClient> const&, Buffer&&) src/rct/rct/Connection.cpp:122
    #3 0x55ea6bf75174 in void std::__invoke_impl<void, void (Connection::*&)(std::shared_ptr<SocketClient> const&, Buffer&&), Connection*&, std::shared_ptr<SocketClient> const&, Buffer>(std::__invoke_memfun_deref, void (Connection::*&)(std::shared_ptr<SocketClient> const&, Buffer&&), Connection*&, std::shared_ptr<SocketClient> const&, Buffer&&) /usr/include/c++/7/bits/invoke.h:73
    #4 0x55ea6bf75174 in std::__invoke_result<void (Connection::*&)(std::shared_ptr<SocketClient> const&, Buffer&&), Connection*&, std::shared_ptr<SocketClient> const&, Buffer>::type std::__invoke<void (Connection::*&)(std::shared_ptr<SocketClient> const&, Buffer&&), Connection*&, std::shared_ptr<SocketClient> const&, Buffer>(void (Connection::*&)(std::shared_ptr<SocketClient> const&, Buffer&&), Connection*&, std::shared_ptr<SocketClient> const&, Buffer&&) /usr/include/c++/7/bits/invoke.h:95
    #5 0x55ea6bf75174 in void std::_Bind<void (Connection::*(Connection*, std::_Placeholder<1>, std::_Placeholder<2>))(std::shared_ptr<SocketClient> const&, Buffer&&)>::__call<void, std::shared_ptr<SocketClient> const&, Buffer&&, 0ul, 1ul, 2ul>(std::tuple<std::shared_ptr<SocketClient> const&, Buffer&&>&&, std::_Index_tuple<0ul, 1ul, 2ul>) /usr/include/c++/7/functional:467
    #6 0x55ea6bf75174 in void std::_Bind<void (Connection::*(Connection*, std::_Placeholder<1>, std::_Placeholder<2>))(std::shared_ptr<SocketClient> const&, Buffer&&)>::operator()<std::shared_ptr<SocketClient> const&, Buffer, void>(std::shared_ptr<SocketClient> const&, Buffer&&) /usr/include/c++/7/functional:551
    #7 0x55ea6bf75174 in std::_Function_handler<void (std::shared_ptr<SocketClient> const&, Buffer&&), std::_Bind<void (Connection::*(Connection*, std::_Placeholder<1>, std::_Placeholder<2>))(std::shared_ptr<SocketClient> const&, Buffer&&)> >::_M_invoke(std::_Any_data const&, std::shared_ptr<SocketClient> const&, Buffer&&) /usr/include/c++/7/bits/std_function.h:316
    #8 0x55ea6bfebe6b in std::function<void (std::shared_ptr<SocketClient> const&, Buffer&&)>::operator()(std::shared_ptr<SocketClient> const&, Buffer&&) const /usr/include/c++/7/bits/std_function.h:706
    #9 0x55ea6bfebe6b in void Signal<std::function<void (std::shared_ptr<SocketClient> const&, Buffer&&)> >::operator()<std::shared_ptr<SocketClient>&, Buffer>(std::shared_ptr<SocketClient>&, Buffer&&) src/rct/rct/SignalSlot.h:70
    #10 0x55ea6bfebe6b in SocketClient::socketCallback(int, int) src/rct/rct/SocketClient.cpp:676
    #11 0x55ea6bfedde8 in void std::__invoke_impl<void, void (SocketClient::*&)(int, int), SocketClient*&, int, unsigned int>(std::__invoke_memfun_deref, void (SocketClient::*&)(int, int), SocketClient*&, int&&, unsigned int&&) /usr/include/c++/7/bits/invoke.h:73
    #12 0x55ea6bfedde8 in std::__invoke_result<void (SocketClient::*&)(int, int), SocketClient*&, int, unsigned int>::type std::__invoke<void (SocketClient::*&)(int, int), SocketClient*&, int, unsigned int>(void (SocketClient::*&)(int, int), SocketClient*&, int&&, unsigned int&&) /usr/include/c++/7/bits/invoke.h:95
    #13 0x55ea6bfedde8 in void std::_Bind<void (SocketClient::*(SocketClient*, std::_Placeholder<1>, std::_Placeholder<2>))(int, int)>::__call<void, int&&, unsigned int&&, 0ul, 1ul, 2ul>(std::tuple<int&&, unsigned int&&>&&, std::_Index_tuple<0ul, 1ul, 2ul>) /usr/include/c++/7/functional:467
    #14 0x55ea6bfedde8 in void std::_Bind<void (SocketClient::*(SocketClient*, std::_Placeholder<1>, std::_Placeholder<2>))(int, int)>::operator()<int, unsigned int, void>(int&&, unsigned int&&) /usr/include/c++/7/functional:551
    #15 0x55ea6bfedde8 in std::_Function_handler<void (int, unsigned int), std::_Bind<void (SocketClient::*(SocketClient*, std::_Placeholder<1>, std::_Placeholder<2>))(int, int)> >::_M_invoke(std::_Any_data const&, int&&, unsigned int&&) /usr/include/c++/7/bits/std_function.h:316
    #16 0x55ea6bf898ca in std::function<void (int, unsigned int)>::operator()(int, unsigned int) const /usr/include/c++/7/bits/std_function.h:706
    #17 0x55ea6bf898ca in EventLoop::fireSocket(int, unsigned int) src/rct/rct/EventLoop.cpp:710
    #18 0x55ea6bf90010 in EventLoop::processSocketEvents(epoll_event*, int) src/rct/rct/EventLoop.cpp:851
    #19 0x55ea6bf93d3f in EventLoop::exec(int) src/rct/rct/EventLoop.cpp:964
    #20 0x55ea6bd08ef8 in main src/rdm.cpp:862
    #21 0x7fed4308eb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
    #22 0x55ea6bd10399 in _start (/home/abakken/dev/rtags/bin/rdm+0xaf399)

0x6180001caca0 is located 32 bytes inside of 800-byte region [0x6180001cac80,0x6180001cafa0)
freed by thread T0 here:
    #0 0x7fed45ed32d0 in operator delete(void*) (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe12d0)
    #1 0x55ea6bf6d008 in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() /usr/include/c++/7/bits/shared_ptr_base.h:154
    #2 0x55ea6bf6d008 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() /usr/include/c++/7/bits/shared_ptr_base.h:684
    #3 0x55ea6bf6d008 in std::__shared_ptr<Connection, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() /usr/include/c++/7/bits/shared_ptr_base.h:1123
    #4 0x55ea6bf6d008 in std::shared_ptr<Connection>::~shared_ptr() /usr/include/c++/7/bits/shared_ptr.h:93
    #5 0x55ea6bf6d008 in Connection::onDataAvailable(std::shared_ptr<SocketClient> const&, Buffer&&) src/rct/rct/Connection.cpp:149
    #6 0x6030005cae7f  (<unknown module>)

previously allocated by thread T0 here:
    #0 0x7fed45ed2458 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe0458)
    #1 0x55ea6bda98ed in Connection::create(std::shared_ptr<SocketClient> const&, int) src/rct/rct/Connection.h:25
    #2 0x55ea6bda98ed in Server::onNewConnection(SocketServer*) src/Server.cpp:352
    #3 0x55ea6c3bc693  (/home/abakken/dev/rtags/bin/rdm+0x75b693)

SUMMARY: AddressSanitizer: heap-use-after-free /usr/include/c++/7/bits/stl_list.h:861 in std::__cxx11::list<Buffer, std::allocator<Buffer> >::begin() const
Shadow bytes around the buggy address:
  0x0c3080031540: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c3080031550: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c3080031560: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c3080031570: fd fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3080031580: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c3080031590: fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd
  0x0c30800315a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c30800315b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c30800315c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c30800315d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c30800315e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==22897==ABORTING
Caught signal 6
/usr/lib/x86_64-linux-gnu/libasan.so.4(+0x558c0)[0x7fed45e478c0]
rdm(+0xaf539)[0x55ea6bd10539]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x12890)[0x7fed43c43890]
/lib/x86_64-linux-gnu/libc.so.6(gsignal+0xc7)[0x7fed430abe97]
/lib/x86_64-linux-gnu/libc.so.6(abort+0x141)[0x7fed430ad801]
/usr/lib/x86_64-linux-gnu/libasan.so.4(+0x10073e)[0x7fed45ef273e]
/usr/lib/x86_64-linux-gnu/libasan.so.4(+0x108538)[0x7fed45efa538]
/usr/lib/x86_64-linux-gnu/libasan.so.4(+0xe9525)[0x7fed45edb525]
/usr/lib/x86_64-linux-gnu/libasan.so.4(__asan_report_load8+0x37)[0x7fed45edc2e7]
rdm(_ZN10Connection15onDataAvailableERKSt10shared_ptrI12SocketClientEO6Buffer+0x7e05)[0x55ea6bf72005]
rdm(_ZNSt17_Function_handlerIFvRKSt10shared_ptrI12SocketClientEO6BufferESt5_BindIFM10ConnectionFvS4_S6_EPS9_St12_PlaceholderILi1EESD_ILi2EEEEE9_M_invokeERKSt9_Any_dataS4_S6_+0x145)[0x55ea6bf75175]
rdm(_ZN12SocketClient14socketCallbackEii+0x358c)[0x55ea6bfebe6c]
rdm(_ZNSt17_Function_handlerIFvijESt5_BindIFM12SocketClientFviiEPS2_St12_PlaceholderILi1EES6_ILi2EEEEE9_M_invokeERKSt9_Any_dataOiOj+0x199)[0x55ea6bfedde9]
rdm(_ZN9EventLoop10fireSocketEij+0x69b)[0x55ea6bf898cb]
rdm(_ZN9EventLoop19processSocketEventsEP11epoll_eventi+0x191)[0x55ea6bf90011]
rdm(_ZN9EventLoop4execEi+0xc20)[0x55ea6bf93d40]
rdm(main+0x8569)[0x55ea6bd08ef9]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xe7)[0x7fed4308eb97]
rdm(_start+0x2a)[0x55ea6bd1039a]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants