-
Notifications
You must be signed in to change notification settings - Fork 53
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[GSoC 2015] Add VideoFrameH264 to CRetroplayerVideo #37
base: retroplayer-15beta2
Are you sure you want to change the base?
[GSoC 2015] Add VideoFrameH264 to CRetroplayerVideo #37
Conversation
This removes libav functionality that has been moved into the retroplayer core instead
OK, I applied the patches to my Netplay branch. I prefer to include interdependent changes in a single commit. that way, reverting is easier and doesn't require tracking down multiple commits. (and would have made rebasing quicker) So, this pr would look like: db9068d. separate commits is fine if it aids reviewability, but in this case the combined commit is much nicer. see the commit's diff - only 7 lines deleted. The closer to zero the number of deleted lines is, the sexier the patch. The game api version needs to be bumped when a change is made. so this commit should be squash into the PR's commit (EDIT: you'll need to change this to I added some whitespace improvements that can also be squashed: 35bd9e8. This conforms braces to our coding style, aligns variables with the class's other members, and as a bonus changes the diff from 7 lines deleted to 4 lines deleted (a 43% increase in patch sexiness) Also, before I take a deeper look, 3934a08 should be squashed as well - better consistency means less surprises later down the road. And prefer unsigned to signed, especially when the variable (size in this case) doesn't make sense as negative. While I await my GTX card (and a new mobo - my southbridge is busted), I plan to hook this patch up to one of my computer vision projects. the cv project uses theora, so my first change will probably be to rename |
54fda86
to
a30db43
Compare
You should wait to merge this, there seems to be a regression somewhere.
|
a30db43
to
16c03f5
Compare
Ah this should be all well now, there was a lonely file that didn't get touched during the squash. I've tested this against the latest version of game.moonlight, fixing the segfaults. |
|
||
void ColorspaceConversion(const uint8_t* data, unsigned int size, unsigned int width, unsigned int height, DVDVideoPicture &output); | ||
|
||
bool IsFrameReady(void); | ||
void SetFrameReady(bool bReady); | ||
|
||
bool SetupDecoder(int width, int height); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this was removed, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good catch, I seemed to have glossed over it.
16c03f5
to
3373591
Compare
01d801d
to
4f79eeb
Compare
Using DVDVideoCodec to decode the frames, just a draft. |
I was thinking of doing something similar. I started rewriting RetroPlayer from scratch, given the addition of Audio Engine binary callbacks and the VideoPlayer rename/refactor. I'm working on a I took a different approach to adding H264 support to the Game API using "video streams": 892c367. I also dropped the Game API's audio callback (see WIP kodi-game/game.moonlight@9eb99bd) I'm now evaluating the right amount of integration with VideoPlayer. I worry that if RetroPlayer completely bypasses VideoPlayer, we'll have code duplication or miss out on some features (like AV sync), whereas if RetroPlayer is fully integrated (e.g. it becomes a file stream that is played directly by VideoPlayer kinda like PVR) then we'll encounter too much latency and complexity dealing with VideoPlayer's 70,000 lines of code. I'm still in code-reading mode, so if you have any insights I'd like to hear them |
I think the best way is to bypass all the VideoPlayer, unfortunately. I'm not sure about the AV sync, moonlight-embedded doesn't seem to care much about and it work good. So the video streams will be decoded by a RetroPlayer with a specified codec/profile? It looks good enough to me. |
Please take into account that we need OpenGL support for emulators like mupen64. |
Yea, let's include OpenGL support in this effort. Encapsulation is a must. |
I'm not 100% sure if we want to take the whole effort of OpenGL inclusion right now. |
The API comes first. Once OpenGL is properly abstracted, it doesn't matter if it's implemented for all platforms, or none. I've read through VideoPlayer, and it's perfectly suitable for rendering single-frame and packet-based video. It polls for data, but this can be made event-based using some VFS synchronization trickery. OpenGL rendering doesn't fit into the VideoPlayer architecture too well. This might warrant its own player. |
Big update @acmiyaguchi, @a1rwulf - I finished adding game support to the new VideoPlayer. This was a complete failure, the multiple threads meant multiple buffers and multiple delays and memory management challenges. So I started fresh, and wrote a new RetroPlayer using the successful parts of the old one and the videoplayer work. RetroPlayer has been stripped bare, it contains only video and audio processing (no threads) and delegates everything else to the game add-on. The new RetroPlayer is now finished. It has stubs for H264 decoding. I'll start the work of integrating this PR into the stubs. I'll go through DVDFactoryCodec like @dead so we can support the rest of VideoPlayer's codecs. RetroPlayer is ready for OpenGL support too. @a1rwulf - your patch needs updating. You can give it a shot, otherwise when H264 is done I'll port the patch to the new player. |
@garbear nice work! |
Check out my retroplayer-playback branch. I'll merge into the primary retroplayer-17alpha1 after some more testing |
tested and merged. never had 1000 line addition with so little bugs :) |
The final step of integrating this PR has been finished: adding support for encoded audio and video into RetroPlayer. See 2087c6b. I'll leave this PR open to track progress on game.moonlight until it's finished. |
nice :) |
Class `CBusyWaiter` derives from `CThread`, and its only instance lives in the stack frame of `CGUIDialogBusy::Wait()`. Commit cc8364a triggered an ancient Kodi crash bug based on a misunderstanding how destructors work in C++, introduced in commit 64427d4 (coincidentally by the same author). Anyway, that commit cc8364a changed how cancellation gets triggered, making it more likely. And if that cancellation happens, nobody takes care for stopping the CThread properly; `~CThread()` calls `StopThread()`, but by then, the `CBusyWaiter` instance has already been morphed back to its base class `CThread`. This however triggers the crash in the still-running thread. This class morphing while calling destructors is what makes the whole `~CThread()` implementation wrong from the bottom: calling `StopThread()` from the base class destructor can never ever work properly, because it will crash the thread in any case. And if no thread were running anymore, the call would be useless. All uses of `CThread` without additional calls to `StopThread()` are a crash bug, but this commit fixes only the instance in class `CBusyWaiter`, by adding another `StopThread()` call to its destructor. This is how the crash looks like: ``` Thread 1 (Thread 0x7ff1d37fe700 (LWP 1394)): #0 __GI___pthread_mutex_lock (mutex=0x66657270747265d3) at ../nptl/pthread_mutex_lock.c:65 #1 0x0000562afcf3352c in (anonymous namespace)::CRecursiveMutex::lock (this=0x66657270747265d3) at xbmc/threads/platform/RecursiveMutex.h:45 #2 0x0000562afcf34618 in (anonymous namespace)::CountingLockable<XbmcThreads::CRecursiveMutex>::lock (this=0x66657270747265d3) at xbmc/threads/Lockables.h:63 #3 0x0000562afcf34466 in (anonymous namespace)::UniqueLock<CCriticalSection>::UniqueLock (this=0x7ff1d37fdb80, lockable=...) at xbmc/threads/Lockables.h:132 #4 0x0000562afcf3356f in CSingleLock::CSingleLock (this=0x7ff1d37fdb80, cs=...) at xbmc/threads/SingleLock.h:38 #5 0x0000562afd4ee7c7 in (anonymous namespace)::CEventGroup::Set (this=0x6665727074726563, child=0x7ffeca201060) at xbmc/threads/Event.h:127 #6 0x0000562afd4ee2db in CEvent::Set (this=0x7ffeca201060) at xbmc/threads/Event.cpp:70 #7 0x0000562afd4f16ff in CThread::staticThread (data=0x7ffeca200f80) at xbmc/threads/Thread.cpp:133 #8 0x00007ff20bd955aa in start_thread (arg=0x7ff1d37fe700) at pthread_create.c:463 #9 0x00007ff20321acbf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 ``` And this is the thread which created the `CBusyWaiter` (at the time of the crash it had already moved on): ``` Thread 19 (Thread 0x7ff20c191980 (LWP 1353)): #0 0x00007ff209da1c83 in ?? () from /usr/lib/x86_64-linux-gnu/libsqlite3.so.0 #1 0x00007ff209d9c3c6 in ?? () from /usr/lib/x86_64-linux-gnu/libsqlite3.so.0 #2 0x00007ff209dcc0ab in ?? () from /usr/lib/x86_64-linux-gnu/libsqlite3.so.0 #3 0x00007ff209dd0c9e in ?? () from /usr/lib/x86_64-linux-gnu/libsqlite3.so.0 #4 0x00007ff209dd11fe in ?? () from /usr/lib/x86_64-linux-gnu/libsqlite3.so.0 #5 0x00007ff209dd1526 in sqlite3_prepare_v2 () from /usr/lib/x86_64-linux-gnu/libsqlite3.so.0 #6 0x0000562afd755a56 in (anonymous namespace)::SqliteDataset::query (this=0x562b03898080, query=...) at xbmc/dbwrappers/sqlitedataset.cpp:649 #7 0x0000562afd33a824 in CVideoDatabase::GetScraperForPath (this=0x562b02530f00, strPath=..., settings=..., foundDirectly=@0x7ffeca201b6f: false) at xbmc/video/VideoDatabase.cpp:7297 #8 0x0000562afd33b831 in CVideoDatabase::GetContentForPath (this=0x562b02530f00, strPath=...) at xbmc/video/VideoDatabase.cpp:7426 #9 0x0000562afd27dc6c in CGUIWindowVideoNav::LoadVideoInfo (items=..., database=..., allowReplaceLabels=true) at xbmc/video/windows/GUIWindowVideoNav.cpp:578 #10 0x0000562afd27db95 in CGUIWindowVideoNav::LoadVideoInfo (this=0x562b02530760, items=...) at xbmc/video/windows/GUIWindowVideoNav.cpp:564 #11 0x0000562afd27ce81 in CGUIWindowVideoNav::GetDirectory (this=0x562b02530760, strDirectory=..., items=...) at xbmc/video/windows/GUIWindowVideoNav.cpp:545 #12 0x0000562afd3b4e35 in CGUIMediaWindow::Update (this=0x562b02530760, strDirectory=..., updateFilterPath=true) at xbmc/windows/GUIMediaWindow.cpp:806 #13 0x0000562afd274a96 in CGUIWindowVideoBase::Update (this=0x562b02530760, strDirectory=..., updateFilterPath=true) at xbmc/video/windows/GUIWindowVideoBase.cpp:1247 #14 0x0000562afd27ae04 in CGUIWindowVideoNav::Update (this=0x562b02530760, strDirectory=..., updateFilterPath=true) at xbmc/video/windows/GUIWindowVideoNav.cpp:340 #15 0x0000562afd3b6e91 in CGUIMediaWindow::OnClick (this=0x562b02530760, iItem=2, player=...) at xbmc/windows/GUIMediaWindow.cpp:1072 #16 0x0000562afd270a66 in CGUIWindowVideoBase::OnClick (this=0x562b02530760, iItem=2, player=...) at xbmc/video/windows/GUIWindowVideoBase.cpp:609 #17 0x0000562afd283ec0 in CGUIWindowVideoNav::OnClick (this=0x562b02530760, iItem=2, player=...) at xbmc/video/windows/GUIWindowVideoNav.cpp:1205 #18 0x0000562afd3b7867 in CGUIMediaWindow::OnSelect (this=0x562b02530760, item=2) at xbmc/windows/GUIMediaWindow.cpp:1141 #19 0x0000562afd270c1b in CGUIWindowVideoBase::OnSelect (this=0x562b02530760, iItem=2) at xbmc/video/windows/GUIWindowVideoBase.cpp:627 #20 0x0000562afd3b1978 in CGUIMediaWindow::OnMessage (this=0x562b02530760, message=...) at xbmc/windows/GUIMediaWindow.cpp:319 #21 0x0000562afd26e169 in CGUIWindowVideoBase::OnMessage (this=0x562b02530760, message=...) at xbmc/video/windows/GUIWindowVideoBase.cpp:200 #22 0x0000562afd27a666 in CGUIWindowVideoNav::OnMessage (this=0x562b02530760, message=...) at xbmc/video/windows/GUIWindowVideoNav.cpp:254 #23 0x0000562afd61dbba in CGUIControl::SendWindowMessage (this=0x562b03547780, message=...) at xbmc/guilib/GUIControl.cpp:316 #24 0x0000562afd60ebaa in CGUIBaseContainer::OnClick (this=0x562b03547780, actionID=7) at xbmc/guilib/GUIBaseContainer.cpp:793 #25 0x0000562afd60cce7 in CGUIBaseContainer::OnAction (this=0x562b03547780, action=...) at xbmc/guilib/GUIBaseContainer.cpp:407 #26 0x0000562afd64570b in CGUIFixedListContainer::OnAction (this=0x562b03547780, action=...) at xbmc/guilib/GUIFixedListContainer.cpp:81 #27 0x0000562afd6a69fc in CGUIWindow::OnAction (this=0x562b02530760, action=...) at xbmc/guilib/GUIWindow.cpp:435 #28 0x0000562afd3b0d43 in CGUIMediaWindow::OnAction (this=0x562b02530760, action=...) at xbmc/windows/GUIMediaWindow.cpp:202 #29 0x0000562afd26dcb7 in CGUIWindowVideoBase::OnAction (this=0x562b02530760, action=...) at xbmc/video/windows/GUIWindowVideoBase.cpp:111 #30 0x0000562afd2797a0 in CGUIWindowVideoNav::OnAction (this=0x562b02530760, action=...) at xbmc/video/windows/GUIWindowVideoNav.cpp:105 #31 0x0000562afd6b3c14 in CGUIWindowManager::HandleAction (this=0x562b01d17c60, action=...) at xbmc/guilib/GUIWindowManager.cpp:1100 #32 0x0000562afd6b39ce in CGUIWindowManager::OnAction (this=0x562b01d17c60, action=...) at xbmc/guilib/GUIWindowManager.cpp:1050 #33 0x0000562afd8e1888 in CApplication::OnAction (this=0x562b01a4d5d0, action=...) at xbmc/Application.cpp:1924 #34 0x0000562afd5b729a in CInputManager::ExecuteInputAction (this=0x562b01bb8680, action=...) at xbmc/input/InputManager.cpp:704 #35 0x0000562afd5b6c86 in CInputManager::HandleKey (this=0x562b01bb8680, key=...) at xbmc/input/InputManager.cpp:644 #36 0x0000562afd5b5ed8 in CInputManager::OnKey (this=0x562b01bb8680, key=...) at xbmc/input/InputManager.cpp:483 #37 0x0000562afd5b5be6 in CInputManager::OnEvent (this=0x562b01bb8680, newEvent=...) at xbmc/input/InputManager.cpp:442 #38 0x0000562afd8d8aaf in CApplication::HandlePortEvents (this=0x562b01a4d5d0) at xbmc/Application.cpp:341 #39 0x0000562afd8e4fe6 in CApplication::FrameMove (this=0x562b01a4d5d0, processEvents=true, processGUI=true) at xbmc/Application.cpp:2647 #40 0x0000562afd9add56 in CXBApplicationEx::Run (this=0x562b01a4d5d0, params=...) at xbmc/XBApplicationEx.cpp:107 #41 0x0000562afd528974 in XBMC_Run (renderGUI=true, params=...) at xbmc/platform/xbmc.cpp:88 #42 0x0000562afcef1e72 in main (argc=4, argv=0x7ffeca2096e8) at xbmc/platform/posix/main.cpp:108 ```
…fs.sftp addon issue #37) changed: Consistently prefer addon protocols over internal protocols
…fs.sftp addon issue garbear#37) changed: Consistently prefer addon protocols over internal protocols
fixed: Use exact matching for protocol in file+dir factories (fixes vfs.sftp addon issue garbear#37)
See comment in code for information. ==30885==ERROR: AddressSanitizer: heap-use-after-free on address 0x51800050bbe8 at pc 0x56aa085d20db bp 0x7ffd92777f50 sp 0x7ffd92777f48 READ of size 1 at 0x51800050bbe8 thread T0 #0 0x56aa085d20da in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:86:9 #1 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40 #2 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27 #3 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28 #4 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29 #5 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #6 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #7 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #8 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #9 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #10 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #11 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #12 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #13 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #14 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #15 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #16 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #17 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #18 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) #19 0x7517fb043d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) #20 0x56aa04d91c54 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa317c54) (BuildId: 7f84180dd757174de6de03b115843129667234d3) 0x51800050bbe8 is located 872 bytes inside of 880-byte region [0x51800050b880,0x51800050bbf0) freed by thread T0 here: #0 0x56aa04ec996a in operator delete(void*) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44f96a) (BuildId: 7f84180dd757174de6de03b115843129667234d3) #1 0x56aa08ae24d1 in CGUIStaticItem::~CGUIStaticItem() xbmc/guilib/GUIStaticItem.h:55:38 #2 0x56aa05922763 in std::_Sp_counted_ptr<CGUIStaticItem*, (__gnu_cxx::_Lock_policy)2>::_M_dispose() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:428:9 #3 0x56aa04ecd0bc in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:346:8 #4 0x56aa04eccca9 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1071:11 #5 0x56aa050d1c6c in std::__shared_ptr<CGUIListItem, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1524:31 #6 0x56aa050c6ee8 in std::shared_ptr<CGUIListItem>::~shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr.h:175:11 #7 0x56aa08465110 in void std::_Destroy<std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:151:19 #8 0x56aa0846505e in void std::_Destroy_aux<false>::__destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:163:6 #9 0x56aa08465024 in void std::_Destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:195:7 #10 0x56aa084a624b in void std::_Destroy<std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*, std::allocator<std::shared_ptr<CGUIListItem>>&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/alloc_traits.h:947:7 #11 0x56aa084a624b in std::vector<std::shared_ptr<CGUIListItem>, std::allocator<std::shared_ptr<CGUIListItem>>>::~vector() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_vector.h:732:2 #12 0x56aa086169e5 in CGUIBaseContainer::~CGUIBaseContainer() xbmc/guilib/GUIBaseContainer.cpp:117:1 #13 0x56aa08c4a148 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59 #14 0x56aa08c4a198 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59 #15 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #16 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #17 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #18 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #19 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #20 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #21 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #22 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #23 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #24 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #25 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #26 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #27 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #28 0x56aa08b9f39d in CGUIWindow::ClearAll() xbmc/guilib/GUIWindow.cpp:816:21 #29 0x56aa08b9ed97 in CGUIWindow::FreeResources(bool) xbmc/guilib/GUIWindow.cpp:799:53 #30 0x56aa08bf8e34 in CGUIWindowManager::DeInitialize() xbmc/guilib/GUIWindowManager.cpp:1452:14 #31 0x56aa09264d22 in CApplicationSkinHandling::UnloadSkin() xbmc/application/ApplicationSkinHandling.cpp:235:29 #32 0x56aa0925e0fd in CApplicationSkinHandling::LoadSkin(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/application/ApplicationSkinHandling.cpp:111:3 #33 0x56aa0926a8e6 in CApplicationSkinHandling::ReloadSkin(bool) xbmc/application/ApplicationSkinHandling.cpp:390:7 #34 0x56aa0c635399 in ReloadSkin(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/SkinBuiltins.cpp:46:12 #35 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 #36 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 #37 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 #38 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp #39 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 #40 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52 #41 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40 #42 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27 #43 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28 #44 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29 #45 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #46 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #47 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #48 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #49 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #50 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #51 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #52 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #53 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #54 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #55 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #56 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #57 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #58 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) previously allocated by thread T0 here: #0 0x56aa04ec8ed2 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44eed2) (BuildId: 7f84180dd757174de6de03b115843129667234d3) #1 0x56aa084b3183 in CStaticListProvider::CStaticListProvider(TiXmlElement const*, int) xbmc/guilib/listproviders/StaticProvider.cpp:28:33 #2 0x56aa0849c590 in std::__detail::_MakeUniq<CStaticListProvider>::__single_object std::make_unique<CStaticListProvider, TiXmlElement const*, int&>(TiXmlElement const*&&, int&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/unique_ptr.h:1070:34 #3 0x56aa0849bac7 in IListProvider::CreateSingle(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:34:12 #4 0x56aa0849b582 in IListProvider::Create(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:25:12 #5 0x56aa0864bbe8 in CGUIBaseContainer::LoadListProvider(TiXmlElement*, int, bool) xbmc/guilib/GUIBaseContainer.cpp:1282:20 #6 0x56aa0871b1c3 in CGUIControlFactory::Create(int, CRectGen<float> const&, TiXmlElement*, bool) xbmc/guilib/GUIControlFactory.cpp:1543:17 #7 0x56aa08b884c4 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:281:38 #8 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #9 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #10 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #11 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #12 0x56aa08b87cf6 in CGUIWindow::Load(TiXmlElement*) xbmc/guilib/GUIWindow.cpp:264:11 #13 0x56aa08b80657 in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:10 #14 0x56aa08b7e6c0 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14 #15 0x56aa08b9dc45 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7 #16 0x56aa08b95df7 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52 #17 0x56aa08be2521 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15 #18 0x56aa08bddfbc in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5 #19 0x56aa0c5b75f3 in int (anonymous namespace)::ActivateWindow<false>(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/GUIBuiltins.cpp:109:52 #20 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 #21 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 #22 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 #23 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp #24 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 #25 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52 #26 0x56aa0867f896 in CGUIButtonControl::OnClick() xbmc/guilib/GUIButtonControl.cpp:393:16 #27 0x56aa08677e86 in CGUIButtonControl::OnAction(CAction const&) xbmc/guilib/GUIButtonControl.cpp:212:5 #28 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #29 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #30 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #31 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #32 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #33 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #34 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #35 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #36 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #37 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #38 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #39 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #40 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #41 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) SUMMARY: AddressSanitizer: heap-use-after-free xbmc/guilib/GUIAction.cpp:86:9 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const Shadow bytes around the buggy address: 0x51800050b900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050b980: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050ba00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050ba80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050bb00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x51800050bb80: fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fa fa 0x51800050bc00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x51800050bc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050bd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050bd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==30885==ABORTING (cherry picked from commit 9e4cfd2)
See comment in code for information. ==30885==ERROR: AddressSanitizer: heap-use-after-free on address 0x51800050bbe8 at pc 0x56aa085d20db bp 0x7ffd92777f50 sp 0x7ffd92777f48 READ of size 1 at 0x51800050bbe8 thread T0 #0 0x56aa085d20da in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:86:9 #1 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40 #2 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27 #3 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28 #4 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29 #5 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #6 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #7 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #8 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #9 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #10 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #11 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #12 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #13 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #14 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #15 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #16 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #17 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #18 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) #19 0x7517fb043d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) #20 0x56aa04d91c54 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa317c54) (BuildId: 7f84180dd757174de6de03b115843129667234d3) 0x51800050bbe8 is located 872 bytes inside of 880-byte region [0x51800050b880,0x51800050bbf0) freed by thread T0 here: #0 0x56aa04ec996a in operator delete(void*) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44f96a) (BuildId: 7f84180dd757174de6de03b115843129667234d3) #1 0x56aa08ae24d1 in CGUIStaticItem::~CGUIStaticItem() xbmc/guilib/GUIStaticItem.h:55:38 #2 0x56aa05922763 in std::_Sp_counted_ptr<CGUIStaticItem*, (__gnu_cxx::_Lock_policy)2>::_M_dispose() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:428:9 #3 0x56aa04ecd0bc in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:346:8 #4 0x56aa04eccca9 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1071:11 #5 0x56aa050d1c6c in std::__shared_ptr<CGUIListItem, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1524:31 #6 0x56aa050c6ee8 in std::shared_ptr<CGUIListItem>::~shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr.h:175:11 #7 0x56aa08465110 in void std::_Destroy<std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:151:19 #8 0x56aa0846505e in void std::_Destroy_aux<false>::__destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:163:6 #9 0x56aa08465024 in void std::_Destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:195:7 #10 0x56aa084a624b in void std::_Destroy<std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*, std::allocator<std::shared_ptr<CGUIListItem>>&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/alloc_traits.h:947:7 #11 0x56aa084a624b in std::vector<std::shared_ptr<CGUIListItem>, std::allocator<std::shared_ptr<CGUIListItem>>>::~vector() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_vector.h:732:2 #12 0x56aa086169e5 in CGUIBaseContainer::~CGUIBaseContainer() xbmc/guilib/GUIBaseContainer.cpp:117:1 #13 0x56aa08c4a148 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59 #14 0x56aa08c4a198 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59 #15 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #16 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #17 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #18 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #19 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #20 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #21 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #22 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #23 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #24 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #25 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #26 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #27 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #28 0x56aa08b9f39d in CGUIWindow::ClearAll() xbmc/guilib/GUIWindow.cpp:816:21 #29 0x56aa08b9ed97 in CGUIWindow::FreeResources(bool) xbmc/guilib/GUIWindow.cpp:799:53 #30 0x56aa08bf8e34 in CGUIWindowManager::DeInitialize() xbmc/guilib/GUIWindowManager.cpp:1452:14 #31 0x56aa09264d22 in CApplicationSkinHandling::UnloadSkin() xbmc/application/ApplicationSkinHandling.cpp:235:29 #32 0x56aa0925e0fd in CApplicationSkinHandling::LoadSkin(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/application/ApplicationSkinHandling.cpp:111:3 #33 0x56aa0926a8e6 in CApplicationSkinHandling::ReloadSkin(bool) xbmc/application/ApplicationSkinHandling.cpp:390:7 #34 0x56aa0c635399 in ReloadSkin(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/SkinBuiltins.cpp:46:12 #35 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 #36 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 #37 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 #38 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp #39 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 #40 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52 #41 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40 #42 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27 #43 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28 #44 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29 #45 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #46 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #47 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #48 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #49 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #50 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #51 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #52 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #53 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #54 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #55 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #56 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #57 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #58 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) previously allocated by thread T0 here: #0 0x56aa04ec8ed2 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44eed2) (BuildId: 7f84180dd757174de6de03b115843129667234d3) #1 0x56aa084b3183 in CStaticListProvider::CStaticListProvider(TiXmlElement const*, int) xbmc/guilib/listproviders/StaticProvider.cpp:28:33 #2 0x56aa0849c590 in std::__detail::_MakeUniq<CStaticListProvider>::__single_object std::make_unique<CStaticListProvider, TiXmlElement const*, int&>(TiXmlElement const*&&, int&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/unique_ptr.h:1070:34 #3 0x56aa0849bac7 in IListProvider::CreateSingle(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:34:12 #4 0x56aa0849b582 in IListProvider::Create(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:25:12 #5 0x56aa0864bbe8 in CGUIBaseContainer::LoadListProvider(TiXmlElement*, int, bool) xbmc/guilib/GUIBaseContainer.cpp:1282:20 #6 0x56aa0871b1c3 in CGUIControlFactory::Create(int, CRectGen<float> const&, TiXmlElement*, bool) xbmc/guilib/GUIControlFactory.cpp:1543:17 #7 0x56aa08b884c4 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:281:38 #8 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #9 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #10 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #11 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #12 0x56aa08b87cf6 in CGUIWindow::Load(TiXmlElement*) xbmc/guilib/GUIWindow.cpp:264:11 #13 0x56aa08b80657 in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:10 #14 0x56aa08b7e6c0 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14 #15 0x56aa08b9dc45 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7 #16 0x56aa08b95df7 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52 #17 0x56aa08be2521 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15 #18 0x56aa08bddfbc in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5 #19 0x56aa0c5b75f3 in int (anonymous namespace)::ActivateWindow<false>(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/GUIBuiltins.cpp:109:52 #20 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 #21 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 #22 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 #23 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp #24 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 #25 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52 #26 0x56aa0867f896 in CGUIButtonControl::OnClick() xbmc/guilib/GUIButtonControl.cpp:393:16 #27 0x56aa08677e86 in CGUIButtonControl::OnAction(CAction const&) xbmc/guilib/GUIButtonControl.cpp:212:5 #28 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #29 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #30 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #31 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #32 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #33 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #34 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #35 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #36 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #37 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #38 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #39 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #40 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #41 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) SUMMARY: AddressSanitizer: heap-use-after-free xbmc/guilib/GUIAction.cpp:86:9 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const Shadow bytes around the buggy address: 0x51800050b900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050b980: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050ba00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050ba80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050bb00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x51800050bb80: fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fa fa 0x51800050bc00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x51800050bc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050bd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050bd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==30885==ABORTING (cherry picked from commit 9e4cfd2)
See comment in code for information. ==30885==ERROR: AddressSanitizer: heap-use-after-free on address 0x51800050bbe8 at pc 0x56aa085d20db bp 0x7ffd92777f50 sp 0x7ffd92777f48 READ of size 1 at 0x51800050bbe8 thread T0 #0 0x56aa085d20da in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:86:9 #1 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40 #2 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27 #3 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28 #4 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29 #5 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #6 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #7 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #8 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #9 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #10 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #11 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #12 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #13 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #14 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #15 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #16 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #17 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #18 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) #19 0x7517fb043d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) #20 0x56aa04d91c54 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa317c54) (BuildId: 7f84180dd757174de6de03b115843129667234d3) 0x51800050bbe8 is located 872 bytes inside of 880-byte region [0x51800050b880,0x51800050bbf0) freed by thread T0 here: #0 0x56aa04ec996a in operator delete(void*) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44f96a) (BuildId: 7f84180dd757174de6de03b115843129667234d3) #1 0x56aa08ae24d1 in CGUIStaticItem::~CGUIStaticItem() xbmc/guilib/GUIStaticItem.h:55:38 #2 0x56aa05922763 in std::_Sp_counted_ptr<CGUIStaticItem*, (__gnu_cxx::_Lock_policy)2>::_M_dispose() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:428:9 #3 0x56aa04ecd0bc in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:346:8 #4 0x56aa04eccca9 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1071:11 #5 0x56aa050d1c6c in std::__shared_ptr<CGUIListItem, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1524:31 #6 0x56aa050c6ee8 in std::shared_ptr<CGUIListItem>::~shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr.h:175:11 #7 0x56aa08465110 in void std::_Destroy<std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:151:19 #8 0x56aa0846505e in void std::_Destroy_aux<false>::__destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:163:6 #9 0x56aa08465024 in void std::_Destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:195:7 #10 0x56aa084a624b in void std::_Destroy<std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*, std::allocator<std::shared_ptr<CGUIListItem>>&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/alloc_traits.h:947:7 #11 0x56aa084a624b in std::vector<std::shared_ptr<CGUIListItem>, std::allocator<std::shared_ptr<CGUIListItem>>>::~vector() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_vector.h:732:2 #12 0x56aa086169e5 in CGUIBaseContainer::~CGUIBaseContainer() xbmc/guilib/GUIBaseContainer.cpp:117:1 #13 0x56aa08c4a148 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59 #14 0x56aa08c4a198 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59 #15 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #16 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #17 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #18 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #19 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #20 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #21 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #22 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #23 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #24 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #25 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #26 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #27 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #28 0x56aa08b9f39d in CGUIWindow::ClearAll() xbmc/guilib/GUIWindow.cpp:816:21 #29 0x56aa08b9ed97 in CGUIWindow::FreeResources(bool) xbmc/guilib/GUIWindow.cpp:799:53 #30 0x56aa08bf8e34 in CGUIWindowManager::DeInitialize() xbmc/guilib/GUIWindowManager.cpp:1452:14 #31 0x56aa09264d22 in CApplicationSkinHandling::UnloadSkin() xbmc/application/ApplicationSkinHandling.cpp:235:29 #32 0x56aa0925e0fd in CApplicationSkinHandling::LoadSkin(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/application/ApplicationSkinHandling.cpp:111:3 #33 0x56aa0926a8e6 in CApplicationSkinHandling::ReloadSkin(bool) xbmc/application/ApplicationSkinHandling.cpp:390:7 #34 0x56aa0c635399 in ReloadSkin(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/SkinBuiltins.cpp:46:12 #35 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 #36 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 #37 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 #38 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp #39 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 #40 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52 #41 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40 #42 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27 #43 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28 #44 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29 #45 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #46 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #47 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #48 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #49 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #50 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #51 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #52 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #53 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #54 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #55 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #56 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #57 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #58 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) previously allocated by thread T0 here: #0 0x56aa04ec8ed2 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44eed2) (BuildId: 7f84180dd757174de6de03b115843129667234d3) #1 0x56aa084b3183 in CStaticListProvider::CStaticListProvider(TiXmlElement const*, int) xbmc/guilib/listproviders/StaticProvider.cpp:28:33 #2 0x56aa0849c590 in std::__detail::_MakeUniq<CStaticListProvider>::__single_object std::make_unique<CStaticListProvider, TiXmlElement const*, int&>(TiXmlElement const*&&, int&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/unique_ptr.h:1070:34 #3 0x56aa0849bac7 in IListProvider::CreateSingle(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:34:12 #4 0x56aa0849b582 in IListProvider::Create(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:25:12 #5 0x56aa0864bbe8 in CGUIBaseContainer::LoadListProvider(TiXmlElement*, int, bool) xbmc/guilib/GUIBaseContainer.cpp:1282:20 #6 0x56aa0871b1c3 in CGUIControlFactory::Create(int, CRectGen<float> const&, TiXmlElement*, bool) xbmc/guilib/GUIControlFactory.cpp:1543:17 #7 0x56aa08b884c4 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:281:38 #8 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #9 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #10 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #11 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #12 0x56aa08b87cf6 in CGUIWindow::Load(TiXmlElement*) xbmc/guilib/GUIWindow.cpp:264:11 #13 0x56aa08b80657 in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:10 #14 0x56aa08b7e6c0 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14 #15 0x56aa08b9dc45 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7 #16 0x56aa08b95df7 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52 #17 0x56aa08be2521 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15 #18 0x56aa08bddfbc in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5 #19 0x56aa0c5b75f3 in int (anonymous namespace)::ActivateWindow<false>(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/GUIBuiltins.cpp:109:52 #20 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 #21 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 #22 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 #23 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp #24 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 #25 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52 #26 0x56aa0867f896 in CGUIButtonControl::OnClick() xbmc/guilib/GUIButtonControl.cpp:393:16 #27 0x56aa08677e86 in CGUIButtonControl::OnAction(CAction const&) xbmc/guilib/GUIButtonControl.cpp:212:5 #28 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #29 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #30 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #31 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #32 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #33 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #34 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #35 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #36 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #37 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #38 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #39 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #40 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #41 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) SUMMARY: AddressSanitizer: heap-use-after-free xbmc/guilib/GUIAction.cpp:86:9 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const Shadow bytes around the buggy address: 0x51800050b900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050b980: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050ba00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050ba80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050bb00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x51800050bb80: fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fa fa 0x51800050bc00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x51800050bc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050bd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050bd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==30885==ABORTING
See comment in code for information. ==30885==ERROR: AddressSanitizer: heap-use-after-free on address 0x51800050bbe8 at pc 0x56aa085d20db bp 0x7ffd92777f50 sp 0x7ffd92777f48 READ of size 1 at 0x51800050bbe8 thread T0 #0 0x56aa085d20da in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:86:9 #1 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40 #2 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27 #3 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28 #4 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29 #5 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #6 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #7 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #8 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #9 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #10 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #11 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #12 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #13 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #14 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #15 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #16 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #17 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #18 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) #19 0x7517fb043d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) #20 0x56aa04d91c54 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa317c54) (BuildId: 7f84180dd757174de6de03b115843129667234d3) 0x51800050bbe8 is located 872 bytes inside of 880-byte region [0x51800050b880,0x51800050bbf0) freed by thread T0 here: #0 0x56aa04ec996a in operator delete(void*) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44f96a) (BuildId: 7f84180dd757174de6de03b115843129667234d3) #1 0x56aa08ae24d1 in CGUIStaticItem::~CGUIStaticItem() xbmc/guilib/GUIStaticItem.h:55:38 #2 0x56aa05922763 in std::_Sp_counted_ptr<CGUIStaticItem*, (__gnu_cxx::_Lock_policy)2>::_M_dispose() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:428:9 #3 0x56aa04ecd0bc in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:346:8 #4 0x56aa04eccca9 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1071:11 #5 0x56aa050d1c6c in std::__shared_ptr<CGUIListItem, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1524:31 #6 0x56aa050c6ee8 in std::shared_ptr<CGUIListItem>::~shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr.h:175:11 #7 0x56aa08465110 in void std::_Destroy<std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:151:19 #8 0x56aa0846505e in void std::_Destroy_aux<false>::__destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:163:6 #9 0x56aa08465024 in void std::_Destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:195:7 #10 0x56aa084a624b in void std::_Destroy<std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*, std::allocator<std::shared_ptr<CGUIListItem>>&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/alloc_traits.h:947:7 #11 0x56aa084a624b in std::vector<std::shared_ptr<CGUIListItem>, std::allocator<std::shared_ptr<CGUIListItem>>>::~vector() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_vector.h:732:2 #12 0x56aa086169e5 in CGUIBaseContainer::~CGUIBaseContainer() xbmc/guilib/GUIBaseContainer.cpp:117:1 #13 0x56aa08c4a148 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59 #14 0x56aa08c4a198 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59 #15 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #16 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #17 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #18 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #19 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #20 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #21 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #22 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #23 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #24 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #25 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #26 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #27 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #28 0x56aa08b9f39d in CGUIWindow::ClearAll() xbmc/guilib/GUIWindow.cpp:816:21 #29 0x56aa08b9ed97 in CGUIWindow::FreeResources(bool) xbmc/guilib/GUIWindow.cpp:799:53 #30 0x56aa08bf8e34 in CGUIWindowManager::DeInitialize() xbmc/guilib/GUIWindowManager.cpp:1452:14 #31 0x56aa09264d22 in CApplicationSkinHandling::UnloadSkin() xbmc/application/ApplicationSkinHandling.cpp:235:29 #32 0x56aa0925e0fd in CApplicationSkinHandling::LoadSkin(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/application/ApplicationSkinHandling.cpp:111:3 #33 0x56aa0926a8e6 in CApplicationSkinHandling::ReloadSkin(bool) xbmc/application/ApplicationSkinHandling.cpp:390:7 #34 0x56aa0c635399 in ReloadSkin(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/SkinBuiltins.cpp:46:12 #35 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 #36 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 #37 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 #38 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp #39 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 #40 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52 #41 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40 #42 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27 #43 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28 #44 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29 #45 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #46 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #47 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #48 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #49 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #50 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #51 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #52 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #53 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #54 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #55 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #56 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #57 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #58 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) previously allocated by thread T0 here: #0 0x56aa04ec8ed2 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44eed2) (BuildId: 7f84180dd757174de6de03b115843129667234d3) #1 0x56aa084b3183 in CStaticListProvider::CStaticListProvider(TiXmlElement const*, int) xbmc/guilib/listproviders/StaticProvider.cpp:28:33 #2 0x56aa0849c590 in std::__detail::_MakeUniq<CStaticListProvider>::__single_object std::make_unique<CStaticListProvider, TiXmlElement const*, int&>(TiXmlElement const*&&, int&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/unique_ptr.h:1070:34 #3 0x56aa0849bac7 in IListProvider::CreateSingle(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:34:12 #4 0x56aa0849b582 in IListProvider::Create(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:25:12 #5 0x56aa0864bbe8 in CGUIBaseContainer::LoadListProvider(TiXmlElement*, int, bool) xbmc/guilib/GUIBaseContainer.cpp:1282:20 #6 0x56aa0871b1c3 in CGUIControlFactory::Create(int, CRectGen<float> const&, TiXmlElement*, bool) xbmc/guilib/GUIControlFactory.cpp:1543:17 #7 0x56aa08b884c4 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:281:38 #8 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #9 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #10 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #11 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #12 0x56aa08b87cf6 in CGUIWindow::Load(TiXmlElement*) xbmc/guilib/GUIWindow.cpp:264:11 #13 0x56aa08b80657 in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:10 #14 0x56aa08b7e6c0 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14 #15 0x56aa08b9dc45 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7 #16 0x56aa08b95df7 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52 #17 0x56aa08be2521 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15 #18 0x56aa08bddfbc in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5 #19 0x56aa0c5b75f3 in int (anonymous namespace)::ActivateWindow<false>(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/GUIBuiltins.cpp:109:52 #20 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 #21 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 #22 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 #23 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp #24 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 #25 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52 #26 0x56aa0867f896 in CGUIButtonControl::OnClick() xbmc/guilib/GUIButtonControl.cpp:393:16 #27 0x56aa08677e86 in CGUIButtonControl::OnAction(CAction const&) xbmc/guilib/GUIButtonControl.cpp:212:5 #28 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #29 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #30 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #31 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #32 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #33 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #34 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #35 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #36 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #37 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #38 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #39 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #40 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #41 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) SUMMARY: AddressSanitizer: heap-use-after-free xbmc/guilib/GUIAction.cpp:86:9 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const Shadow bytes around the buggy address: 0x51800050b900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050b980: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050ba00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050ba80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050bb00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x51800050bb80: fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fa fa 0x51800050bc00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x51800050bc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050bd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050bd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==30885==ABORTING (cherry picked from commit 9e4cfd2)
See comment in code for information. ==30885==ERROR: AddressSanitizer: heap-use-after-free on address 0x51800050bbe8 at pc 0x56aa085d20db bp 0x7ffd92777f50 sp 0x7ffd92777f48 READ of size 1 at 0x51800050bbe8 thread T0 #0 0x56aa085d20da in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:86:9 #1 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40 #2 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27 #3 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28 #4 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29 #5 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #6 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #7 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #8 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #9 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #10 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #11 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #12 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #13 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #14 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #15 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #16 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #17 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #18 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) #19 0x7517fb043d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) #20 0x56aa04d91c54 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa317c54) (BuildId: 7f84180dd757174de6de03b115843129667234d3) 0x51800050bbe8 is located 872 bytes inside of 880-byte region [0x51800050b880,0x51800050bbf0) freed by thread T0 here: #0 0x56aa04ec996a in operator delete(void*) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44f96a) (BuildId: 7f84180dd757174de6de03b115843129667234d3) #1 0x56aa08ae24d1 in CGUIStaticItem::~CGUIStaticItem() xbmc/guilib/GUIStaticItem.h:55:38 #2 0x56aa05922763 in std::_Sp_counted_ptr<CGUIStaticItem*, (__gnu_cxx::_Lock_policy)2>::_M_dispose() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:428:9 #3 0x56aa04ecd0bc in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:346:8 #4 0x56aa04eccca9 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1071:11 #5 0x56aa050d1c6c in std::__shared_ptr<CGUIListItem, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1524:31 #6 0x56aa050c6ee8 in std::shared_ptr<CGUIListItem>::~shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr.h:175:11 #7 0x56aa08465110 in void std::_Destroy<std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:151:19 #8 0x56aa0846505e in void std::_Destroy_aux<false>::__destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:163:6 #9 0x56aa08465024 in void std::_Destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:195:7 #10 0x56aa084a624b in void std::_Destroy<std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*, std::allocator<std::shared_ptr<CGUIListItem>>&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/alloc_traits.h:947:7 #11 0x56aa084a624b in std::vector<std::shared_ptr<CGUIListItem>, std::allocator<std::shared_ptr<CGUIListItem>>>::~vector() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_vector.h:732:2 #12 0x56aa086169e5 in CGUIBaseContainer::~CGUIBaseContainer() xbmc/guilib/GUIBaseContainer.cpp:117:1 #13 0x56aa08c4a148 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59 #14 0x56aa08c4a198 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59 #15 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #16 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #17 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #18 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #19 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #20 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #21 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #22 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #23 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #24 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #25 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #26 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #27 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #28 0x56aa08b9f39d in CGUIWindow::ClearAll() xbmc/guilib/GUIWindow.cpp:816:21 #29 0x56aa08b9ed97 in CGUIWindow::FreeResources(bool) xbmc/guilib/GUIWindow.cpp:799:53 #30 0x56aa08bf8e34 in CGUIWindowManager::DeInitialize() xbmc/guilib/GUIWindowManager.cpp:1452:14 #31 0x56aa09264d22 in CApplicationSkinHandling::UnloadSkin() xbmc/application/ApplicationSkinHandling.cpp:235:29 #32 0x56aa0925e0fd in CApplicationSkinHandling::LoadSkin(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/application/ApplicationSkinHandling.cpp:111:3 #33 0x56aa0926a8e6 in CApplicationSkinHandling::ReloadSkin(bool) xbmc/application/ApplicationSkinHandling.cpp:390:7 #34 0x56aa0c635399 in ReloadSkin(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/SkinBuiltins.cpp:46:12 #35 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 #36 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 #37 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 #38 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp #39 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 #40 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52 #41 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40 #42 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27 #43 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28 #44 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29 #45 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #46 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #47 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #48 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #49 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #50 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #51 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #52 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #53 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #54 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #55 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #56 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #57 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #58 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) previously allocated by thread T0 here: #0 0x56aa04ec8ed2 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44eed2) (BuildId: 7f84180dd757174de6de03b115843129667234d3) #1 0x56aa084b3183 in CStaticListProvider::CStaticListProvider(TiXmlElement const*, int) xbmc/guilib/listproviders/StaticProvider.cpp:28:33 #2 0x56aa0849c590 in std::__detail::_MakeUniq<CStaticListProvider>::__single_object std::make_unique<CStaticListProvider, TiXmlElement const*, int&>(TiXmlElement const*&&, int&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/unique_ptr.h:1070:34 #3 0x56aa0849bac7 in IListProvider::CreateSingle(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:34:12 #4 0x56aa0849b582 in IListProvider::Create(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:25:12 #5 0x56aa0864bbe8 in CGUIBaseContainer::LoadListProvider(TiXmlElement*, int, bool) xbmc/guilib/GUIBaseContainer.cpp:1282:20 #6 0x56aa0871b1c3 in CGUIControlFactory::Create(int, CRectGen<float> const&, TiXmlElement*, bool) xbmc/guilib/GUIControlFactory.cpp:1543:17 #7 0x56aa08b884c4 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:281:38 #8 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #9 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #10 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #11 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #12 0x56aa08b87cf6 in CGUIWindow::Load(TiXmlElement*) xbmc/guilib/GUIWindow.cpp:264:11 #13 0x56aa08b80657 in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:10 #14 0x56aa08b7e6c0 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14 #15 0x56aa08b9dc45 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7 #16 0x56aa08b95df7 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52 #17 0x56aa08be2521 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15 #18 0x56aa08bddfbc in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5 #19 0x56aa0c5b75f3 in int (anonymous namespace)::ActivateWindow<false>(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/GUIBuiltins.cpp:109:52 #20 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 #21 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 #22 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 #23 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp #24 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 #25 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52 #26 0x56aa0867f896 in CGUIButtonControl::OnClick() xbmc/guilib/GUIButtonControl.cpp:393:16 #27 0x56aa08677e86 in CGUIButtonControl::OnAction(CAction const&) xbmc/guilib/GUIButtonControl.cpp:212:5 #28 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #29 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #30 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #31 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #32 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #33 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #34 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #35 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #36 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #37 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #38 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #39 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #40 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #41 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) SUMMARY: AddressSanitizer: heap-use-after-free xbmc/guilib/GUIAction.cpp:86:9 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const Shadow bytes around the buggy address: 0x51800050b900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050b980: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050ba00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050ba80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050bb00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x51800050bb80: fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fa fa 0x51800050bc00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x51800050bc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050bd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050bd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==30885==ABORTING (cherry picked from commit 9e4cfd2)
See comment in code for information. ==30885==ERROR: AddressSanitizer: heap-use-after-free on address 0x51800050bbe8 at pc 0x56aa085d20db bp 0x7ffd92777f50 sp 0x7ffd92777f48 READ of size 1 at 0x51800050bbe8 thread T0 #0 0x56aa085d20da in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:86:9 #1 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40 #2 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27 #3 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28 #4 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29 #5 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #6 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #7 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #8 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #9 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #10 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #11 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #12 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #13 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #14 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #15 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #16 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #17 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #18 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) #19 0x7517fb043d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) #20 0x56aa04d91c54 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa317c54) (BuildId: 7f84180dd757174de6de03b115843129667234d3) 0x51800050bbe8 is located 872 bytes inside of 880-byte region [0x51800050b880,0x51800050bbf0) freed by thread T0 here: #0 0x56aa04ec996a in operator delete(void*) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44f96a) (BuildId: 7f84180dd757174de6de03b115843129667234d3) #1 0x56aa08ae24d1 in CGUIStaticItem::~CGUIStaticItem() xbmc/guilib/GUIStaticItem.h:55:38 #2 0x56aa05922763 in std::_Sp_counted_ptr<CGUIStaticItem*, (__gnu_cxx::_Lock_policy)2>::_M_dispose() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:428:9 #3 0x56aa04ecd0bc in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:346:8 #4 0x56aa04eccca9 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1071:11 #5 0x56aa050d1c6c in std::__shared_ptr<CGUIListItem, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1524:31 #6 0x56aa050c6ee8 in std::shared_ptr<CGUIListItem>::~shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr.h:175:11 #7 0x56aa08465110 in void std::_Destroy<std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:151:19 #8 0x56aa0846505e in void std::_Destroy_aux<false>::__destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:163:6 #9 0x56aa08465024 in void std::_Destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:195:7 #10 0x56aa084a624b in void std::_Destroy<std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*, std::allocator<std::shared_ptr<CGUIListItem>>&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/alloc_traits.h:947:7 #11 0x56aa084a624b in std::vector<std::shared_ptr<CGUIListItem>, std::allocator<std::shared_ptr<CGUIListItem>>>::~vector() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_vector.h:732:2 #12 0x56aa086169e5 in CGUIBaseContainer::~CGUIBaseContainer() xbmc/guilib/GUIBaseContainer.cpp:117:1 #13 0x56aa08c4a148 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59 #14 0x56aa08c4a198 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59 #15 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #16 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #17 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #18 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #19 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #20 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #21 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #22 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #23 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #24 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #25 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #26 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #27 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #28 0x56aa08b9f39d in CGUIWindow::ClearAll() xbmc/guilib/GUIWindow.cpp:816:21 #29 0x56aa08b9ed97 in CGUIWindow::FreeResources(bool) xbmc/guilib/GUIWindow.cpp:799:53 #30 0x56aa08bf8e34 in CGUIWindowManager::DeInitialize() xbmc/guilib/GUIWindowManager.cpp:1452:14 #31 0x56aa09264d22 in CApplicationSkinHandling::UnloadSkin() xbmc/application/ApplicationSkinHandling.cpp:235:29 #32 0x56aa0925e0fd in CApplicationSkinHandling::LoadSkin(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/application/ApplicationSkinHandling.cpp:111:3 #33 0x56aa0926a8e6 in CApplicationSkinHandling::ReloadSkin(bool) xbmc/application/ApplicationSkinHandling.cpp:390:7 #34 0x56aa0c635399 in ReloadSkin(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/SkinBuiltins.cpp:46:12 #35 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 #36 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 #37 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 #38 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp #39 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 #40 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52 #41 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40 #42 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27 #43 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28 #44 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29 #45 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #46 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #47 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #48 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #49 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #50 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #51 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #52 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #53 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #54 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #55 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #56 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #57 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #58 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) previously allocated by thread T0 here: #0 0x56aa04ec8ed2 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44eed2) (BuildId: 7f84180dd757174de6de03b115843129667234d3) #1 0x56aa084b3183 in CStaticListProvider::CStaticListProvider(TiXmlElement const*, int) xbmc/guilib/listproviders/StaticProvider.cpp:28:33 #2 0x56aa0849c590 in std::__detail::_MakeUniq<CStaticListProvider>::__single_object std::make_unique<CStaticListProvider, TiXmlElement const*, int&>(TiXmlElement const*&&, int&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/unique_ptr.h:1070:34 #3 0x56aa0849bac7 in IListProvider::CreateSingle(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:34:12 #4 0x56aa0849b582 in IListProvider::Create(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:25:12 #5 0x56aa0864bbe8 in CGUIBaseContainer::LoadListProvider(TiXmlElement*, int, bool) xbmc/guilib/GUIBaseContainer.cpp:1282:20 #6 0x56aa0871b1c3 in CGUIControlFactory::Create(int, CRectGen<float> const&, TiXmlElement*, bool) xbmc/guilib/GUIControlFactory.cpp:1543:17 #7 0x56aa08b884c4 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:281:38 #8 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #9 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #10 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #11 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #12 0x56aa08b87cf6 in CGUIWindow::Load(TiXmlElement*) xbmc/guilib/GUIWindow.cpp:264:11 #13 0x56aa08b80657 in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:10 #14 0x56aa08b7e6c0 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14 #15 0x56aa08b9dc45 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7 #16 0x56aa08b95df7 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52 #17 0x56aa08be2521 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15 #18 0x56aa08bddfbc in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5 #19 0x56aa0c5b75f3 in int (anonymous namespace)::ActivateWindow<false>(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/GUIBuiltins.cpp:109:52 #20 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 #21 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 #22 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 #23 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp #24 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 #25 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52 #26 0x56aa0867f896 in CGUIButtonControl::OnClick() xbmc/guilib/GUIButtonControl.cpp:393:16 #27 0x56aa08677e86 in CGUIButtonControl::OnAction(CAction const&) xbmc/guilib/GUIButtonControl.cpp:212:5 #28 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #29 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #30 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #31 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #32 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #33 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #34 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #35 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #36 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #37 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #38 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #39 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #40 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #41 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) SUMMARY: AddressSanitizer: heap-use-after-free xbmc/guilib/GUIAction.cpp:86:9 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const Shadow bytes around the buggy address: 0x51800050b900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050b980: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050ba00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050ba80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050bb00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x51800050bb80: fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fa fa 0x51800050bc00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x51800050bc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050bd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050bd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==30885==ABORTING (cherry picked from commit 9e4cfd2)
See comment in code for information. ==30885==ERROR: AddressSanitizer: heap-use-after-free on address 0x51800050bbe8 at pc 0x56aa085d20db bp 0x7ffd92777f50 sp 0x7ffd92777f48 READ of size 1 at 0x51800050bbe8 thread T0 #0 0x56aa085d20da in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:86:9 #1 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40 #2 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27 #3 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28 #4 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29 #5 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #6 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #7 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #8 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #9 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #10 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #11 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #12 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #13 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #14 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #15 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #16 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #17 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #18 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) #19 0x7517fb043d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) #20 0x56aa04d91c54 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa317c54) (BuildId: 7f84180dd757174de6de03b115843129667234d3) 0x51800050bbe8 is located 872 bytes inside of 880-byte region [0x51800050b880,0x51800050bbf0) freed by thread T0 here: #0 0x56aa04ec996a in operator delete(void*) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44f96a) (BuildId: 7f84180dd757174de6de03b115843129667234d3) #1 0x56aa08ae24d1 in CGUIStaticItem::~CGUIStaticItem() xbmc/guilib/GUIStaticItem.h:55:38 #2 0x56aa05922763 in std::_Sp_counted_ptr<CGUIStaticItem*, (__gnu_cxx::_Lock_policy)2>::_M_dispose() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:428:9 #3 0x56aa04ecd0bc in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:346:8 #4 0x56aa04eccca9 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1071:11 #5 0x56aa050d1c6c in std::__shared_ptr<CGUIListItem, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1524:31 #6 0x56aa050c6ee8 in std::shared_ptr<CGUIListItem>::~shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr.h:175:11 #7 0x56aa08465110 in void std::_Destroy<std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:151:19 #8 0x56aa0846505e in void std::_Destroy_aux<false>::__destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:163:6 #9 0x56aa08465024 in void std::_Destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:195:7 #10 0x56aa084a624b in void std::_Destroy<std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*, std::allocator<std::shared_ptr<CGUIListItem>>&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/alloc_traits.h:947:7 #11 0x56aa084a624b in std::vector<std::shared_ptr<CGUIListItem>, std::allocator<std::shared_ptr<CGUIListItem>>>::~vector() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_vector.h:732:2 #12 0x56aa086169e5 in CGUIBaseContainer::~CGUIBaseContainer() xbmc/guilib/GUIBaseContainer.cpp:117:1 #13 0x56aa08c4a148 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59 #14 0x56aa08c4a198 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59 #15 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #16 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #17 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #18 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #19 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #20 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #21 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #22 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #23 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #24 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #25 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #26 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #27 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #28 0x56aa08b9f39d in CGUIWindow::ClearAll() xbmc/guilib/GUIWindow.cpp:816:21 #29 0x56aa08b9ed97 in CGUIWindow::FreeResources(bool) xbmc/guilib/GUIWindow.cpp:799:53 #30 0x56aa08bf8e34 in CGUIWindowManager::DeInitialize() xbmc/guilib/GUIWindowManager.cpp:1452:14 #31 0x56aa09264d22 in CApplicationSkinHandling::UnloadSkin() xbmc/application/ApplicationSkinHandling.cpp:235:29 #32 0x56aa0925e0fd in CApplicationSkinHandling::LoadSkin(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/application/ApplicationSkinHandling.cpp:111:3 #33 0x56aa0926a8e6 in CApplicationSkinHandling::ReloadSkin(bool) xbmc/application/ApplicationSkinHandling.cpp:390:7 #34 0x56aa0c635399 in ReloadSkin(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/SkinBuiltins.cpp:46:12 #35 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 #36 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 #37 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 #38 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp #39 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 #40 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52 #41 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40 #42 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27 #43 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28 #44 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29 #45 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #46 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #47 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #48 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #49 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #50 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #51 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #52 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #53 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #54 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #55 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #56 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #57 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #58 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) previously allocated by thread T0 here: #0 0x56aa04ec8ed2 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44eed2) (BuildId: 7f84180dd757174de6de03b115843129667234d3) #1 0x56aa084b3183 in CStaticListProvider::CStaticListProvider(TiXmlElement const*, int) xbmc/guilib/listproviders/StaticProvider.cpp:28:33 #2 0x56aa0849c590 in std::__detail::_MakeUniq<CStaticListProvider>::__single_object std::make_unique<CStaticListProvider, TiXmlElement const*, int&>(TiXmlElement const*&&, int&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/unique_ptr.h:1070:34 #3 0x56aa0849bac7 in IListProvider::CreateSingle(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:34:12 #4 0x56aa0849b582 in IListProvider::Create(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:25:12 #5 0x56aa0864bbe8 in CGUIBaseContainer::LoadListProvider(TiXmlElement*, int, bool) xbmc/guilib/GUIBaseContainer.cpp:1282:20 #6 0x56aa0871b1c3 in CGUIControlFactory::Create(int, CRectGen<float> const&, TiXmlElement*, bool) xbmc/guilib/GUIControlFactory.cpp:1543:17 #7 0x56aa08b884c4 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:281:38 #8 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #9 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #10 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #11 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #12 0x56aa08b87cf6 in CGUIWindow::Load(TiXmlElement*) xbmc/guilib/GUIWindow.cpp:264:11 #13 0x56aa08b80657 in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:10 #14 0x56aa08b7e6c0 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14 #15 0x56aa08b9dc45 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7 #16 0x56aa08b95df7 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52 #17 0x56aa08be2521 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15 #18 0x56aa08bddfbc in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5 #19 0x56aa0c5b75f3 in int (anonymous namespace)::ActivateWindow<false>(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/GUIBuiltins.cpp:109:52 #20 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 #21 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 #22 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 #23 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp #24 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 #25 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52 #26 0x56aa0867f896 in CGUIButtonControl::OnClick() xbmc/guilib/GUIButtonControl.cpp:393:16 #27 0x56aa08677e86 in CGUIButtonControl::OnAction(CAction const&) xbmc/guilib/GUIButtonControl.cpp:212:5 #28 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #29 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #30 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #31 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #32 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #33 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #34 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #35 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #36 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #37 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #38 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #39 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #40 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #41 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) SUMMARY: AddressSanitizer: heap-use-after-free xbmc/guilib/GUIAction.cpp:86:9 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const Shadow bytes around the buggy address: 0x51800050b900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050b980: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050ba00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050ba80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050bb00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x51800050bb80: fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fa fa 0x51800050bc00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x51800050bc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050bd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050bd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==30885==ABORTING (cherry picked from commit 9e4cfd2)
See comment in code for information. ==30885==ERROR: AddressSanitizer: heap-use-after-free on address 0x51800050bbe8 at pc 0x56aa085d20db bp 0x7ffd92777f50 sp 0x7ffd92777f48 READ of size 1 at 0x51800050bbe8 thread T0 #0 0x56aa085d20da in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:86:9 #1 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40 #2 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27 #3 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28 #4 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29 #5 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #6 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #7 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #8 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #9 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #10 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #11 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #12 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #13 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #14 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #15 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #16 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #17 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #18 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) #19 0x7517fb043d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) #20 0x56aa04d91c54 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa317c54) (BuildId: 7f84180dd757174de6de03b115843129667234d3) 0x51800050bbe8 is located 872 bytes inside of 880-byte region [0x51800050b880,0x51800050bbf0) freed by thread T0 here: #0 0x56aa04ec996a in operator delete(void*) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44f96a) (BuildId: 7f84180dd757174de6de03b115843129667234d3) #1 0x56aa08ae24d1 in CGUIStaticItem::~CGUIStaticItem() xbmc/guilib/GUIStaticItem.h:55:38 #2 0x56aa05922763 in std::_Sp_counted_ptr<CGUIStaticItem*, (__gnu_cxx::_Lock_policy)2>::_M_dispose() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:428:9 #3 0x56aa04ecd0bc in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:346:8 #4 0x56aa04eccca9 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1071:11 #5 0x56aa050d1c6c in std::__shared_ptr<CGUIListItem, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1524:31 #6 0x56aa050c6ee8 in std::shared_ptr<CGUIListItem>::~shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr.h:175:11 #7 0x56aa08465110 in void std::_Destroy<std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:151:19 #8 0x56aa0846505e in void std::_Destroy_aux<false>::__destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:163:6 #9 0x56aa08465024 in void std::_Destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:195:7 #10 0x56aa084a624b in void std::_Destroy<std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*, std::allocator<std::shared_ptr<CGUIListItem>>&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/alloc_traits.h:947:7 #11 0x56aa084a624b in std::vector<std::shared_ptr<CGUIListItem>, std::allocator<std::shared_ptr<CGUIListItem>>>::~vector() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_vector.h:732:2 #12 0x56aa086169e5 in CGUIBaseContainer::~CGUIBaseContainer() xbmc/guilib/GUIBaseContainer.cpp:117:1 #13 0x56aa08c4a148 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59 #14 0x56aa08c4a198 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59 #15 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #16 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #17 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #18 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #19 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #20 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #21 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #22 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #23 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #24 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #25 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #26 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #27 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #28 0x56aa08b9f39d in CGUIWindow::ClearAll() xbmc/guilib/GUIWindow.cpp:816:21 #29 0x56aa08b9ed97 in CGUIWindow::FreeResources(bool) xbmc/guilib/GUIWindow.cpp:799:53 #30 0x56aa08bf8e34 in CGUIWindowManager::DeInitialize() xbmc/guilib/GUIWindowManager.cpp:1452:14 #31 0x56aa09264d22 in CApplicationSkinHandling::UnloadSkin() xbmc/application/ApplicationSkinHandling.cpp:235:29 #32 0x56aa0925e0fd in CApplicationSkinHandling::LoadSkin(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/application/ApplicationSkinHandling.cpp:111:3 #33 0x56aa0926a8e6 in CApplicationSkinHandling::ReloadSkin(bool) xbmc/application/ApplicationSkinHandling.cpp:390:7 #34 0x56aa0c635399 in ReloadSkin(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/SkinBuiltins.cpp:46:12 #35 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 #36 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 #37 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 #38 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp #39 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 #40 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52 #41 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40 #42 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27 #43 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28 #44 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29 #45 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #46 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #47 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #48 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #49 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #50 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #51 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #52 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #53 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #54 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #55 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #56 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #57 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #58 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) previously allocated by thread T0 here: #0 0x56aa04ec8ed2 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44eed2) (BuildId: 7f84180dd757174de6de03b115843129667234d3) #1 0x56aa084b3183 in CStaticListProvider::CStaticListProvider(TiXmlElement const*, int) xbmc/guilib/listproviders/StaticProvider.cpp:28:33 #2 0x56aa0849c590 in std::__detail::_MakeUniq<CStaticListProvider>::__single_object std::make_unique<CStaticListProvider, TiXmlElement const*, int&>(TiXmlElement const*&&, int&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/unique_ptr.h:1070:34 #3 0x56aa0849bac7 in IListProvider::CreateSingle(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:34:12 #4 0x56aa0849b582 in IListProvider::Create(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:25:12 #5 0x56aa0864bbe8 in CGUIBaseContainer::LoadListProvider(TiXmlElement*, int, bool) xbmc/guilib/GUIBaseContainer.cpp:1282:20 #6 0x56aa0871b1c3 in CGUIControlFactory::Create(int, CRectGen<float> const&, TiXmlElement*, bool) xbmc/guilib/GUIControlFactory.cpp:1543:17 #7 0x56aa08b884c4 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:281:38 #8 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #9 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #10 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #11 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #12 0x56aa08b87cf6 in CGUIWindow::Load(TiXmlElement*) xbmc/guilib/GUIWindow.cpp:264:11 #13 0x56aa08b80657 in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:10 #14 0x56aa08b7e6c0 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14 #15 0x56aa08b9dc45 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7 #16 0x56aa08b95df7 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52 #17 0x56aa08be2521 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15 #18 0x56aa08bddfbc in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5 #19 0x56aa0c5b75f3 in int (anonymous namespace)::ActivateWindow<false>(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/GUIBuiltins.cpp:109:52 #20 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 #21 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 #22 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 #23 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp #24 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 #25 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52 #26 0x56aa0867f896 in CGUIButtonControl::OnClick() xbmc/guilib/GUIButtonControl.cpp:393:16 #27 0x56aa08677e86 in CGUIButtonControl::OnAction(CAction const&) xbmc/guilib/GUIButtonControl.cpp:212:5 #28 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #29 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #30 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #31 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #32 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #33 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #34 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #35 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #36 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #37 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #38 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #39 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #40 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #41 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) SUMMARY: AddressSanitizer: heap-use-after-free xbmc/guilib/GUIAction.cpp:86:9 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const Shadow bytes around the buggy address: 0x51800050b900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050b980: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050ba00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050ba80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050bb00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x51800050bb80: fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fa fa 0x51800050bc00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x51800050bc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050bd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050bd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==30885==ABORTING (cherry picked from commit 9e4cfd2)
See comment in code for information. ==30885==ERROR: AddressSanitizer: heap-use-after-free on address 0x51800050bbe8 at pc 0x56aa085d20db bp 0x7ffd92777f50 sp 0x7ffd92777f48 READ of size 1 at 0x51800050bbe8 thread T0 #0 0x56aa085d20da in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:86:9 #1 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40 #2 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27 #3 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28 #4 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29 #5 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #6 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #7 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #8 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #9 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #10 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #11 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #12 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #13 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #14 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #15 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #16 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #17 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #18 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) #19 0x7517fb043d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) #20 0x56aa04d91c54 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa317c54) (BuildId: 7f84180dd757174de6de03b115843129667234d3) 0x51800050bbe8 is located 872 bytes inside of 880-byte region [0x51800050b880,0x51800050bbf0) freed by thread T0 here: #0 0x56aa04ec996a in operator delete(void*) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44f96a) (BuildId: 7f84180dd757174de6de03b115843129667234d3) #1 0x56aa08ae24d1 in CGUIStaticItem::~CGUIStaticItem() xbmc/guilib/GUIStaticItem.h:55:38 #2 0x56aa05922763 in std::_Sp_counted_ptr<CGUIStaticItem*, (__gnu_cxx::_Lock_policy)2>::_M_dispose() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:428:9 #3 0x56aa04ecd0bc in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:346:8 #4 0x56aa04eccca9 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1071:11 #5 0x56aa050d1c6c in std::__shared_ptr<CGUIListItem, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1524:31 #6 0x56aa050c6ee8 in std::shared_ptr<CGUIListItem>::~shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr.h:175:11 #7 0x56aa08465110 in void std::_Destroy<std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:151:19 #8 0x56aa0846505e in void std::_Destroy_aux<false>::__destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:163:6 #9 0x56aa08465024 in void std::_Destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:195:7 #10 0x56aa084a624b in void std::_Destroy<std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*, std::allocator<std::shared_ptr<CGUIListItem>>&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/alloc_traits.h:947:7 #11 0x56aa084a624b in std::vector<std::shared_ptr<CGUIListItem>, std::allocator<std::shared_ptr<CGUIListItem>>>::~vector() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_vector.h:732:2 #12 0x56aa086169e5 in CGUIBaseContainer::~CGUIBaseContainer() xbmc/guilib/GUIBaseContainer.cpp:117:1 #13 0x56aa08c4a148 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59 #14 0x56aa08c4a198 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59 #15 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #16 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #17 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #18 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #19 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #20 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #21 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #22 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #23 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #24 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #25 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #26 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #27 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #28 0x56aa08b9f39d in CGUIWindow::ClearAll() xbmc/guilib/GUIWindow.cpp:816:21 #29 0x56aa08b9ed97 in CGUIWindow::FreeResources(bool) xbmc/guilib/GUIWindow.cpp:799:53 #30 0x56aa08bf8e34 in CGUIWindowManager::DeInitialize() xbmc/guilib/GUIWindowManager.cpp:1452:14 #31 0x56aa09264d22 in CApplicationSkinHandling::UnloadSkin() xbmc/application/ApplicationSkinHandling.cpp:235:29 #32 0x56aa0925e0fd in CApplicationSkinHandling::LoadSkin(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/application/ApplicationSkinHandling.cpp:111:3 #33 0x56aa0926a8e6 in CApplicationSkinHandling::ReloadSkin(bool) xbmc/application/ApplicationSkinHandling.cpp:390:7 #34 0x56aa0c635399 in ReloadSkin(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/SkinBuiltins.cpp:46:12 #35 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 #36 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 #37 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 #38 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp #39 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 #40 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52 #41 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40 #42 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27 #43 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28 #44 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29 #45 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #46 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #47 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #48 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #49 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #50 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #51 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #52 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #53 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #54 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #55 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #56 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #57 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #58 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) previously allocated by thread T0 here: #0 0x56aa04ec8ed2 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44eed2) (BuildId: 7f84180dd757174de6de03b115843129667234d3) #1 0x56aa084b3183 in CStaticListProvider::CStaticListProvider(TiXmlElement const*, int) xbmc/guilib/listproviders/StaticProvider.cpp:28:33 #2 0x56aa0849c590 in std::__detail::_MakeUniq<CStaticListProvider>::__single_object std::make_unique<CStaticListProvider, TiXmlElement const*, int&>(TiXmlElement const*&&, int&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/unique_ptr.h:1070:34 #3 0x56aa0849bac7 in IListProvider::CreateSingle(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:34:12 #4 0x56aa0849b582 in IListProvider::Create(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:25:12 #5 0x56aa0864bbe8 in CGUIBaseContainer::LoadListProvider(TiXmlElement*, int, bool) xbmc/guilib/GUIBaseContainer.cpp:1282:20 #6 0x56aa0871b1c3 in CGUIControlFactory::Create(int, CRectGen<float> const&, TiXmlElement*, bool) xbmc/guilib/GUIControlFactory.cpp:1543:17 #7 0x56aa08b884c4 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:281:38 #8 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #9 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #10 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #11 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #12 0x56aa08b87cf6 in CGUIWindow::Load(TiXmlElement*) xbmc/guilib/GUIWindow.cpp:264:11 #13 0x56aa08b80657 in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:10 #14 0x56aa08b7e6c0 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14 #15 0x56aa08b9dc45 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7 #16 0x56aa08b95df7 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52 #17 0x56aa08be2521 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15 #18 0x56aa08bddfbc in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5 #19 0x56aa0c5b75f3 in int (anonymous namespace)::ActivateWindow<false>(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/GUIBuiltins.cpp:109:52 #20 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 #21 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 #22 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 #23 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp #24 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 #25 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52 #26 0x56aa0867f896 in CGUIButtonControl::OnClick() xbmc/guilib/GUIButtonControl.cpp:393:16 #27 0x56aa08677e86 in CGUIButtonControl::OnAction(CAction const&) xbmc/guilib/GUIButtonControl.cpp:212:5 #28 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #29 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #30 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #31 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #32 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #33 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #34 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #35 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #36 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #37 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #38 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #39 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #40 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #41 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) SUMMARY: AddressSanitizer: heap-use-after-free xbmc/guilib/GUIAction.cpp:86:9 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const Shadow bytes around the buggy address: 0x51800050b900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050b980: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050ba00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050ba80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050bb00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x51800050bb80: fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fa fa 0x51800050bc00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x51800050bc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050bd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050bd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==30885==ABORTING (cherry picked from commit 9e4cfd2)
See comment in code for information. ==30885==ERROR: AddressSanitizer: heap-use-after-free on address 0x51800050bbe8 at pc 0x56aa085d20db bp 0x7ffd92777f50 sp 0x7ffd92777f48 READ of size 1 at 0x51800050bbe8 thread T0 #0 0x56aa085d20da in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:86:9 #1 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40 #2 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27 #3 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28 #4 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29 #5 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #6 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #7 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #8 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #9 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #10 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #11 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #12 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #13 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #14 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #15 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #16 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #17 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #18 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) #19 0x7517fb043d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) #20 0x56aa04d91c54 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa317c54) (BuildId: 7f84180dd757174de6de03b115843129667234d3) 0x51800050bbe8 is located 872 bytes inside of 880-byte region [0x51800050b880,0x51800050bbf0) freed by thread T0 here: #0 0x56aa04ec996a in operator delete(void*) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44f96a) (BuildId: 7f84180dd757174de6de03b115843129667234d3) #1 0x56aa08ae24d1 in CGUIStaticItem::~CGUIStaticItem() xbmc/guilib/GUIStaticItem.h:55:38 #2 0x56aa05922763 in std::_Sp_counted_ptr<CGUIStaticItem*, (__gnu_cxx::_Lock_policy)2>::_M_dispose() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:428:9 #3 0x56aa04ecd0bc in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:346:8 #4 0x56aa04eccca9 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1071:11 #5 0x56aa050d1c6c in std::__shared_ptr<CGUIListItem, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1524:31 #6 0x56aa050c6ee8 in std::shared_ptr<CGUIListItem>::~shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr.h:175:11 #7 0x56aa08465110 in void std::_Destroy<std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:151:19 #8 0x56aa0846505e in void std::_Destroy_aux<false>::__destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:163:6 #9 0x56aa08465024 in void std::_Destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:195:7 #10 0x56aa084a624b in void std::_Destroy<std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*, std::allocator<std::shared_ptr<CGUIListItem>>&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/alloc_traits.h:947:7 #11 0x56aa084a624b in std::vector<std::shared_ptr<CGUIListItem>, std::allocator<std::shared_ptr<CGUIListItem>>>::~vector() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_vector.h:732:2 #12 0x56aa086169e5 in CGUIBaseContainer::~CGUIBaseContainer() xbmc/guilib/GUIBaseContainer.cpp:117:1 #13 0x56aa08c4a148 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59 #14 0x56aa08c4a198 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59 #15 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #16 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #17 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #18 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #19 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #20 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #21 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #22 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #23 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #24 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #25 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #26 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #27 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #28 0x56aa08b9f39d in CGUIWindow::ClearAll() xbmc/guilib/GUIWindow.cpp:816:21 #29 0x56aa08b9ed97 in CGUIWindow::FreeResources(bool) xbmc/guilib/GUIWindow.cpp:799:53 #30 0x56aa08bf8e34 in CGUIWindowManager::DeInitialize() xbmc/guilib/GUIWindowManager.cpp:1452:14 #31 0x56aa09264d22 in CApplicationSkinHandling::UnloadSkin() xbmc/application/ApplicationSkinHandling.cpp:235:29 #32 0x56aa0925e0fd in CApplicationSkinHandling::LoadSkin(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/application/ApplicationSkinHandling.cpp:111:3 #33 0x56aa0926a8e6 in CApplicationSkinHandling::ReloadSkin(bool) xbmc/application/ApplicationSkinHandling.cpp:390:7 #34 0x56aa0c635399 in ReloadSkin(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/SkinBuiltins.cpp:46:12 #35 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 #36 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 #37 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 #38 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp #39 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 #40 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52 #41 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40 #42 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27 #43 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28 #44 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29 #45 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #46 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #47 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #48 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #49 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #50 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #51 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #52 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #53 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #54 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #55 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #56 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #57 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #58 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) previously allocated by thread T0 here: #0 0x56aa04ec8ed2 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44eed2) (BuildId: 7f84180dd757174de6de03b115843129667234d3) #1 0x56aa084b3183 in CStaticListProvider::CStaticListProvider(TiXmlElement const*, int) xbmc/guilib/listproviders/StaticProvider.cpp:28:33 #2 0x56aa0849c590 in std::__detail::_MakeUniq<CStaticListProvider>::__single_object std::make_unique<CStaticListProvider, TiXmlElement const*, int&>(TiXmlElement const*&&, int&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/unique_ptr.h:1070:34 #3 0x56aa0849bac7 in IListProvider::CreateSingle(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:34:12 #4 0x56aa0849b582 in IListProvider::Create(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:25:12 #5 0x56aa0864bbe8 in CGUIBaseContainer::LoadListProvider(TiXmlElement*, int, bool) xbmc/guilib/GUIBaseContainer.cpp:1282:20 #6 0x56aa0871b1c3 in CGUIControlFactory::Create(int, CRectGen<float> const&, TiXmlElement*, bool) xbmc/guilib/GUIControlFactory.cpp:1543:17 #7 0x56aa08b884c4 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:281:38 #8 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #9 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #10 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #11 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #12 0x56aa08b87cf6 in CGUIWindow::Load(TiXmlElement*) xbmc/guilib/GUIWindow.cpp:264:11 #13 0x56aa08b80657 in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:10 #14 0x56aa08b7e6c0 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14 #15 0x56aa08b9dc45 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7 #16 0x56aa08b95df7 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52 #17 0x56aa08be2521 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15 #18 0x56aa08bddfbc in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5 #19 0x56aa0c5b75f3 in int (anonymous namespace)::ActivateWindow<false>(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/GUIBuiltins.cpp:109:52 #20 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 #21 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 #22 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 #23 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp #24 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 #25 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52 #26 0x56aa0867f896 in CGUIButtonControl::OnClick() xbmc/guilib/GUIButtonControl.cpp:393:16 #27 0x56aa08677e86 in CGUIButtonControl::OnAction(CAction const&) xbmc/guilib/GUIButtonControl.cpp:212:5 #28 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #29 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #30 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #31 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #32 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #33 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #34 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #35 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #36 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #37 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #38 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #39 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #40 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #41 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) SUMMARY: AddressSanitizer: heap-use-after-free xbmc/guilib/GUIAction.cpp:86:9 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const Shadow bytes around the buggy address: 0x51800050b900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050b980: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050ba00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050ba80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050bb00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x51800050bb80: fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fa fa 0x51800050bc00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x51800050bc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050bd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050bd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==30885==ABORTING (cherry picked from commit 9e4cfd2)
See comment in code for information. ==30885==ERROR: AddressSanitizer: heap-use-after-free on address 0x51800050bbe8 at pc 0x56aa085d20db bp 0x7ffd92777f50 sp 0x7ffd92777f48 READ of size 1 at 0x51800050bbe8 thread T0 #0 0x56aa085d20da in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:86:9 #1 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40 #2 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27 #3 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28 #4 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29 #5 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #6 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #7 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #8 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #9 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #10 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #11 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #12 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #13 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #14 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #15 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #16 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #17 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #18 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) #19 0x7517fb043d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) #20 0x56aa04d91c54 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa317c54) (BuildId: 7f84180dd757174de6de03b115843129667234d3) 0x51800050bbe8 is located 872 bytes inside of 880-byte region [0x51800050b880,0x51800050bbf0) freed by thread T0 here: #0 0x56aa04ec996a in operator delete(void*) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44f96a) (BuildId: 7f84180dd757174de6de03b115843129667234d3) #1 0x56aa08ae24d1 in CGUIStaticItem::~CGUIStaticItem() xbmc/guilib/GUIStaticItem.h:55:38 #2 0x56aa05922763 in std::_Sp_counted_ptr<CGUIStaticItem*, (__gnu_cxx::_Lock_policy)2>::_M_dispose() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:428:9 #3 0x56aa04ecd0bc in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:346:8 #4 0x56aa04eccca9 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1071:11 #5 0x56aa050d1c6c in std::__shared_ptr<CGUIListItem, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1524:31 #6 0x56aa050c6ee8 in std::shared_ptr<CGUIListItem>::~shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr.h:175:11 #7 0x56aa08465110 in void std::_Destroy<std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:151:19 #8 0x56aa0846505e in void std::_Destroy_aux<false>::__destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:163:6 #9 0x56aa08465024 in void std::_Destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:195:7 #10 0x56aa084a624b in void std::_Destroy<std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*, std::allocator<std::shared_ptr<CGUIListItem>>&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/alloc_traits.h:947:7 #11 0x56aa084a624b in std::vector<std::shared_ptr<CGUIListItem>, std::allocator<std::shared_ptr<CGUIListItem>>>::~vector() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_vector.h:732:2 #12 0x56aa086169e5 in CGUIBaseContainer::~CGUIBaseContainer() xbmc/guilib/GUIBaseContainer.cpp:117:1 #13 0x56aa08c4a148 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59 #14 0x56aa08c4a198 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59 #15 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #16 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #17 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #18 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #19 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #20 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #21 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #22 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #23 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #24 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #25 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #26 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #27 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #28 0x56aa08b9f39d in CGUIWindow::ClearAll() xbmc/guilib/GUIWindow.cpp:816:21 #29 0x56aa08b9ed97 in CGUIWindow::FreeResources(bool) xbmc/guilib/GUIWindow.cpp:799:53 #30 0x56aa08bf8e34 in CGUIWindowManager::DeInitialize() xbmc/guilib/GUIWindowManager.cpp:1452:14 #31 0x56aa09264d22 in CApplicationSkinHandling::UnloadSkin() xbmc/application/ApplicationSkinHandling.cpp:235:29 #32 0x56aa0925e0fd in CApplicationSkinHandling::LoadSkin(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/application/ApplicationSkinHandling.cpp:111:3 #33 0x56aa0926a8e6 in CApplicationSkinHandling::ReloadSkin(bool) xbmc/application/ApplicationSkinHandling.cpp:390:7 #34 0x56aa0c635399 in ReloadSkin(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/SkinBuiltins.cpp:46:12 #35 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 #36 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 #37 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 #38 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp #39 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 #40 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52 #41 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40 #42 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27 #43 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28 #44 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29 #45 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #46 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #47 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #48 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #49 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #50 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #51 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #52 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #53 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #54 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #55 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #56 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #57 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #58 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) previously allocated by thread T0 here: #0 0x56aa04ec8ed2 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44eed2) (BuildId: 7f84180dd757174de6de03b115843129667234d3) #1 0x56aa084b3183 in CStaticListProvider::CStaticListProvider(TiXmlElement const*, int) xbmc/guilib/listproviders/StaticProvider.cpp:28:33 #2 0x56aa0849c590 in std::__detail::_MakeUniq<CStaticListProvider>::__single_object std::make_unique<CStaticListProvider, TiXmlElement const*, int&>(TiXmlElement const*&&, int&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/unique_ptr.h:1070:34 #3 0x56aa0849bac7 in IListProvider::CreateSingle(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:34:12 #4 0x56aa0849b582 in IListProvider::Create(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:25:12 #5 0x56aa0864bbe8 in CGUIBaseContainer::LoadListProvider(TiXmlElement*, int, bool) xbmc/guilib/GUIBaseContainer.cpp:1282:20 #6 0x56aa0871b1c3 in CGUIControlFactory::Create(int, CRectGen<float> const&, TiXmlElement*, bool) xbmc/guilib/GUIControlFactory.cpp:1543:17 #7 0x56aa08b884c4 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:281:38 #8 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #9 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #10 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #11 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #12 0x56aa08b87cf6 in CGUIWindow::Load(TiXmlElement*) xbmc/guilib/GUIWindow.cpp:264:11 #13 0x56aa08b80657 in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:10 #14 0x56aa08b7e6c0 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14 #15 0x56aa08b9dc45 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7 #16 0x56aa08b95df7 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52 #17 0x56aa08be2521 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15 #18 0x56aa08bddfbc in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5 #19 0x56aa0c5b75f3 in int (anonymous namespace)::ActivateWindow<false>(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/GUIBuiltins.cpp:109:52 #20 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 #21 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 #22 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 #23 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp #24 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 #25 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52 #26 0x56aa0867f896 in CGUIButtonControl::OnClick() xbmc/guilib/GUIButtonControl.cpp:393:16 #27 0x56aa08677e86 in CGUIButtonControl::OnAction(CAction const&) xbmc/guilib/GUIButtonControl.cpp:212:5 #28 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #29 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #30 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #31 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #32 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #33 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #34 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #35 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #36 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #37 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #38 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #39 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #40 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #41 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) SUMMARY: AddressSanitizer: heap-use-after-free xbmc/guilib/GUIAction.cpp:86:9 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const Shadow bytes around the buggy address: 0x51800050b900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050b980: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050ba00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050ba80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050bb00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x51800050bb80: fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fa fa 0x51800050bc00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x51800050bc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050bd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050bd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==30885==ABORTING (cherry picked from commit 9e4cfd2)
See comment in code for information. ==30885==ERROR: AddressSanitizer: heap-use-after-free on address 0x51800050bbe8 at pc 0x56aa085d20db bp 0x7ffd92777f50 sp 0x7ffd92777f48 READ of size 1 at 0x51800050bbe8 thread T0 #0 0x56aa085d20da in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:86:9 #1 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40 #2 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27 #3 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28 #4 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29 #5 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #6 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #7 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #8 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #9 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #10 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #11 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #12 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #13 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #14 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #15 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #16 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #17 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #18 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) #19 0x7517fb043d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) #20 0x56aa04d91c54 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa317c54) (BuildId: 7f84180dd757174de6de03b115843129667234d3) 0x51800050bbe8 is located 872 bytes inside of 880-byte region [0x51800050b880,0x51800050bbf0) freed by thread T0 here: #0 0x56aa04ec996a in operator delete(void*) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44f96a) (BuildId: 7f84180dd757174de6de03b115843129667234d3) #1 0x56aa08ae24d1 in CGUIStaticItem::~CGUIStaticItem() xbmc/guilib/GUIStaticItem.h:55:38 #2 0x56aa05922763 in std::_Sp_counted_ptr<CGUIStaticItem*, (__gnu_cxx::_Lock_policy)2>::_M_dispose() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:428:9 #3 0x56aa04ecd0bc in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:346:8 #4 0x56aa04eccca9 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1071:11 #5 0x56aa050d1c6c in std::__shared_ptr<CGUIListItem, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1524:31 #6 0x56aa050c6ee8 in std::shared_ptr<CGUIListItem>::~shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr.h:175:11 #7 0x56aa08465110 in void std::_Destroy<std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:151:19 #8 0x56aa0846505e in void std::_Destroy_aux<false>::__destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:163:6 #9 0x56aa08465024 in void std::_Destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:195:7 #10 0x56aa084a624b in void std::_Destroy<std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*, std::allocator<std::shared_ptr<CGUIListItem>>&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/alloc_traits.h:947:7 #11 0x56aa084a624b in std::vector<std::shared_ptr<CGUIListItem>, std::allocator<std::shared_ptr<CGUIListItem>>>::~vector() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_vector.h:732:2 #12 0x56aa086169e5 in CGUIBaseContainer::~CGUIBaseContainer() xbmc/guilib/GUIBaseContainer.cpp:117:1 #13 0x56aa08c4a148 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59 #14 0x56aa08c4a198 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59 #15 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #16 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #17 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #18 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #19 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #20 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #21 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #22 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #23 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #24 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #25 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #26 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #27 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #28 0x56aa08b9f39d in CGUIWindow::ClearAll() xbmc/guilib/GUIWindow.cpp:816:21 #29 0x56aa08b9ed97 in CGUIWindow::FreeResources(bool) xbmc/guilib/GUIWindow.cpp:799:53 #30 0x56aa08bf8e34 in CGUIWindowManager::DeInitialize() xbmc/guilib/GUIWindowManager.cpp:1452:14 #31 0x56aa09264d22 in CApplicationSkinHandling::UnloadSkin() xbmc/application/ApplicationSkinHandling.cpp:235:29 #32 0x56aa0925e0fd in CApplicationSkinHandling::LoadSkin(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/application/ApplicationSkinHandling.cpp:111:3 #33 0x56aa0926a8e6 in CApplicationSkinHandling::ReloadSkin(bool) xbmc/application/ApplicationSkinHandling.cpp:390:7 #34 0x56aa0c635399 in ReloadSkin(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/SkinBuiltins.cpp:46:12 #35 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 #36 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 #37 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 #38 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp #39 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 #40 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52 #41 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40 #42 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27 #43 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28 #44 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29 #45 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #46 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #47 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #48 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #49 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #50 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #51 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #52 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #53 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #54 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #55 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #56 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #57 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #58 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) previously allocated by thread T0 here: #0 0x56aa04ec8ed2 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44eed2) (BuildId: 7f84180dd757174de6de03b115843129667234d3) #1 0x56aa084b3183 in CStaticListProvider::CStaticListProvider(TiXmlElement const*, int) xbmc/guilib/listproviders/StaticProvider.cpp:28:33 #2 0x56aa0849c590 in std::__detail::_MakeUniq<CStaticListProvider>::__single_object std::make_unique<CStaticListProvider, TiXmlElement const*, int&>(TiXmlElement const*&&, int&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/unique_ptr.h:1070:34 #3 0x56aa0849bac7 in IListProvider::CreateSingle(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:34:12 #4 0x56aa0849b582 in IListProvider::Create(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:25:12 #5 0x56aa0864bbe8 in CGUIBaseContainer::LoadListProvider(TiXmlElement*, int, bool) xbmc/guilib/GUIBaseContainer.cpp:1282:20 #6 0x56aa0871b1c3 in CGUIControlFactory::Create(int, CRectGen<float> const&, TiXmlElement*, bool) xbmc/guilib/GUIControlFactory.cpp:1543:17 #7 0x56aa08b884c4 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:281:38 #8 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #9 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #10 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #11 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #12 0x56aa08b87cf6 in CGUIWindow::Load(TiXmlElement*) xbmc/guilib/GUIWindow.cpp:264:11 #13 0x56aa08b80657 in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:10 #14 0x56aa08b7e6c0 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14 #15 0x56aa08b9dc45 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7 #16 0x56aa08b95df7 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52 #17 0x56aa08be2521 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15 #18 0x56aa08bddfbc in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5 #19 0x56aa0c5b75f3 in int (anonymous namespace)::ActivateWindow<false>(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/GUIBuiltins.cpp:109:52 #20 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 #21 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 #22 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 #23 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp #24 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 #25 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52 #26 0x56aa0867f896 in CGUIButtonControl::OnClick() xbmc/guilib/GUIButtonControl.cpp:393:16 #27 0x56aa08677e86 in CGUIButtonControl::OnAction(CAction const&) xbmc/guilib/GUIButtonControl.cpp:212:5 #28 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #29 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #30 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #31 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #32 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #33 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #34 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #35 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #36 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #37 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #38 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #39 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #40 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #41 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) SUMMARY: AddressSanitizer: heap-use-after-free xbmc/guilib/GUIAction.cpp:86:9 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const Shadow bytes around the buggy address: 0x51800050b900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050b980: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050ba00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050ba80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050bb00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x51800050bb80: fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fa fa 0x51800050bc00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x51800050bc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050bd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050bd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==30885==ABORTING (cherry picked from commit 9e4cfd2)
See comment in code for information. ==30885==ERROR: AddressSanitizer: heap-use-after-free on address 0x51800050bbe8 at pc 0x56aa085d20db bp 0x7ffd92777f50 sp 0x7ffd92777f48 READ of size 1 at 0x51800050bbe8 thread T0 #0 0x56aa085d20da in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:86:9 #1 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40 #2 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27 #3 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28 #4 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29 #5 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #6 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #7 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #8 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #9 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #10 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #11 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #12 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #13 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #14 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #15 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #16 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #17 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #18 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) #19 0x7517fb043d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) #20 0x56aa04d91c54 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa317c54) (BuildId: 7f84180dd757174de6de03b115843129667234d3) 0x51800050bbe8 is located 872 bytes inside of 880-byte region [0x51800050b880,0x51800050bbf0) freed by thread T0 here: #0 0x56aa04ec996a in operator delete(void*) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44f96a) (BuildId: 7f84180dd757174de6de03b115843129667234d3) #1 0x56aa08ae24d1 in CGUIStaticItem::~CGUIStaticItem() xbmc/guilib/GUIStaticItem.h:55:38 #2 0x56aa05922763 in std::_Sp_counted_ptr<CGUIStaticItem*, (__gnu_cxx::_Lock_policy)2>::_M_dispose() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:428:9 #3 0x56aa04ecd0bc in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:346:8 #4 0x56aa04eccca9 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1071:11 #5 0x56aa050d1c6c in std::__shared_ptr<CGUIListItem, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1524:31 #6 0x56aa050c6ee8 in std::shared_ptr<CGUIListItem>::~shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr.h:175:11 #7 0x56aa08465110 in void std::_Destroy<std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:151:19 #8 0x56aa0846505e in void std::_Destroy_aux<false>::__destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:163:6 #9 0x56aa08465024 in void std::_Destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:195:7 #10 0x56aa084a624b in void std::_Destroy<std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*, std::allocator<std::shared_ptr<CGUIListItem>>&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/alloc_traits.h:947:7 #11 0x56aa084a624b in std::vector<std::shared_ptr<CGUIListItem>, std::allocator<std::shared_ptr<CGUIListItem>>>::~vector() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_vector.h:732:2 #12 0x56aa086169e5 in CGUIBaseContainer::~CGUIBaseContainer() xbmc/guilib/GUIBaseContainer.cpp:117:1 #13 0x56aa08c4a148 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59 #14 0x56aa08c4a198 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59 #15 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #16 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #17 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #18 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #19 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #20 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #21 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #22 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #23 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #24 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #25 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #26 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #27 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #28 0x56aa08b9f39d in CGUIWindow::ClearAll() xbmc/guilib/GUIWindow.cpp:816:21 #29 0x56aa08b9ed97 in CGUIWindow::FreeResources(bool) xbmc/guilib/GUIWindow.cpp:799:53 #30 0x56aa08bf8e34 in CGUIWindowManager::DeInitialize() xbmc/guilib/GUIWindowManager.cpp:1452:14 #31 0x56aa09264d22 in CApplicationSkinHandling::UnloadSkin() xbmc/application/ApplicationSkinHandling.cpp:235:29 #32 0x56aa0925e0fd in CApplicationSkinHandling::LoadSkin(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/application/ApplicationSkinHandling.cpp:111:3 #33 0x56aa0926a8e6 in CApplicationSkinHandling::ReloadSkin(bool) xbmc/application/ApplicationSkinHandling.cpp:390:7 #34 0x56aa0c635399 in ReloadSkin(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/SkinBuiltins.cpp:46:12 #35 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 #36 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 #37 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 #38 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp #39 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 #40 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52 #41 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40 #42 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27 #43 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28 #44 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29 #45 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #46 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #47 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #48 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #49 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #50 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #51 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #52 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #53 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #54 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #55 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #56 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #57 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #58 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) previously allocated by thread T0 here: #0 0x56aa04ec8ed2 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44eed2) (BuildId: 7f84180dd757174de6de03b115843129667234d3) #1 0x56aa084b3183 in CStaticListProvider::CStaticListProvider(TiXmlElement const*, int) xbmc/guilib/listproviders/StaticProvider.cpp:28:33 #2 0x56aa0849c590 in std::__detail::_MakeUniq<CStaticListProvider>::__single_object std::make_unique<CStaticListProvider, TiXmlElement const*, int&>(TiXmlElement const*&&, int&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/unique_ptr.h:1070:34 #3 0x56aa0849bac7 in IListProvider::CreateSingle(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:34:12 #4 0x56aa0849b582 in IListProvider::Create(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:25:12 #5 0x56aa0864bbe8 in CGUIBaseContainer::LoadListProvider(TiXmlElement*, int, bool) xbmc/guilib/GUIBaseContainer.cpp:1282:20 #6 0x56aa0871b1c3 in CGUIControlFactory::Create(int, CRectGen<float> const&, TiXmlElement*, bool) xbmc/guilib/GUIControlFactory.cpp:1543:17 #7 0x56aa08b884c4 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:281:38 #8 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #9 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #10 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #11 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #12 0x56aa08b87cf6 in CGUIWindow::Load(TiXmlElement*) xbmc/guilib/GUIWindow.cpp:264:11 #13 0x56aa08b80657 in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:10 #14 0x56aa08b7e6c0 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14 #15 0x56aa08b9dc45 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7 #16 0x56aa08b95df7 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52 #17 0x56aa08be2521 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15 #18 0x56aa08bddfbc in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5 #19 0x56aa0c5b75f3 in int (anonymous namespace)::ActivateWindow<false>(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/GUIBuiltins.cpp:109:52 #20 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 #21 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 #22 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 #23 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp #24 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 #25 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52 #26 0x56aa0867f896 in CGUIButtonControl::OnClick() xbmc/guilib/GUIButtonControl.cpp:393:16 #27 0x56aa08677e86 in CGUIButtonControl::OnAction(CAction const&) xbmc/guilib/GUIButtonControl.cpp:212:5 #28 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #29 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #30 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #31 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #32 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #33 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #34 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #35 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #36 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #37 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #38 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #39 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #40 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #41 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) SUMMARY: AddressSanitizer: heap-use-after-free xbmc/guilib/GUIAction.cpp:86:9 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const Shadow bytes around the buggy address: 0x51800050b900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050b980: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050ba00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050ba80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050bb00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x51800050bb80: fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fa fa 0x51800050bc00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x51800050bc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050bd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050bd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==30885==ABORTING (cherry picked from commit 9e4cfd2)
See comment in code for information. ==30885==ERROR: AddressSanitizer: heap-use-after-free on address 0x51800050bbe8 at pc 0x56aa085d20db bp 0x7ffd92777f50 sp 0x7ffd92777f48 READ of size 1 at 0x51800050bbe8 thread T0 #0 0x56aa085d20da in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:86:9 #1 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40 #2 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27 #3 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28 #4 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29 #5 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #6 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #7 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #8 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #9 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #10 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #11 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #12 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #13 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #14 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #15 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #16 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #17 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #18 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) #19 0x7517fb043d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) #20 0x56aa04d91c54 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa317c54) (BuildId: 7f84180dd757174de6de03b115843129667234d3) 0x51800050bbe8 is located 872 bytes inside of 880-byte region [0x51800050b880,0x51800050bbf0) freed by thread T0 here: #0 0x56aa04ec996a in operator delete(void*) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44f96a) (BuildId: 7f84180dd757174de6de03b115843129667234d3) #1 0x56aa08ae24d1 in CGUIStaticItem::~CGUIStaticItem() xbmc/guilib/GUIStaticItem.h:55:38 #2 0x56aa05922763 in std::_Sp_counted_ptr<CGUIStaticItem*, (__gnu_cxx::_Lock_policy)2>::_M_dispose() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:428:9 #3 0x56aa04ecd0bc in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:346:8 #4 0x56aa04eccca9 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1071:11 #5 0x56aa050d1c6c in std::__shared_ptr<CGUIListItem, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1524:31 #6 0x56aa050c6ee8 in std::shared_ptr<CGUIListItem>::~shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr.h:175:11 #7 0x56aa08465110 in void std::_Destroy<std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:151:19 #8 0x56aa0846505e in void std::_Destroy_aux<false>::__destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:163:6 #9 0x56aa08465024 in void std::_Destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:195:7 #10 0x56aa084a624b in void std::_Destroy<std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*, std::allocator<std::shared_ptr<CGUIListItem>>&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/alloc_traits.h:947:7 #11 0x56aa084a624b in std::vector<std::shared_ptr<CGUIListItem>, std::allocator<std::shared_ptr<CGUIListItem>>>::~vector() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_vector.h:732:2 #12 0x56aa086169e5 in CGUIBaseContainer::~CGUIBaseContainer() xbmc/guilib/GUIBaseContainer.cpp:117:1 #13 0x56aa08c4a148 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59 #14 0x56aa08c4a198 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59 #15 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #16 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #17 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #18 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #19 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #20 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #21 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #22 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #23 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #24 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #25 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 #26 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 #27 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #28 0x56aa08b9f39d in CGUIWindow::ClearAll() xbmc/guilib/GUIWindow.cpp:816:21 #29 0x56aa08b9ed97 in CGUIWindow::FreeResources(bool) xbmc/guilib/GUIWindow.cpp:799:53 #30 0x56aa08bf8e34 in CGUIWindowManager::DeInitialize() xbmc/guilib/GUIWindowManager.cpp:1452:14 #31 0x56aa09264d22 in CApplicationSkinHandling::UnloadSkin() xbmc/application/ApplicationSkinHandling.cpp:235:29 #32 0x56aa0925e0fd in CApplicationSkinHandling::LoadSkin(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/application/ApplicationSkinHandling.cpp:111:3 #33 0x56aa0926a8e6 in CApplicationSkinHandling::ReloadSkin(bool) xbmc/application/ApplicationSkinHandling.cpp:390:7 #34 0x56aa0c635399 in ReloadSkin(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/SkinBuiltins.cpp:46:12 #35 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 #36 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 #37 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 #38 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp #39 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 #40 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52 #41 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40 #42 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27 #43 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28 #44 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29 #45 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #46 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #47 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #48 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #49 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #50 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #51 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #52 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #53 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #54 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #55 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #56 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #57 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #58 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) previously allocated by thread T0 here: #0 0x56aa04ec8ed2 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44eed2) (BuildId: 7f84180dd757174de6de03b115843129667234d3) #1 0x56aa084b3183 in CStaticListProvider::CStaticListProvider(TiXmlElement const*, int) xbmc/guilib/listproviders/StaticProvider.cpp:28:33 #2 0x56aa0849c590 in std::__detail::_MakeUniq<CStaticListProvider>::__single_object std::make_unique<CStaticListProvider, TiXmlElement const*, int&>(TiXmlElement const*&&, int&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/unique_ptr.h:1070:34 #3 0x56aa0849bac7 in IListProvider::CreateSingle(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:34:12 #4 0x56aa0849b582 in IListProvider::Create(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:25:12 #5 0x56aa0864bbe8 in CGUIBaseContainer::LoadListProvider(TiXmlElement*, int, bool) xbmc/guilib/GUIBaseContainer.cpp:1282:20 #6 0x56aa0871b1c3 in CGUIControlFactory::Create(int, CRectGen<float> const&, TiXmlElement*, bool) xbmc/guilib/GUIControlFactory.cpp:1543:17 #7 0x56aa08b884c4 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:281:38 #8 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #9 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #10 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #11 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #12 0x56aa08b87cf6 in CGUIWindow::Load(TiXmlElement*) xbmc/guilib/GUIWindow.cpp:264:11 #13 0x56aa08b80657 in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:10 #14 0x56aa08b7e6c0 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14 #15 0x56aa08b9dc45 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7 #16 0x56aa08b95df7 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52 #17 0x56aa08be2521 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15 #18 0x56aa08bddfbc in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5 #19 0x56aa0c5b75f3 in int (anonymous namespace)::ActivateWindow<false>(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/GUIBuiltins.cpp:109:52 #20 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 #21 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 #22 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 #23 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp #24 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 #25 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52 #26 0x56aa0867f896 in CGUIButtonControl::OnClick() xbmc/guilib/GUIButtonControl.cpp:393:16 #27 0x56aa08677e86 in CGUIButtonControl::OnAction(CAction const&) xbmc/guilib/GUIButtonControl.cpp:212:5 #28 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #29 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #30 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #31 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #32 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #33 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #34 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #35 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 #36 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 #37 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 #38 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 #39 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #40 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 #41 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) SUMMARY: AddressSanitizer: heap-use-after-free xbmc/guilib/GUIAction.cpp:86:9 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const Shadow bytes around the buggy address: 0x51800050b900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050b980: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050ba00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050ba80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050bb00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x51800050bb80: fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fa fa 0x51800050bc00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x51800050bc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050bd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050bd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==30885==ABORTING (cherry picked from commit 9e4cfd2)
This set of patches adds support for decoding H264 frames through the Retroplayer by taking advantage of the ffmpeg backend of Kodi. This is done in two parts, by adding the functionality into
CRetroplayerVideo
, and the corresponding callbacks to the Game API.Having this functionality would help with the work oan game.moonlight.
As a note, this has only been tested on a 64 bit Linux machine, in particular Ubuntu-14.04. I haven't gotten around to building on osx yet.