<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Verdana, Geneva, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);" class="elementToProof">
Hello,</div>
<div style="font-family: Verdana, Geneva, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);" class="elementToProof">
<br>
</div>
<div style="font-family: Verdana, Geneva, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);" class="elementToProof ContentPasted0">
There may be one heap-use-after-free while calling RTPInterface::sendDataOverTCP. The following is the bug report from the ASAN:</div>
<div style="font-family: Verdana, Geneva, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);" class="elementToProof ContentPasted0">
<br>
</div>
<div style="font-family: Verdana, Geneva, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);" class="elementToProof ContentPasted0">
----</div>
<div style="font-family: Verdana, Geneva, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);" class="elementToProof ContentPasted0">
<br>
</div>
<div style="font-family: Verdana, Geneva, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);" class="elementToProof ContentPasted0 ContentPasted1">
==17==ERROR: AddressSanitizer: heap-use-after-free on address 0x62e000f3a0e8 at pc 0x0000005d5ec8 bp 0x7ffff35fc420 sp 0x7ffff35fc418
<div class="ContentPasted1">READ of size 1 at 0x62e000f3a0e8 thread T0
</div>
<div class="ContentPasted1"> #0 0x5d5ec7 in RTPInterface::sendDataOverTCP(int, TLSState*, unsigned char const*, unsigned int, unsigned char) /home/ubuntu/experiments/live/liveMedia</div>
<div class="ContentPasted1">/RTPInterface.cpp:394:51
</div>
<div class="ContentPasted1"> #1 0x5d4296 in RTPInterface::sendRTPorRTCPPacketOverTCP(unsigned char*, unsigned int, int, unsigned char, TLSState*) /home/ubuntu/experiments/live/live</div>
<div class="ContentPasted1">Media/RTPInterface.cpp:371:10 </div>
<div class="ContentPasted1"> #2 0x5d4296 in RTPInterface::sendPacket(unsigned char*, unsigned int) /home/ubuntu/experiments/live/liveMedia/RTPInterface.cpp:254:10 </div>
<div class="ContentPasted1"> #3 0x5d1188 in MultiFramedRTPSink::sendPacketIfNecessary() /home/ubuntu/experiments/live/liveMedia/MultiFramedRTPSink.cpp:395:21
</div>
<div class="ContentPasted1"> #4 0x5d07d1 in MultiFramedRTPSink::afterGettingFrame1(unsigned int, unsigned int, timeval, unsigned int) /home/ubuntu/experiments/live/liveMedia/MultiF</div>
<div class="ContentPasted1">ramedRTPSink.cpp
</div>
<div class="ContentPasted1"> #5 0x5fa8b9 in MatroskaFileParser::parse() /home/ubuntu/experiments/live/liveMedia/MatroskaFileParser.cpp:191:4 </div>
<div class="ContentPasted1"> #6 0x5f90ba in MatroskaFileParser::continueParsing() /home/ubuntu/experiments/live/liveMedia/MatroskaFileParser.cpp:118:10
</div>
<div class="ContentPasted1"> #7 0x5cf854 in MultiFramedRTPSink::packFrame() /home/ubuntu/experiments/live/liveMedia/MultiFramedRTPSink.cpp:223:14
</div>
<div class="ContentPasted1"> #8 0x653902 in AlarmHandler::handleTimeout() /home/ubuntu/experiments/live/BasicUsageEnvironment/BasicTaskScheduler0.cpp:34:5 </div>
<div class="ContentPasted1"> #9 0x64a06c in BasicTaskScheduler::SingleStep(unsigned int) /home/ubuntu/experiments/live/BasicUsageEnvironment/BasicTaskScheduler.cpp:212:15 </div>
<div class="ContentPasted1"> #10 0x6522ea in BasicTaskScheduler0::doEventLoop(char volatile*) /home/ubuntu/experiments/live/BasicUsageEnvironment/BasicTaskScheduler0.cpp:82:5 </div>
<div class="ContentPasted1"> #11 0x4ccec4 in main /home/ubuntu/experiments/live/testProgs/testOnDemandRTSPServer.cpp:462:24 </div>
<div class="ContentPasted1"> </div>
<div class="ContentPasted1">0x62e000f3a0e8 is located 40168 bytes inside of 40328-byte region [0x62e000f30400,0x62e000f3a188) </div>
<div class="ContentPasted1">freed by thread T0 here:
</div>
<div class="ContentPasted1"> #0 0x4c80fd in operator delete(void*) (/home/ubuntu/experiments/live/testProgs/testOnDemandRTSPServer+0x4c80fd) </div>
<div class="ContentPasted1"> #1 0x4dccb0 in RTSPServer::RTSPClientConnection::handleRequestBytes(int) /home/ubuntu/experiments/live/liveMedia/RTSPServer.cpp:1014:51 </div>
<div class="ContentPasted1"> #2 0x5d6a3a in SocketDescriptor::~SocketDescriptor() /home/ubuntu/experiments/live/liveMedia/RTPInterface.cpp:476:5 </div>
<div class="ContentPasted1"> #3 0x5d6c78 in SocketDescriptor::~SocketDescriptor() /home/ubuntu/experiments/live/liveMedia/RTPInterface.cpp:447:39
</div>
<div class="ContentPasted1"> #4 0x649d1c in BasicTaskScheduler::SingleStep(unsigned int) /home/ubuntu/experiments/live/BasicUsageEnvironment/BasicTaskScheduler.cpp:153:7
</div>
<div class="ContentPasted1"> #5 0x6522ea in BasicTaskScheduler0::doEventLoop(char volatile*) /home/ubuntu/experiments/live/BasicUsageEnvironment/BasicTaskScheduler0.cpp:82:5
</div>
<div class="ContentPasted1"> #6 0x4ccec4 in main /home/ubuntu/experiments/live/testProgs/testOnDemandRTSPServer.cpp:462:24
</div>
<div><br class="ContentPasted1">
</div>
<div class="ContentPasted1">previously allocated by thread T0 here:</div>
<div class="ContentPasted1"> #0 0x4c789d in operator new(unsigned long) (/home/ubuntu/experiments/live/testProgs/testOnDemandRTSPServer+0x4c789d)</div>
<div class="ContentPasted1"> #1 0x4e4955 in RTSPServer::createNewClientConnection(int, sockaddr_storage const&) /home/ubuntu/experiments/live/liveMedia/RTSPServer.cpp:2031:10</div>
<div class="ContentPasted1"> #2 0x5e5a92 in GenericMediaServer::incomingConnectionHandlerOnSocket(int) /home/ubuntu/experiments/live/liveMedia/GenericMediaServer.cpp:251:9</div>
<div class="ContentPasted1"> #3 0x649d1c in BasicTaskScheduler::SingleStep(unsigned int) /home/ubuntu/experiments/live/BasicUsageEnvironment/BasicTaskScheduler.cpp:153:7</div>
<div class="ContentPasted1"> #4 0x6522ea in BasicTaskScheduler0::doEventLoop(char volatile*) /home/ubuntu/experiments/live/BasicUsageEnvironment/BasicTaskScheduler0.cpp:82:5</div>
<div class="ContentPasted1"> #5 0x4ccec4 in main /home/ubuntu/experiments/live/testProgs/testOnDemandRTSPServer.cpp:462:24</div>
<div><br class="ContentPasted1">
</div>
<div class="ContentPasted1">SUMMARY: AddressSanitizer: heap-use-after-free /home/ubuntu/experiments/live/liveMedia/RTPInterface.cpp:394:51 in RTPInterface::sendDataOverTCP(int, TLSSta</div>
<div class="ContentPasted1">te*, unsigned char const*, unsigned int, unsigned char)</div>
<div class="ContentPasted1">Shadow bytes around the buggy address:</div>
<div class="ContentPasted1"> 0x0c5c801df3c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd</div>
<div class="ContentPasted1"> 0x0c5c801df3d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd</div>
<div class="ContentPasted1"> 0x0c5c801df3e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd</div>
<div class="ContentPasted1"> 0x0c5c801df3f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd</div>
<div class="ContentPasted1"> 0x0c5c801df400: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd</div>
<div class="ContentPasted1">=>0x0c5c801df410: fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd</div>
<div class="ContentPasted1"> 0x0c5c801df420: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd</div>
<div class="ContentPasted1"> 0x0c5c801df430: fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa</div>
<div class="ContentPasted1"> 0x0c5c801df440: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa</div>
<div class="ContentPasted1"> 0x0c5c801df450: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa</div>
<div class="ContentPasted1"> 0x0c5c801df460: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa</div>
<div class="ContentPasted1">Shadow byte legend (one shadow byte represents 8 application bytes):</div>
<div class="ContentPasted1"> Addressable: 00</div>
<div class="ContentPasted1"> Partially addressable: 01 02 03 04 05 06 07 </div>
<div class="ContentPasted1"> Heap left redzone: fa</div>
<div class="ContentPasted1"> Freed heap region: fd</div>
<div class="ContentPasted1"> Stack left redzone: f1</div>
<div class="ContentPasted1"> Stack mid redzone: f2</div>
<div class="ContentPasted1"> Stack right redzone: f3</div>
<div class="ContentPasted1"> Stack after return: f5</div>
<div class="ContentPasted1"> Stack use after scope: f8</div>
<div class="ContentPasted1"> Global redzone: f9</div>
<div class="ContentPasted1"> Global init order: f6</div>
<div class="ContentPasted1"> Poisoned by user: f7</div>
<div class="ContentPasted1"> Container overflow: fc</div>
<div class="ContentPasted1"> Array cookie: ac</div>
<div class="ContentPasted1"> Intra object redzone: bb</div>
<div class="ContentPasted1"> ASan internal: fe</div>
<div class="ContentPasted1"> Left alloca redzone: ca</div>
<div class="ContentPasted1"> Right alloca redzone: cb</div>
<div class="ContentPasted1"> Shadow gap: cc</div>
<div class="ContentPasted1">==17==ABORTING</div>
<br>
</div>
<div class="elementToProof">
<div style="font-family: Verdana, Geneva, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);">
<br>
</div>
<div id="Signature">
<div>
<div style="font-family: Verdana, Geneva, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);">
</div>
<div style="font-family: "Times New Roman", Times, serif; font-size: 12pt; color: rgb(0, 0, 0);">
<span style="font-size: 11pt; font-family: Verdana, Geneva, sans-serif;">------</span></div>
<div style="font-family: "Times New Roman", Times, serif; font-size: 12pt; color: rgb(0, 0, 0);">
<span style="font-size: 11pt; font-family: Verdana, Geneva, sans-serif;">Kind Regards,</span></div>
<div style="font-family: "Times New Roman", Times, serif; font-size: 12pt; color: rgb(0, 0, 0);">
<span style="font-size: 11pt; font-family: Verdana, Geneva, sans-serif;">Ruijie</span></div>
</div>
</div>
</div>
</body>
</html>