here is our close code:
nice_agent_remove_stream(agent.get(), stream_id);
nice_agent_close_async(agent.get(), AgentClosed, &agent_closed);
while (!agent_closed) {
g_main_context_iteration (nullptr, TRUE);
}
agent.reset();
g_main_loop_quit(loop.get());
if (g_main_loop_thread.joinable()) {
g_main_loop_thread.join();
}
It doesn't happen very often (this was the only time we managed to crash it with sanitizers) The TapFrame code only does memcpy from the buffer provided by libnice to our own buffer
All the TapFrame does is memcpy from the buffer provided by libnice to our own buffers. The issue happens when we get the callback during/after destroying the libnice connection, so it seems that libnice is freeing the memory even when the callback is still running
It seems that the memory is freed while the callback is still running
==21972==ERROR: AddressSanitizer: heap-use-after-free on address 0x631000244800 at pc 0x7f0a527e9733 bp 0x7f0a2e029890 sp 0x7f0a2e029038
READ of size 1037 at 0x631000244800 thread T226
#0 0x7f0a527e9732 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x79732)
#1 0x56253306138a in TapFrame::TapFrame(unsigned char const*, unsigned int) (/media/psf/Home/core/controller+0x5c238a)
#2 0x5625330a370e in DTLSWrapper::DecryptData(void const*, unsigned long) (/media/psf/Home/core/controller+0x60470e)
#3 0x5625330fec03 in nice_component_emit_io_callback (/media/psf/Home/core/controller+0x65fc03)
#4 0x5625330f9f30 in component_io_cb (/media/psf/Home/core/controller+0x65af30)
#5 0x7f0a51cc6118 (/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0+0x7e118)
#6 0x7f0a520333a4 in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4c3a4)
#7 0x7f0a5203376f (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4c76f)
#8 0x7f0a52033a81 in g_main_loop_run (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4ca81)
#9 0x562533032745 in std::thread::_State_impl<std::thread::_Invoker<std::tuple<void (*)(_GMainLoop*), _GMainLoop*> > >::_M_run() (/media/psf/Home/core/controller+0x593745)
#10 0x7f0a507036de (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xbd6de)
#11 0x7f0a509d66da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)
#12 0x7f0a4fdc071e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x12171e)