AddressSanitizer: heap-use-after-free on udp-bsd sock->priv->gaddr
Since a couple of commits, I see this heap-use-after-free error:
=================================================================
==21979==ERROR: AddressSanitizer: heap-use-after-free on address 0x60600064a988 at pc 0x7f397a5ae631 bp 0x7f390ade18f0 sp 0x7f390ade18e0
READ of size 4 at 0x60600064a988 thread T3504 (nicesrc568:src)
#0 0x7f397a5ae630 in g_object_unref /home/bellet/Development/glib/gobject/gobject.c:3246
#1 0x7f397a5ae630 in g_object_unref /home/bellet/Development/glib/gobject/gobject.c:3236
#2 0x7f39197c1695 in socket_send_message /home/bellet/Development/libnice/socket/udp-bsd.c:263
#3 0x7f39197c1695 in socket_send_messages /home/bellet/Development/libnice/socket/udp-bsd.c:305
#4 0x7f39197ba538 in nice_socket_send /home/bellet/Development/libnice/socket/socket.c:226
#5 0x7f391978a13e in agent_socket_send /home/bellet/Development/libnice/agent/agent.c:6582
#6 0x7f3919790166 in priv_conn_keepalive_tick_unlocked /home/bellet/Development/libnice/agent/conncheck.c:1437
#7 0x7f3919790a82 in priv_update_selected_pair /home/bellet/Development/libnice/agent/conncheck.c:1738
#8 0x7f391979c2ea in priv_map_reply_to_conn_check_request /home/bellet/Development/libnice/agent/conncheck.c:3242
#9 0x7f391979c2ea in conn_check_handle_inbound_stun /home/bellet/Development/libnice/agent/conncheck.c:4236
#10 0x7f39197865d7 in agent_recv_message_unlocked /home/bellet/Development/libnice/agent/agent.c:3999
#11 0x7f391978789c in component_io_cb /home/bellet/Development/libnice/agent/agent.c:5317
#12 0x7f397bc5d995 in socket_source_dispatch /home/bellet/Development/glib/gio/gsocket.c:3843
#13 0x7f397a22f19b in g_main_dispatch /home/bellet/Development/glib/glib/gmain.c:3178
#14 0x7f397a22f19b in g_main_context_dispatch /home/bellet/Development/glib/glib/gmain.c:3831
#15 0x7f397a22fa97 in g_main_context_iterate /home/bellet/Development/glib/glib/gmain.c:3904
#16 0x7f397a23007f in g_main_loop_run /home/bellet/Development/glib/glib/gmain.c:4100
#17 0x7f391760f073 (/usr/lib64/gstreamer-1.0/libgstnice.so+0x3073)
#18 0x7f39886e36ff in gst_push_src_create /home/bellet/Development/gstreamer/libs/gst/base/gstpushsrc.c:131
#19 0x7f39886b1f4c in gst_base_src_get_range /home/bellet/Development/gstreamer/libs/gst/base/gstbasesrc.c:2512
#20 0x7f39886b6045 in gst_base_src_loop /home/bellet/Development/gstreamer/libs/gst/base/gstbasesrc.c:2836
#21 0x7f39882dd683 in gst_task_func /home/bellet/Development/gstreamer/gst/gsttask.c:332
#22 0x7f39882df183 in default_func /home/bellet/Development/gstreamer/gst/gsttaskpool.c:69
#23 0x7f397a2854d6 in g_thread_pool_thread_proxy /home/bellet/Development/glib/glib/gthreadpool.c:307
#24 0x7f397a284385 in g_thread_proxy /home/bellet/Development/glib/glib/gthread.c:784
#25 0x7f3978835593 in start_thread (/lib64/libpthread.so.0+0x7593)
#26 0x7f3978568e6e in clone (/lib64/libc.so.6+0xf9e6e)
0x60600064a988 is located 40 bytes inside of 64-byte region [0x60600064a960,0x60600064a9a0)
freed by thread T3503 here:
#0 0x7f3989bd5880 in __interceptor_free (/usr/lib64/libasan.so.5+0xee880)
#1 0x7f397a23cd25 in g_free /home/bellet/Development/glib/glib/gmem.c:194
#2 0x7f397a270be9 in g_slice_free1 /home/bellet/Development/glib/glib/gslice.c:1136
#3 0x7f397a5f16ed in g_type_free_instance /home/bellet/Development/glib/gobject/gtype.c:1943
#4 0x7f397a5ae623 in g_object_unref /home/bellet/Development/glib/gobject/gobject.c:3355
#5 0x7f397a5ae623 in g_object_unref /home/bellet/Development/glib/gobject/gobject.c:3236
#6 0x7f39197c1695 in socket_send_message /home/bellet/Development/libnice/socket/udp-bsd.c:263
#7 0x7f39197c1695 in socket_send_messages /home/bellet/Development/libnice/socket/udp-bsd.c:305
#8 0x7f39197ba141 in nice_socket_send_messages /home/bellet/Development/libnice/socket/socket.c:153
#9 0x7f39197c5124 in _socket_send_messages_wrapped /home/bellet/Development/libnice/socket/udp-turn.c:658
#10 0x7f39197c55be in _socket_send_wrapped /home/bellet/Development/libnice/socket/udp-turn.c:721
#11 0x7f39197c7010 in priv_retransmissions_tick_unlocked /home/bellet/Development/libnice/socket/udp-turn.c:1764
#12 0x7f39197c8f68 in priv_retransmissions_tick /home/bellet/Development/libnice/socket/udp-turn.c:1860
#13 0x7f397a23049d in g_timeout_dispatch /home/bellet/Development/glib/glib/gmain.c:4651
#14 0x7f397a22f19b in g_main_dispatch /home/bellet/Development/glib/glib/gmain.c:3178
#15 0x7f397a22f19b in g_main_context_dispatch /home/bellet/Development/glib/glib/gmain.c:3831
#16 0x7f397a22fa97 in g_main_context_iterate /home/bellet/Development/glib/glib/gmain.c:3904
#17 0x7f397a23007f in g_main_loop_run /home/bellet/Development/glib/glib/gmain.c:4100
#18 0x7f3919a24cb0 in fs_nice_agent_main_thread /home/bellet/Development/farstream/transmitters/nice/fs-nice-agent.c:313
#19 0x7f397a284385 in g_thread_proxy /home/bellet/Development/glib/glib/gthread.c:784
#20 0x7f3978835593 in start_thread (/lib64/libpthread.so.0+0x7593)
I didn't bissect precisely the case, but it could be related to the removal of the global agent lock with commit da41258a.