Add the ability for Kodi to properly navigate Box Sets by the-black-eagle · Pull Request #1 · the-black-eagle/xbmc

the-black-eagle · 2019-08-31T18:24:16Z

Description

Kodi currently treats a box set as an album and lists all songs on that album in track and disc order. This makes it difficult to navigate in sets that have many discs.

Motivation and Context

This change adds the ability for Kodi to split an 'album' into it's separate discs and for each of those discs to be navigated independently.

How Has This Been Tested?

Building and testing locally with multiple albums, including single disc albums, two and three disc sets, compilations and proper box sets. Also tested with mis-tagged albums

Ubuntu 18.04 64bit, ddd for debugging. Multiple music sources.

It does not affect any other areas.

Screenshots (if appropriate):

Types of change

Bug fix (non-breaking change which fixes an issue)
Clean up (non-breaking change which removes non-working, unmaintained functionality)
Improvement (non-breaking change which improves existing functionality)
[X ] New feature (non-breaking change which adds functionality)
Breaking change (fix or feature that will cause existing functionality to change)
Cosmetic change (non-breaking change that doesn't touch code)
None of the above (please explain below)

Checklist:

[X ] My code follows the Code Guidelines of this project
[X ] My change requires a change to the documentation, either Doxygen or wiki
I have updated the documentation accordingly
[ X] I have read the Contributing document
I have added tests to cover my change
[ X] All new and existing tests passed

DaveTBlake · 2019-08-31T18:46:34Z

Marvellous, a PR. :)
I'll have a look tomorrow, meanwhile if you could rebase without all the whitespace changes it would make me happy person.

the-black-eagle · 2019-08-31T18:49:30Z

I will try Dave. I've already added support for TSST to CMusicInfoTagLoaderFFmpeg::Load and am about to address the db update.

the-black-eagle · 2019-09-01T05:20:42Z

OK, so I'm stuck on fixing this whitespace issue! I've rebased again, and git tells me that everything is up to date on both branches but it doesn't seem to have changed anything.

DaveTBlake · 2019-09-01T08:01:27Z

              " strType text, strGender text, strDisambiguation text, "
              " strBorn text, strFormed text, strGenres text, strMoods text, "
-              " strStyles text, strInstruments text, strBiography text, "
+              " strDiscSubtitle text, strStyles text, strInstruments text, strBiography text, "


Discsubtitle in the artist table??? That is a boo boo for sure.

DaveTBlake · 2019-09-01T08:07:52Z

-  SetMusicNeedsTagScan(60);
+  // The last schema change needing forced rescanning was 73.
+  // This is because Kodi can now read and process extra tags involved in the creation of box sets.
+  SetMusicNeedsTagScan(73);


OK force a rescan, otherwise no one will see anything.
Although one idea was during development to allow the rescanning to be optional when possible (even though to test the new features they need to rescan) and then bump this for say alpha and apply all the tag additions in one go.
There are going to be more tag additions (I have a list ready to do), so may decide to remove this for the Kodi PR depending on how near to PR I get with those additions.

DaveTBlake · 2019-09-01T08:12:48Z

OK, so I'm stuck on fixing this whitespace issue! I've rebased again, and git tells me that everything is up to date on both branches but it doesn't seem to have changed anything.

The whitespace is edited in your original commit, so you need to create that commit without those changes

DaveTBlake · 2019-09-01T08:47:41Z

I am wondering what happens with CTagLoaderTagLib::SetReleaseType if the DISCSUBTITLE tag value is read after RELEASETYPE? I don't think there is any defined order for metadata. You need to gather all the tag data, and only then can you use them in combination.

This could be done in CMusicInfoScanner::FileItemsToAlbums and/or creator of CAlbum (where artist credits are gathered from several tags). Note there are two distinct paths to how an album gets identified from tags depending on having mbid tags or not. This is historic and not ideal because of the inconsitencies it introduces (over say misssing ALBUMARTIST tags), and something I should look at one day. Anyway I'm just giving a pointer where to look.

Also no tag reading doesn't just handle different separators. See how they are done in CAlbum::SetArtistCredits using StringUtils::SplitMulti

the-black-eagle · 2019-09-01T10:10:31Z

I don't think it matters in this instance which order the tags come in. My code should handle it in either case. If the disc subtitle has not yet been read, strDiscSubtitle will be empty, so it will get set to 'dummy' because of the 'boxset' in the tag. If the disc subtitle is read at a later point, 'dummy' will be overwritten by the correct title. If it's already been read then 'dummy' will be set only if it's empty. Either path leads to a value in strDiscSubtitle. IF the actual disc title is empty and it is read later (which will overwrite 'dummy') it doesn't matter because the boxset flag is true and it will just get set back to dummy again.

DaveTBlake · 2019-09-01T17:22:42Z

+        }
+      }
+      if (count < 3 && !album.bBoxedSet)  // must have more than 2 titled discs to be considered a boxset unless tag was set
+        album.bBoxedSet = false;    }


This only reached when !album.bBoxedSet anyway, setting does nothing?

Yes it does, because bBoxedSet could have been forced to true by setting the tag, in which case, we don't want to set it to false if there are less than 3 discs. If you take it out, you cannot make a twin disc set into a boxset. Not sure why you would want to, but someone might. It also messes up making boxsets from albums where the discs are in separate directories.

DaveTBlake · 2019-09-01T17:22:58Z

+  {
+    if (album.bCompilation  && !album.bBoxedSet)
+    {
+      album.bBoxedSet = false;


This only reached when !album.bBoxedSet anyway, setting does nothing?

Yeah, setting the bool to false again is pointless, it should just be continue. I'll take line 943 out. The check is important though, because without it, Kodi will start to create a boxset for a compilation (and it will show in the first node) but there won't be any discs associated with it.

DaveTBlake · 2019-09-01T17:28:17Z

Fair enough regarding tag order processing I guess I just didn't expect it to be in the tag processing. I do need to look more closely overall, I'm just chipping a little bits at the moment (dsitracted with other things).

But I still need you to banish those cosmetic whitespace changes that make it look like you have involved areas of cocde that are nothing to do with this PR. Did the Estuary changes really come down to so little after all, or is another commit going to appear?

DaveTBlake · 2019-09-01T17:31:19Z

 #include "utils/Archive.h"
 #include "utils/StringUtils.h"
 #include "utils/Variant.h"
+#include "utils/log.h"


Nope. And yeah, the Estuary changes were only small although the initial commit included some other files that I had edited whilst trying to get it to display what I wanted.

DaveTBlake · 2019-09-04T07:13:00Z

Oh dear @the-black-eagle , I have a day off and when I get back the diff is even less readable. I think the problem is that you don't have a static clone of master branch in your repo or you rebased that to the current master but didn't rebase this branch. Either way it needs sorting out please.

the-black-eagle · 2019-09-04T07:22:21Z

I rebased both my master branch and this one to the current upstream master. If I close this and open a new PR against my current master, will that work ?

DaveTBlake · 2019-09-04T07:18:42Z

 msgstr ""

-#empty string with id 520
+#: empty string 520


Revert to original text

DaveTBlake · 2019-09-04T07:19:15Z

 msgstr ""

-#empty string with id 20341
+#: empty string #20341


Revert to original text/spaces

DaveTBlake · 2019-09-04T07:21:59Z


-#empty strings from id 471 to 473
+msgctxt "#471"
+msgid "Disc Title"


While it seems obvious to put this here near "disc" the 3-digit message text ids are old and impossible to search for, hence no new messages are to be added in this range. Move to a higher ID

DaveTBlake · 2019-09-04T07:23:05Z

 #: addons/skin.estuary/xml/Variables.xml
 msgctxt "#427"
-msgid "Disc"
+msgid "Disc Number"


Are you sure xbmc#427 isn't used somewhere else where adding " number" is incorrect? Need to take great care with the old 3-digit ID messages

DaveTBlake · 2019-09-04T07:23:58Z

-#empty strings from id 38074 to 38099
-#strings 38074 to 38099 reserved for music library
+msgctxt "#38074"
+msgid "Box-sets"


"Box-sets", "Box sets".... hyphen consistency?

DaveTBlake · 2019-09-04T07:34:21Z

 ///     with id (or current container if id is omitted).
 ///     @note This is slightly delayed from the actual scroll start. Use
-///     \ref Container_OnScrollNext "Container(id).OnScrollNext" or 
+///     \ref Container_OnScrollNext "Container(id).OnScrollNext" or


Revert cosmetic whitespace change

DaveTBlake · 2019-09-04T07:34:32Z

 ///                  \anchor Container_CurrentItem
 ///                  _integer_,
-///     @return The current item in the container or grouplist with given id. 
+///     @return The current item in the container or grouplist with given id.


Revert cosmetic whitespace change

DaveTBlake · 2019-09-04T07:34:44Z

 ///     @param offset - The offset for the listitem.
-///     @note That means if the last item of a list is focused\, `ListItemNoWrap(1)` 
-///     will be empty while `ListItem(1)` will return the first item of the list. 
+///     @note That means if the last item of a list is focused\, `ListItemNoWrap(1)`


Revert cosmetic whitespace changes

DaveTBlake · 2019-09-04T07:35:07Z

 ///     @return **True** if the current container you are in contains the following:
-///       - <b>files</b> 
-///       - <b>songs</b> 
+///       - <b>files</b>


Revert cosmetic whitespace change

DaveTBlake · 2019-09-04T07:35:42Z

+///       - <b>songs</b>
 ///       - <b>artists</b>
-///       - <b>albums</b> 
+///       - <b>albums</b>


Revert cosmetic whitespace change....
You can see all of them. Fix it!!

All fixed......I think.

DaveTBlake

I know just starting to look at JSON changes, but some early feedback.
Will want related stuff JSON in a separate commit, and skin changes separately too but most of the other commits can be squashed. In fact it may help to have them squashed now, and certainly get the master they are compared against and the master you started from to match.

DaveTBlake · 2019-09-04T07:42:49Z

      { "name": "includesingles", "type": "boolean", "default": false },
-      { "name": "allroles", "type": "boolean", "default":false, "description": "Whether or not to include all roles when filtering by artist, rather than the default of excluding other contributions. When true it overrides any role filter value." }
+      { "name": "allroles", "type": "boolean", "default":false, "description": "Whether or not to include all roles when filtering by artist, rather than the default of excluding other contributions. When true it overrides any role filter value." },
+      { "name": "boxset", "type": "boolean", "default": false, "description": "When true only returns albums that are also boxsets"}


I know you are just beginning to look at this.
I don't think boxset should be a separate parameter like this, but part of the general filtering instead (working the way that smart playlists work).

DaveTBlake · 2019-09-04T07:43:37Z

      "enum": [ "title", "description", "artist", "genre",
                "theme", "mood", "style", "type", "albumlabel",
-                "rating", "votes", "userrating","year", "musicbrainzalbumid",
+                "rating", "votes", "userrating","year", "boxset", "musicbrainzalbumid",


New fields must be added at the end, in case any existing API consumers are using position of fields rather than name.

DaveTBlake · 2019-09-04T07:44:04Z

      "title": { "type": "string" },
      "artist": { "$ref": "Array.String" },
      "year": { "type": "integer" },
+      "boxset" : {"type": "integer" },


New fields at end

DaveTBlake · 2019-09-04T07:44:24Z

                "episodeguide", "uniqueid", "dateadded", "channel", "channeltype", "hidden",
                "locked", "channelnumber", "starttime", "endtime", "specialsortseason",
-                "specialsortepisode", "compilation", "releasetype", "albumreleasetype",
+                "specialsortepisode", "compilation", "boxset", "releasetype", "albumreleasetype",


DaveTBlake · 2019-09-04T07:55:50Z

I rebased both my master branch and this one to the current upstream master. If I close this and open a new PR against my current master, will that work ?

That will just sever all the comments already made, so don't do that just yet.
If the masters have been updated then it looks to me like you have not rebased your ADD_BOXSETS_ABILITY branch against them.
Rebase your local master, push that to your repo
git checkout master
git fetch upstream
git rebase upstream/master
git push -f origin master

Then rebase your local ADD_BOXSETS_ABILITY against local master, do some squashing while you are doing that. Finaly force push that to your repo, and this PR will update magically

DaveTBlake · 2019-09-04T07:57:24Z

Sorry about the whitespace comment rampage, but it was begining to get to me!

DaveTBlake · 2019-09-04T08:24:54Z

      long GetSongId() { return m_idSong; }
      long GetYear() { return m_year; }
-
+      long GetDisc() { return m_idAlbum; }


m_disc not m_idAlbum?

DaveTBlake · 2019-09-04T08:27:34Z

    iUserrating = -1;
    iVotes = -1;
    iYear = -1;
+    bBoxedSet  = false;


Since everything else is "box set" I guess bBoxSet would be more consistent.
Then again the field in the db is boxedset.....

Remove unused code, switch to using pItem->SetArt Add support for reading disc subtitles Bump db version to 73. Update album & song tables for box sets Remove strDiscSubtitle from artist table

DaveTBlake · 2019-09-04T15:31:33Z

Good you have sorted out the master.diff problem. :)
Unfortuneately I'm unlikely to be able to really dig into this until the weekend (although you may get some passing comments if I get time). I want to really think about it, and I just haven't had chance.

Meanwhile MusicDatabase.cpp and MusicInfoScanner.cpp still have distracting whitespace changes. They will need to go before a real PR (otherwise having cosmetic changes dotted all over a PR that adds a feature makes diffs and subsequent Git blame impossible to use). Yes MusicDatabase.cpp is in need of a big cosmetic clean-up of whitespace and out-of-date style (not to mention Doxygen comment documenting), but it needs to be a PR just for that. Anyway they need to go eventually, and it would make my life a whole lot easier if they went now.

the-black-eagle · 2019-09-04T16:40:59Z

Sure. There is no rush Dave, and by the weekend I should have cleaned up the whitespace issues, fixed a couple of silly errors I made today when tidying things and squashed the commits for that into one or two. I'm well aware that a real PR will have to be spot-on to even have a chance of being accepted.

DaveTBlake · 2019-09-05T07:11:32Z

  {
-    for (CVariant::const_iterator_array field = parameterObject["properties"].begin_array(); 
-      field != parameterObject["properties"].end_array(); field++)
-      fields.insert(field->asString());


Restore missing insert

the-black-eagle · 2019-09-15T11:52:27Z

Multiple disc is indeed more common than boxed sets with volumes. However, I don't see why we can't have the best of both worlds. In spite of a little inflexibility in the UI engine, it's perfectly possible to do both things because of the 'rules' of a boxset.

We decided a boxset has to be three or more discs and that all those discs have to have subtitles in the tags. If an album doesn't have the subtitle tags but a user thinks it should be a set, they can set the boxset tag which automatically generates a title for each disc that is missing one. Therefore, there are titles for any disc in a boxset, as opposed to most other albums which might only have a title for one disc (bonus disc, live version, original version etc etc).
Taking that further, if an album has disc titles then it's likely (but not always necessarily true) that it's a boxset. Obviously if there are no titles, it definitely isn't a set and splitting on disc number is ideal. If however there are titles then we can split on those. This keeps volumes together but splits up everything else. The only time I can see where there might possibly be an issue is if the first disc has a subtitle but the others do not. However, upon thinking about it, it wouldn't be an issue because your code generates a 'disc %i' title for any disc without one.
Anyway, I had a bash at implementing it! Turned out to not be too difficult really. Keeps discs with the same title grouped together, splits up multi-disc albums into individual discs. My Tree full of Secrets is now correctly showing two discs per volume and 9 volumes + the last disc (Volume 9 is only one disc). 2, 3, 4 and 5 CD sets that aren't boxsets also split correctly and show the right amount of discs as do the 'real' boxsets. Currently I've only tested with a small subset of around 60 albums but I'll be expanding that later. The test albums have one or two with disc names in only some of the discs, a couple with the boxset tag set, two that are mis-tagged on purpose and a bunch of 2, 3, 4 & 5 CD sets as well as some single CD albums (some with disc titles and some without).

DaveTBlake · 2019-09-15T21:50:39Z

It is not fetching the data that concerns me, that is quite doable, it is what is the concept this creates, what is the node content? Not "discs", despite being based on DISCSUBTITLE, because splitting into discs gives a different result. Does the "volume" then get split into actual discs? Calling it a volume just because the example you gave happend to use that in the DISCSUBTITLE tag isn't reasoned design either (just useful shothand for this discusson). It is arbitrary parts that might have meaning for a specific boxed set, or could be a tagging error. Even MB does n't list 9 volumes, it breaks the release like all the other releases into 18 discs. Adding an extra level of discs (based on disc number) to albums > songs is fine, taking DISCSUBTITLE as a well defined and well used tag that Kodi can base a node upon is not. Adding more than one new level to navigation with the intermediate level not having a generic definition and only aviallable is special circumstances is just not good.

Imagine explaining it to certain users. Nagivation genres > artists >albums > parts/volumes (sometimes) > discs (if more than one and option enabled) >songs

the-black-eagle · 2019-09-16T09:48:15Z

No, the 'volume' does not get split further. If you open a volume you get the contents of both discs in that volume. From a user point of view, that's what I'd expect to happen. So it goes albums > discs/volumes > tracks. I can happily agree that it's a niche area, but do users really want to look at all 18 discs at once or 9 volumes ? For me, the latter is the better option and I've got no problem with opening a volume and seeing the contents of two discs inside, because that's whats meant to be in a volume. In all other cases, the albums are split into individual discs. That includes all other albums that have more than 1 disc.
I guess my reasons for wanting to do it this way is that it's more aesthetically pleasing in the GUI whereas your reasons against doing it are more technical. There is no way I'd want to split up a very large set, say 30+ CD's into individual discs and navigate through those if I don't have to. Even if it meant writing my own DISCSUBTITLE tags to sub-divide it into 2 or 3 discs at a time, I'd do that if I knew that Kodi could replicate that division on screen. It's not another level, it's a way of telling Kodi that these x amount of discs go together in the same way that an album title says these tracks go together. The navigation is still album > discs > tracks except that 'discs' has the possibility of containing the contents of more than one actual disc where grouping them together makes sense, either because MB have tagged them like that, or the user has. In all the testing that I have done, this doesn't affect anything else apart from grouping together discs with the same title, which is presumably why they are tagged with the same title in the first place. Which is better to see on screen, Vol 1, Vol 1, Vol 2, Vol 2, Vol 3 etc or Vol 1, Vol 2, Vol 3 ? If you were coming to Kodi for the first time, would you expect to see those duplicates, or expect it to be able to group them together ?

DaveTBlake · 2019-09-16T13:17:11Z

I guess my reasons for wanting to do it this way is that it's more aesthetically pleasing in the GUI whereas your reasons against doing it are more technical

Yes, that is exactly right. I do understand why as a user you want what I see as a fuzzy split into discs/volumes, but OTOH it is so niche conceptually. Setting out knowing the sometimes "discs" are not actually going to be discs just seems icky. "Disc groups"? No, not seriously. Also what about art for volumes, grouped discs, whatever they are? Having folders per disc, using disc number are nice generic ideas, you can't use title in the same way.

But I don't want to piss you off with a "no, no, no" attitude, so show me. I was half expecting an example of what you want to do to appear as a commit on #2. Perhaps do that.

You also need to be aware that looking at CDirectoryNodes has resulted in https://github.com/DaveTBlake/xbmc/tree/NodeFolderLabelAll and a PR to Kodi which I will merge sooner or later but hope to get a review if I can find an interested team member. It could be worth pulling that in and rebasing on top of it.

DaveTBlake · 2019-09-16T14:08:15Z

An approach, that I don't think you will like but is more generic, would be to spot where the same non-null DISCSUBTITLE value has been set for more than one disc in the album (boxed set or not), and to append the disc number. So for that dreaded example you would see "Vol1 (Disc 1)", "Vol1 (Disc 2)", "Vol2 (Disc 3)", "Vol2 (Disc 4)" etc. , better than repeated titles on screen.

That would make me happy technically, the node type/level would always be "discs", not sometimes some other parts. Also each volume of "A tree full of secrets" is pretty huge, surely it is more useful split into discs, and when you want to play a volume you add both separately?

the-black-eagle · 2019-09-16T15:08:57Z

Backwards again !!!

Yeah it is pretty big, but 2 discs of tracks is a useable, manageable chunk. There is a Rachmaninoff set on MB with 32 discs. I'd love to be able to split that into 11 sets rather than 32 individual discs - it has no titles anyway so left like that it would show as 32 discs.

Vol 1(disc 1) etc is better than just Vol 1, Vol 1.

Art. Kodi shows the right cover for each volume because each disc has to have a cover otherwise one disc will show blank art when you play it. So I still need to assign 18 covers although Kodi finds these and does it automatically. If not, when scrolling down the list of tracks, when you get to the second disc, the art would disappear......I just know you're probably not going to like that although it's no different to assigning the art if you split it into individual discs.

Oh, I have a commit ready to go. A couple actually. One that adds the art stuff, one that does this and one that fixes a bug that I found today where the song table was not being updated correctly for an album that already existed in a different path.

Don't worry about pissing me off, it's extremely unlikely to happen no matter which way things eventually go. Discussion is always good, as are other peoples points of view. 'Fuzzy' it might be, but fuzzy logic gives scope for flexibility where hard and fast rules do not. It's probably not going to be seen by that many people, but the ones that do see it will just think Kodi is smart. If it doesn't go in, how long before someone shows up on the forum saying that they have discs with the same titles, why doesn't kodi group them ? In fact, maybe some more user feedback about this would be helpful. What do actual users want ? The ones that want to be able to see proper sets, how do they want them split up ?

DaveTBlake · 2019-09-16T16:10:43Z

Backwards again !!!

Which bit, all of it?

In fact, maybe some more user feedback about this would be helpful. What do actual users want?

That is always tricky. The most vocal on the forum are not necessarily the most representative in opinion or use, but where else can you go. Then you have us team members, and we are always sure we are right even with features we don't use ;) And of course the answers you get always depend on the way you ask the question.

Can we hammer away on this a bit more before raising users hopes/expectations with a forum posting. I want to look at what you have done, see if I can pick serious holes first.

Art: you may have mixed up what is done by core and what is at the discretion of the skin, yet to check more carefully.

Great you are robust, I may be criticising your design/implementation but I am not attacking you. I am delighted that you have taken up this challenge.

Before was about externalproject_add and related values quotation marks used. This breaks since cmake 3.18.0 his use (3.17.4 ok about). There it reports this by project related "PATCH_COMMAND ${PATCH_COMMAND}" as there a "" behind and seems to take this instead of patch path. Produced error message: ``` patching file '' Hunk #1 FAILED at 16. 1 out of 1 hunk FAILED -- saving rejects to file .rej /usr/bin/patch: **** Can't reopen file '' : No such file or directory ``` This 2 values has used the quotation marks: INSTALL_COMMAND EXTERNALPROJECT_SETUP This remove them to have working again and fix e.g. Azure build system where takes this new version.

Previously, if the language addon was deleted for any reason, Kodi crashed on startup. This adds a check that the add-on is actually there. Here the backtrace about crash before: ``` \#0 CLangInfo::SetLanguage (this=0x55555ad37eb0, language="resource.language.de_de", reloadServices=false) at /home/alwin/Development/Kodi/kodi-Matrix/xbmc/LangInfo.cpp:670 \#1 0x0000555557ad51eb in CApplication::LoadLanguage (this=0x55555ad34c20, reload=false) at /home/alwin/Development/Kodi/kodi-Matrix/xbmc/Application.cpp:4915 \#2 0x0000555557abdbd0 in CApplication::Initialize (this=0x55555ad34c20) at /home/alwin/Development/Kodi/kodi-Matrix/xbmc/Application.cpp:737 \#3 0x0000555557635500 in XBMC_Run (renderGUI=true, params=...) at /home/alwin/Development/Kodi/kodi-Matrix/xbmc/platform/xbmc.cpp:46 \#4 0x0000555556e0b08c in main (argc=1, argv=0x7fffffffdf38) at /home/alwin/Development/Kodi/kodi-Matrix/xbmc/platform/posix/main.cpp:77 ```

Building Kodi with asan+lsan+ubsan breaks with the following error: ================================================================= ==241706==ERROR: LeakSanitizer: detected memory leaks Direct leak of 69370335 byte(s) in 661 object(s) allocated from: #0 0x7fb290a737a7 in operator new[](unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.6+0xab7a7) #1 0x563e2bed8b09 in PNGDecoder::LoadFile(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, DecodedFrames&) (/build/kodi-18.8+dfsg1/kodi_build_x11/build/texturepacker/TexturePacker+0x17cb09) #2 0x563e2be71392 in DecoderManager::LoadFile(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, DecodedFrames&) (/build/kodi-18.8+dfsg1/kodi_build_x11/build/texturepacker/TexturePacker+0x115392) #3 0x563e2be7d1bf in createBundle(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, double, unsigned int, bool) (/build/kodi-18.8+dfsg1/kodi_build_x11/build/texturepacker/TexturePacker+0x1211bf) #4 0x563e2be69990 in main (/build/kodi-18.8+dfsg1/kodi_build_x11/build/texturepacker/TexturePacker+0x10d990) #5 0x7fb28fbc7cc9 in __libc_start_main ../csu/libc-start.c:308 SUMMARY: AddressSanitizer: 69370335 byte(s) leaked in 661 allocation(s). The root cause of the leak is decoder's FreeDecodedFrames never called. This commit fixes the leak by refactoring the following aspects: * Introducing the pointer to decoder object in the decoded frame, * Changing IDecoder::FreeDecodedFrames to IDecoder::FreeDecodedFrame cleaning single frame at a time * Moving iteration over frames to DecoderManager::FreeDecodedFrames * Removing unnecessary DecodedFrames.user Signed-off-by: Vasyl Gello <vasek.gello@gmail.com>

There was tried to open local add-on with value "m_localAddon" where at repo content not set! This has created the following crash: ```gdb Thread 1 "kodi.bin" received signal SIGSEGV, Segmentation fault. 0x0000555557be400e in CGUIDialogAddonInfo::UpdateControls (this=0x55555bdf8a30, performButtonFocus=PerformButtonFocus::CHOICE_YES) at /home/alwin/Dev/kodi/kodi/xbmc/addons/gui/GUIDialogAddonInfo.cpp:263 263 const bool hasSettings = m_localAddon->CanHaveAddonOrInstanceSettings(); (gdb) (gdb) bt #0 0x0000555557be400e in CGUIDialogAddonInfo::UpdateControls(PerformButtonFocus) (this=0x55555bdf8a30, performButtonFocus=PerformButtonFocus::CHOICE_YES) at /home/alwin/Dev/kodi/kodi/xbmc/addons/gui/GUIDialogAddonInfo.cpp:263 #1 0x0000555557be2d95 in CGUIDialogAddonInfo::OnInitWindow() (this=0x55555bdf8a30) at /home/alwin/Dev/kodi/kodi/xbmc/addons/gui/GUIDialogAddonInfo.cpp:169 #2 0x0000555557a62565 in CGUIWindow::OnMessage(CGUIMessage&) (this=0x55555bdf8a30, message=...) at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIWindow.cpp:588 #3 0x00005555579d4bef in CGUIDialog::OnMessage(CGUIMessage&) (this=0x55555bdf8a30, message=...) at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIDialog.cpp:92 #4 0x0000555557be2bfc in CGUIDialogAddonInfo::OnMessage(CGUIMessage&) (this=0x55555bdf8a30, message=...) at /home/alwin/Dev/kodi/kodi/xbmc/addons/gui/GUIDialogAddonInfo.cpp:152 #5 0x00005555579d5092 in CGUIDialog::Open_Internal(bool, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (this=0x55555bdf8a30, bProcessRenderLoop=true, param="") at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIDialog.cpp:169 #6 0x00005555579d52a2 in CGUIDialog::Open(bool, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (this=0x55555bdf8a30, bProcessRenderLoop=true, param="") at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIDialog.cpp:201 #7 0x00005555579d5182 in CGUIDialog::Open(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (this=0x55555bdf8a30, param="") at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIDialog.cpp:187 #8 0x0000555557be99df in CGUIDialogAddonInfo::ShowForItem(std::shared_ptr<CFileItem> const&) (item=std::shared_ptr<CFileItem> (use count 6, weak count 0) = {...}) at /home/alwin/Dev/kodi/kodi/xbmc/addons/gui/GUIDialogAddonInfo.cpp:806 #9 0x0000555557bf7e4c in CGUIWindowAddonBrowser::OnClick(int, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (this=0x55555bdcdbb0, iItem=1, player="") at /home/alwin/Dev/kodi/kodi/xbmc/addons/gui/GUIWindowAddonBrowser.cpp:256 #10 0x00005555576ae097 in CGUIMediaWindow::OnSelect(int) (this=0x55555bdcdbb0, item=1) at /home/alwin/Dev/kodi/kodi/xbmc/windows/GUIMediaWindow.cpp:1186 #11 0x00005555576a759d in CGUIMediaWindow::OnMessage(CGUIMessage&) (this=0x55555bdcdbb0, message=...) at /home/alwin/Dev/kodi/kodi/xbmc/windows/GUIMediaWindow.cpp:309 #12 0x0000555557bf6f1d in CGUIWindowAddonBrowser::OnMessage(CGUIMessage&) (this=0x55555bdcdbb0, message=...) at /home/alwin/Dev/kodi/kodi/xbmc/addons/gui/GUIWindowAddonBrowser.cpp:150 xbmc#13 0x00005555579b1b42 in CGUIControl::SendWindowMessage(CGUIMessage&) const (this=0x55555cdfee90, message=...) at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIControl.cpp:313 xbmc#14 0x000055555799edb2 in CGUIBaseContainer::OnClick(int) (this=0x55555cdfee90, actionID=7) at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIBaseContainer.cpp:873 xbmc#15 0x000055555799c917 in CGUIBaseContainer::OnAction(CAction const&) (this=0x55555cdfee90, action=...) at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIBaseContainer.cpp:450 xbmc#16 0x00005555579df9ab in CGUIFixedListContainer::OnAction(CAction const&) (this=0x55555cdfee90, action=...) at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIFixedListContainer.cpp:70 xbmc#17 0x0000555557a6197b in CGUIWindow::OnAction(CAction const&) (this=0x55555bdcdbb0, action=...) at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIWindow.cpp:425 xbmc#18 0x00005555576a6938 in CGUIMediaWindow::OnAction(CAction const&) (this=0x55555bdcdbb0, action=...) at /home/alwin/Dev/kodi/kodi/xbmc/windows/GUIMediaWindow.cpp:188 xbmc#19 0x0000555557a6f570 in CGUIWindowManager::HandleAction(CAction const&) const (this=0x55555b404e80, action=...) at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIWindowManager.cpp:1173 xbmc#20 0x0000555557a6f2d3 in CGUIWindowManager::OnAction(CAction const&) const (this=0x55555b404e80, action=...) at /home/alwin/Dev/kodi/kodi/xbmc/guilib/GUIWindowManager.cpp:1118 xbmc#21 0x0000555557d216ad in CApplication::OnAction(CAction const&) (this=0x55555affd9f0, action=...) at /home/alwin/Dev/kodi/kodi/xbmc/Application.cpp:968 xbmc#22 0x0000555557939465 in CInputManager::ExecuteInputAction(CAction const&) (this=0x55555b12cc30, action=...) at /home/alwin/Dev/kodi/kodi/xbmc/input/InputManager.cpp:718 xbmc#23 0x0000555557938d05 in CInputManager::HandleKey(CKey const&) (this=0x55555b12cc30, key=...) at /home/alwin/Dev/kodi/kodi/xbmc/input/InputManager.cpp:653 xbmc#24 0x0000555557939047 in CInputManager::OnKeyUp(CKey const&) (this=0x55555b12cc30, key=...) at /home/alwin/Dev/kodi/kodi/xbmc/input/InputManager.cpp:666 xbmc#25 0x0000555557937484 in CInputManager::OnEvent(XBMC_Event&) (this=0x55555b12cc30, newEvent=...) at /home/alwin/Dev/kodi/kodi/xbmc/input/InputManager.cpp:345 xbmc#26 0x0000555557d1d0db in CApplication::HandlePortEvents() (this=0x55555affd9f0) at /home/alwin/Dev/kodi/kodi/xbmc/Application.cpp:317 xbmc#27 0x0000555557d257d3 in CApplication::FrameMove(bool, bool) (this=0x55555affd9f0, processEvents=true, processGUI=true) at /home/alwin/Dev/kodi/kodi/xbmc/Application.cpp:1752 xbmc#28 0x0000555557d25e29 in CApplication::Run() (this=0x55555affd9f0) at /home/alwin/Dev/kodi/kodi/xbmc/Application.cpp:1855 xbmc#29 0x000055555787b5e8 in XBMC_Run(bool, std::shared_ptr<CAppParams> const&) (renderGUI=true, params=std::shared_ptr<CAppParams> (use count 3, weak count 0) = {...}) at /home/alwin/Dev/kodi/kodi/xbmc/platform/xbmc.cpp:64 xbmc#30 0x0000555557025f89 in main(int, char**) (argc=1, argv=0x7fffffffdb28) at /home/alwin/Dev/kodi/kodi/xbmc/platform/posix/main.cpp:69 ```

UBSAN error: xbmc/network/websocket/WebSocket.cpp:107:14: runtime error: load of misaligned address 0x63100021c802 for type 'const uint32_t' (aka 'const unsigned int'), which requires 4 byte alignment 0x63100021c802: note: pointer points here 00 00 88 82 cf d3 5c c3 cc 3a 00 be be be be be be be be be be be be be be be be be be be be be ^ #0 0x56360048bf64 in CWebSocketFrame::CWebSocketFrame(char const*, unsigned long) xbmc/network/websocket/WebSocket.cpp:107:14 #1 0x5636004a6905 in CWebSocketV8::GetFrame(char const*, unsigned long) xbmc/network/websocket/WebSocketV8.cpp:145:14 #2 0x563600491ec9 in CWebSocket::Handle(char const*&, unsigned long&, bool&) xbmc/network/websocket/WebSocket.cpp:298:34 #3 0x5636005b05dd in JSONRPC::CTCPServer::CWebSocketClient::PushBuffer(JSONRPC::CTCPServer*, char const*, int) xbmc/network/TCPServer.cpp:716:29 #4 0x5636005a3760 in JSONRPC::CTCPServer::Process() xbmc/network/TCPServer.cpp:171:33 #5 0x5636005a6858 in non-virtual thunk to JSONRPC::CTCPServer::Process() xbmc/network/TCPServer.cpp #6 0x5635fca1fe32 in CThread::Action() xbmc/threads/Thread.cpp:283:5 #7 0x5635fca225f6 in CThread::Create(bool)::$_0::operator()(CThread*, std::promise<bool>) const xbmc/threads/Thread.cpp:152:18 #8 0x5635fca212d6 in void std::__invoke_impl<void, CThread::Create(bool)::$_0, CThread*, std::promise<bool>>(std::__invoke_other, CThread::Create(bool)::$_0&&, CThread*&&, std::promise<bool>&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/invoke.h:61:14 #9 0x5635fca20f06 in std::__invoke_result<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>::type std::__invoke<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>(CThread::Create(bool)::$_0&&, CThread*&&, std::promise<bool>&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/invoke.h:96:14 #10 0x5635fca20e3f in void std::thread::_Invoker<std::tuple<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>>::_M_invoke<0ul, 1ul, 2ul>(std::_Index_tuple<0ul, 1ul, 2ul>) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/std_thread.h:292:13 #11 0x5635fca20cb8 in std::thread::_Invoker<std::tuple<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>>::operator()() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/std_thread.h:299:11 #12 0x5635fca20888 in std::thread::_State_impl<std::thread::_Invoker<std::tuple<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>>>::_M_run() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/std_thread.h:244:13 xbmc#13 0x7f03890e1942 in execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:104:18 xbmc#14 0x7f038a88c9ea (/usr/lib/libc.so.6+0x8c9ea) (BuildId: 316d0d3666387f0e8fb98773f51aa1801027c5ab) xbmc#15 0x7f038a910dfb (/usr/lib/libc.so.6+0x110dfb) (BuildId: 316d0d3666387f0e8fb98773f51aa1801027c5ab) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior xbmc/network/websocket/WebSocket.cpp:107:14 in

…erateDevicesEx * Heap-use-after-free [1] happens when EnumerateDevicesEx calls `GetName` on the registry instance. The string view containing `m_name` in CPipewireGlobal has been already freed by the pipewire library in `connection_ensure_size` function [2]. * In order to mitigate the issue copy the strings returned from pipewire. [1]: ================================================================= ==14082==ERROR: AddressSanitizer: heap-use-after-free on address 0x633000010e60 at pc 0x7effc8461003 bp 0x7effa7bb1e50 sp 0x7effa7bb15f8 READ of size 55 at 0x633000010e60 thread T19 #0 0x7effc8461002 in __interceptor_memcpy /usr/src/debug/gcc/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:899 #1 0x7effc6f11222 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_mutate(unsigned long, unsigned long, char const*, unsigned long) (/usr/lib/libtinyxml.so.0+0xf222) (BuildId: 2f5d236264d4d695dbe432f41e1eb46c7bc2d5d4) #2 0x7effc575a8eb in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_replace(unsigned long, unsigned long, char const*, unsigned long) /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/bits/basic_string.tcc:543 #3 0x55921037c9e7 in std::enable_if<std::__and_<std::is_convertible<std::basic_string_view<char, std::char_traits<char> > const&, std::basic_string_view<char, std::char_traits<char> > >, std::__not_<std::is_convertible<std::basic_string_view<char, std::char_traits<char> > const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const*> >, std::__not_<std::is_convertible<std::basic_string_view<char, std::char_traits<char> > const&, char const*> > >::value, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&>::type std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::assign<std::basic_string_view<char, std::char_traits<char> > >(std::basic_string_view<char, std::char_traits<char> > const&) /usr/include/c++/13.2.1/bits/basic_string.h:1733 #4 0x55921037b622 in std::enable_if<std::__and_<std::is_convertible<std::basic_string_view<char, std::char_traits<char> > const&, std::basic_string_view<char, std::char_traits<char> > >, std::__not_<std::is_convertible<std::basic_string_view<char, std::char_traits<char> > const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const*> >, std::__not_<std::is_convertible<std::basic_string_view<char, std::char_traits<char> > const&, char const*> > >::value, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&>::type std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::operator=<std::basic_string_view<char, std::char_traits<char> > >(std::basic_string_view<char, std::char_traits<char> > const&) /usr/include/c++/13.2.1/bits/basic_string.h:925 #5 0x559213183577 in AE::SINK::CAESinkPipewire::EnumerateDevicesEx(std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool) /home/dobo/kodi/xbmc/xbmc/cores/AudioEngine/Sinks/pipewire/AESinkPipewire.cpp:310 #6 0x55921316198a in void std::__invoke_impl<void, void (*&)(std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool), std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool>(std::__invoke_other, void (*&)(std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool), std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool&&) (/usr/lib/kodi/kodi.bin+0x623998a) (BuildId: a994426076ec43899fd3927b99c3ccdf5393f60f) #7 0x55921316015a in std::enable_if<is_invocable_r_v<void, void (*&)(std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool), std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool>, void>::type std::__invoke_r<void, void (*&)(std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool), std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool>(void (*&)(std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool), std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool&&) /usr/include/c++/13.2.1/bits/invoke.h:111 #8 0x55921315befe in std::_Function_handler<void (std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool), void (*)(std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool)>::_M_invoke(std::_Any_data const&, std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool&&) /usr/include/c++/13.2.1/bits/std_function.h:290 #9 0x5592130a86bf in std::function<void (std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool)>::operator()(std::vector<CAEDeviceInfo, std::allocator<CAEDeviceInfo> >&, bool) const /usr/include/c++/13.2.1/bits/std_function.h:591 #10 0x5592130a6e5a in AE::CAESinkFactory::EnumerateEx(std::vector<AE::AESinkInfo, std::allocator<AE::AESinkInfo> >&, bool, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/dobo/kodi/xbmc/xbmc/cores/AudioEngine/AESinkFactory.cpp:101 #11 0x559213110f45 in ActiveAE::CActiveAESink::EnumerateSinkList(bool, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >) /home/dobo/kodi/xbmc/xbmc/cores/AudioEngine/Engines/ActiveAE/ActiveAESink.cpp:702 #12 0x5592130bdfc2 in ActiveAE::CActiveAE::StateMachine(int, Actor::Protocol*, Actor::Message*) /home/dobo/kodi/xbmc/xbmc/cores/AudioEngine/Engines/ActiveAE/ActiveAE.cpp:517 xbmc#13 0x5592130c2baa in ActiveAE::CActiveAE::Process() /home/dobo/kodi/xbmc/xbmc/cores/AudioEngine/Engines/ActiveAE/ActiveAE.cpp:1070 xbmc#14 0x55921106f9e2 in CThread::Action() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:283 xbmc#15 0x55921106e300 in operator() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:152 xbmc#16 0x559211070410 in __invoke_impl<void, CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/13.2.1/bits/invoke.h:61 xbmc#17 0x5592110702c9 in __invoke<CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/13.2.1/bits/invoke.h:96 xbmc#18 0x5592110701fc in _M_invoke<0, 1, 2> /usr/include/c++/13.2.1/bits/std_thread.h:292 xbmc#19 0x559211070199 in operator() /usr/include/c++/13.2.1/bits/std_thread.h:299 xbmc#20 0x55921107017d in _M_run /usr/include/c++/13.2.1/bits/std_thread.h:244 xbmc#21 0x7effc56e1942 in execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:104 xbmc#22 0x7effc628c9ea (/usr/lib/libc.so.6+0x8c9ea) (BuildId: 316d0d3666387f0e8fb98773f51aa1801027c5ab) xbmc#23 0x7effc6310dfb (/usr/lib/libc.so.6+0x110dfb) (BuildId: 316d0d3666387f0e8fb98773f51aa1801027c5ab) 0x633000010e60 is located 67168 bytes inside of 98304-byte region [0x633000000800,0x633000018800) freed by thread T3 here: #0 0x7effc84e007a in __interceptor_realloc /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:85 #1 0x7effbee91c2f in connection_ensure_size ../pipewire/src/modules/module-protocol-native/connection.c:143 previously allocated by thread T3 here: #0 0x7effc84e007a in __interceptor_realloc /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:85 #1 0x7effbee91c2f in connection_ensure_size ../pipewire/src/modules/module-protocol-native/connection.c:143 Thread T19 created by T0 here: #0 0x7effc844a497 in __interceptor_pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:208 #1 0x7effc56e1a29 in __gthread_create /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:663 #2 0x7effc56e1a29 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:172 #3 0x55921106ee30 in CThread::Create(bool) /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:175 #4 0x5592130d96cd in ActiveAE::CActiveAE::Start() /home/dobo/kodi/xbmc/xbmc/cores/AudioEngine/Engines/ActiveAE/ActiveAE.cpp:2675 #5 0x5592117bc377 in CApplication::Initialize() /home/dobo/kodi/xbmc/xbmc/application/Application.cpp:610 #6 0x559211124646 in XBMC_Run /home/dobo/kodi/xbmc/xbmc/platform/xbmc.cpp:43 #7 0x55920fd30a70 in main /home/dobo/kodi/xbmc/xbmc/platform/posix/main.cpp:77 #8 0x7effc6227ccf (/usr/lib/libc.so.6+0x27ccf) (BuildId: 316d0d3666387f0e8fb98773f51aa1801027c5ab) Thread T3 created by T0 here: #0 0x7effc844a497 in __interceptor_pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:208 #1 0x7effc7e73e5f in impl_create ../pipewire/src/pipewire/thread.c:68 SUMMARY: AddressSanitizer: heap-use-after-free /usr/src/debug/gcc/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:899 in __interceptor_memcpy Shadow bytes around the buggy address: 0x633000010b80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x633000010c00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x633000010c80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x633000010d00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x633000010d80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x633000010e00: fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd 0x633000010e80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x633000010f00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x633000010f80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x633000011000: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x633000011080: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==14082==ABORTING [2]: https://github.com/PipeWire/pipewire/blob/b5c3f217926f9066a1afbee7eb20967dd6896c56/src/modules/module-protocol-native/connection.c#L143C8-L143C15

…temCurrentFile * There's a possibility of a race codition on CApplicationPlayerCallback::m_itemCurrentFile leading to heap-use-after-free reported by the address sanitizer [1]. * The crash happens when GUI_MSG_UPDATE_ITEM is being handled. CApplicationPlayerCallback::m_itemCurrentFile can be accessed concurrently by the main thread in CApplication::OnMessage and CApplicationPlayerCallback::OnPlayBackStarted in the video thread. Sometimes CApplicationPlayerCallback::OnPlayBackStarted is called first, resets the m_itemCurrentFile (and deallocates the object). Then CApplication::OnMessage tries to read it - this is where heap-use-after-free occurs. * In order to mitigate the issue introduce additional messages GUI_MSG_PLAYBACK_PAUSED, GUI_MSG_PLAYBACK_RESUMED, GUI_MSG_PLAYBACK_PAUSED and GUI_MSG_PLAYBACK_SPEED_CHANGED. Those messages are sent from the GUI thread to the main thread. That way the access to CApplicationPlayerCallback::m_itemCurrentFile is serialized (it will be accessed only from the main thread). * Fixes xbmc#23247. [1]: ================================================================= ==34632==ERROR: AddressSanitizer: heap-use-after-free on address 0x6070000ea040 at pc 0x7ff0eba5f427 bp 0x7ffc508e6f90 sp 0x7ffc508e6738 WRITE of size 65 at 0x6070000ea040 thread T0 #0 0x7ff0eba5f426 in __interceptor_memcpy /usr/src/debug/gcc/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:827 #1 0x7ff0ea8b1135 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_assign(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (/usr/lib/libtinyxml.so.0+0xf135) #2 0x7ff0e914c49d in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::assign(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/bits/basic_string.h:1571 #3 0x7ff0e914c49d in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::operator=(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/bits/basic_string.h:805 #4 0x55bf362b423b in CFileItem::SetDynPath(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/dobo/kodi/xbmc/xbmc/FileItem.cpp:2021 #5 0x55bf362af7bb in CFileItem::UpdateInfo(CFileItem const&, bool) /home/dobo/kodi/xbmc/xbmc/FileItem.cpp:1741 #6 0x55bf35d56d30 in CApplication::OnMessage(CGUIMessage&) /home/dobo/kodi/xbmc/xbmc/application/Application.cpp:2727 #7 0x55bf35b590ba in CGUIWindowManager::SendMessage(CGUIMessage&) /home/dobo/kodi/xbmc/xbmc/guilib/GUIWindowManager.cpp:499 #8 0x55bf35b65e30 in CGUIWindowManager::DispatchThreadMessages() /home/dobo/kodi/xbmc/xbmc/guilib/GUIWindowManager.cpp:1561 #9 0x55bf35d5bfe2 in CApplication::Process() /home/dobo/kodi/xbmc/xbmc/application/Application.cpp:3100 #10 0x55bf35d4c2e0 in CApplication::Run() /home/dobo/kodi/xbmc/xbmc/application/Application.cpp:1907 #11 0x55bf356ae727 in XBMC_Run /home/dobo/kodi/xbmc/xbmc/platform/xbmc.cpp:61 #12 0x55bf34321830 in main /home/dobo/kodi/xbmc/xbmc/platform/posix/main.cpp:71 xbmc#13 0x7ff0e9c9a78f (/usr/lib/libc.so.6+0x2378f) xbmc#14 0x7ff0e9c9a849 in __libc_start_main (/usr/lib/libc.so.6+0x23849) xbmc#15 0x55bf343213d4 in _start (/usr/lib/kodi/kodi.bin+0x2c263d4) 0x6070000ea040 is located 0 bytes inside of 66-byte region [0x6070000ea040,0x6070000ea082) freed by thread T62 here: #0 0x7ff0ebac11fa in operator delete(void*) /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_new_delete.cpp:152 #1 0x55bf3629cc1b in CFileItem::~CFileItem() /home/dobo/kodi/xbmc/xbmc/FileItem.cpp:439 #2 0x55bf3629ccbb in CFileItem::~CFileItem() /home/dobo/kodi/xbmc/xbmc/FileItem.cpp:439 #3 0x55bf3440220d in std::_Sp_counted_ptr<CFileItem*, (__gnu_cxx::_Lock_policy)2>::_M_dispose() /usr/include/c++/12.2.1/bits/shared_ptr_base.h:428 #4 0x55bf34321add in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() /usr/include/c++/12.2.1/bits/shared_ptr_base.h:346 #5 0x55bf34321e57 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() /usr/include/c++/12.2.1/bits/shared_ptr_base.h:1071 #6 0x55bf343f1309 in std::__shared_ptr<CFileItem, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() /usr/include/c++/12.2.1/bits/shared_ptr_base.h:1524 #7 0x55bf343f65f6 in std::enable_if<std::__sp_is_constructible<CFileItem, CFileItem>::value, void>::type std::__shared_ptr<CFileItem, (__gnu_cxx::_Lock_policy)2>::reset<CFileItem>(CFileItem*) (/usr/lib/kodi/kodi.bin+0x2cfb5f6) #8 0x55bf35da0e50 in CApplicationPlayerCallback::OnPlayBackStarted(CFileItem const&) /home/dobo/kodi/xbmc/xbmc/application/ApplicationPlayerCallback.cpp:84 #9 0x55bf34dbd001 in operator() /home/dobo/kodi/xbmc/xbmc/cores/VideoPlayer/VideoPlayer.cpp:2631 #10 0x55bf34de836b in DoWork /home/dobo/kodi/xbmc/xbmc/utils/JobManager.h:39 #11 0x55bf35422489 in CJobWorker::Process() /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:55 #12 0x55bf35608346 in CThread::Action() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:267 xbmc#13 0x55bf35606c3c in operator() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:138 xbmc#14 0x55bf35608dd0 in __invoke_impl<void, CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/12.2.1/bits/invoke.h:61 xbmc#15 0x55bf35608c89 in __invoke<CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/12.2.1/bits/invoke.h:96 xbmc#16 0x55bf35608bbc in _M_invoke<0, 1, 2> /usr/include/c++/12.2.1/bits/std_thread.h:258 xbmc#17 0x55bf35608b59 in operator() /usr/include/c++/12.2.1/bits/std_thread.h:265 xbmc#18 0x55bf35608b3d in _M_run /usr/include/c++/12.2.1/bits/std_thread.h:210 xbmc#19 0x7ff0e90d72c2 in execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:82 previously allocated by thread T62 here: #0 0x7ff0ebac0672 in operator new(unsigned long) /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_new_delete.cpp:95 #1 0x7ff0ea8b10fb in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_assign(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (/usr/lib/libtinyxml.so.0+0xf0fb) Thread T62 created by T46 here: #0 0x7ff0eba64207 in __interceptor_pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:207 #1 0x7ff0e90d73a9 in __gthread_create /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:663 #2 0x7ff0e90d73a9 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:147 #3 0x55bf356077d6 in CThread::Create(bool) /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:159 #4 0x55bf354221c2 in CJobWorker::CJobWorker(CJobManager*) /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:32 #5 0x55bf354261d2 in CJobManager::StartWorkers(CJob::PRIORITY) /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:288 #6 0x55bf35425693 in CJobManager::AddJob(CJob*, IJobCallback*, CJob::PRIORITY) /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:247 #7 0x55bf3542406d in CJobQueue::QueueNextJob() /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:147 #8 0x55bf354239ed in CJobQueue::AddJob(CJob*) /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:124 #9 0x55bf368a363b in void CJobQueue::Submit<CEventSource<PVR::PVREvent>::Publish<PVR::PVREvent>(PVR::PVREvent)::{lambda()#1}>(CEventSource<PVR::PVREvent>::Publish<PVR::PVREvent>(PVR::PVREvent)::{lambda()#1}&&) (/usr/lib/kodi/kodi.bin+0x51a863b) #10 0x55bf368a0d18 in void CEventSource<PVR::PVREvent>::Publish<PVR::PVREvent>(PVR::PVREvent) /home/dobo/kodi/xbmc/xbmc/utils/EventStream.h:80 #11 0x55bf3689b4db in PVR::CPVREpgContainer::UpdateEPG(bool) /home/dobo/kodi/xbmc/xbmc/pvr/epg/EpgContainer.cpp:805 #12 0x55bf36894d13 in PVR::CPVREpgContainer::Process() /home/dobo/kodi/xbmc/xbmc/pvr/epg/EpgContainer.cpp:346 xbmc#13 0x55bf35608346 in CThread::Action() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:267 xbmc#14 0x55bf35606c3c in operator() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:138 xbmc#15 0x55bf35608dd0 in __invoke_impl<void, CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/12.2.1/bits/invoke.h:61 xbmc#16 0x55bf35608c89 in __invoke<CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/12.2.1/bits/invoke.h:96 xbmc#17 0x55bf35608bbc in _M_invoke<0, 1, 2> /usr/include/c++/12.2.1/bits/std_thread.h:258 xbmc#18 0x55bf35608b59 in operator() /usr/include/c++/12.2.1/bits/std_thread.h:265 xbmc#19 0x55bf35608b3d in _M_run /usr/include/c++/12.2.1/bits/std_thread.h:210 xbmc#20 0x7ff0e90d72c2 in execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:82 Thread T46 created by T43 here: #0 0x7ff0eba64207 in __interceptor_pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:207 #1 0x7ff0e90d73a9 in __gthread_create /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:663 #2 0x7ff0e90d73a9 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:147 #3 0x55bf356077d6 in CThread::Create(bool) /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:159 #4 0x55bf36892a8a in PVR::CPVREpgContainer::Start() /home/dobo/kodi/xbmc/xbmc/pvr/epg/EpgContainer.cpp:153 #5 0x55bf36b1ae80 in PVR::CPVRManager::Process() /home/dobo/kodi/xbmc/xbmc/pvr/PVRManager.cpp:513 #6 0x55bf35608346 in CThread::Action() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:267 #7 0x55bf35606c3c in operator() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:138 #8 0x55bf35608dd0 in __invoke_impl<void, CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/12.2.1/bits/invoke.h:61 #9 0x55bf35608c89 in __invoke<CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/12.2.1/bits/invoke.h:96 #10 0x55bf35608bbc in _M_invoke<0, 1, 2> /usr/include/c++/12.2.1/bits/std_thread.h:258 #11 0x55bf35608b59 in operator() /usr/include/c++/12.2.1/bits/std_thread.h:265 #12 0x55bf35608b3d in _M_run /usr/include/c++/12.2.1/bits/std_thread.h:210 xbmc#13 0x7ff0e90d72c2 in execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:82 Thread T43 created by T24 here: #0 0x7ff0eba64207 in __interceptor_pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:207 #1 0x7ff0e90d73a9 in __gthread_create /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:663 #2 0x7ff0e90d73a9 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:147 #3 0x55bf356077d6 in CThread::Create(bool) /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:159 #4 0x55bf36b1a1f6 in PVR::CPVRManager::Start() /home/dobo/kodi/xbmc/xbmc/pvr/PVRManager.cpp:388 #5 0x55bf36a80919 in PVR::CPVRClients::UpdateClients(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, unsigned int) /home/dobo/kodi/xbmc/xbmc/pvr/addons/PVRClients.cpp:212 #6 0x55bf36a7e4e8 in PVR::CPVRClients::Start() /home/dobo/kodi/xbmc/xbmc/pvr/addons/PVRClients.cpp:59 #7 0x55bf36b19e06 in operator() /home/dobo/kodi/xbmc/xbmc/pvr/PVRManager.cpp:362 #8 0x55bf36b2c143 in DoWork /home/dobo/kodi/xbmc/xbmc/utils/JobManager.h:39 #9 0x55bf35422489 in CJobWorker::Process() /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:55 #10 0x55bf35608346 in CThread::Action() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:267 #11 0x55bf35606c3c in operator() /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:138 #12 0x55bf35608dd0 in __invoke_impl<void, CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/12.2.1/bits/invoke.h:61 xbmc#13 0x55bf35608c89 in __invoke<CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > /usr/include/c++/12.2.1/bits/invoke.h:96 xbmc#14 0x55bf35608bbc in _M_invoke<0, 1, 2> /usr/include/c++/12.2.1/bits/std_thread.h:258 xbmc#15 0x55bf35608b59 in operator() /usr/include/c++/12.2.1/bits/std_thread.h:265 xbmc#16 0x55bf35608b3d in _M_run /usr/include/c++/12.2.1/bits/std_thread.h:210 xbmc#17 0x7ff0e90d72c2 in execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:82 Thread T24 created by T0 here: #0 0x7ff0eba64207 in __interceptor_pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:207 #1 0x7ff0e90d73a9 in __gthread_create /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:663 #2 0x7ff0e90d73a9 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:147 #3 0x55bf356077d6 in CThread::Create(bool) /home/dobo/kodi/xbmc/xbmc/threads/Thread.cpp:159 #4 0x55bf354221c2 in CJobWorker::CJobWorker(CJobManager*) /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:32 #5 0x55bf354261d2 in CJobManager::StartWorkers(CJob::PRIORITY) /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:288 #6 0x55bf35425693 in CJobManager::AddJob(CJob*, IJobCallback*, CJob::PRIORITY) /home/dobo/kodi/xbmc/xbmc/utils/JobManager.cpp:247 #7 0x55bf35d64c96 in Submit<CApplication::Initialize()::<lambda()> > /home/dobo/kodi/xbmc/xbmc/utils/JobManager.h:261 #8 0x55bf35d3f094 in CApplication::Initialize() /home/dobo/kodi/xbmc/xbmc/application/Application.cpp:655 #9 0x55bf356ae6b8 in XBMC_Run /home/dobo/kodi/xbmc/xbmc/platform/xbmc.cpp:43 #10 0x55bf34321830 in main /home/dobo/kodi/xbmc/xbmc/platform/posix/main.cpp:71 #11 0x7ff0e9c9a78f (/usr/lib/libc.so.6+0x2378f) SUMMARY: AddressSanitizer: heap-use-after-free /usr/src/debug/gcc/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:827 in __interceptor_memcpy Shadow bytes around the buggy address: 0x0c0e800153b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e800153c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e800153d0: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa 0x0c0e800153e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e800153f0: fa fa fa fa fa fa fa fa fa fa fd fd fd fd fd fd =>0x0c0e80015400: fd fd fd fa fa fa fa fa[fd]fd fd fd fd fd fd fd 0x0c0e80015410: fd fa fa fa fa fa fd fd fd fd fd fd fd fd fd fa 0x0c0e80015420: fa fa fa fa 00 00 00 00 00 00 00 00 00 fa fa fa 0x0c0e80015430: fa fa fd fd fd fd fd fd fd fd fd fa fa fa fa fa 0x0c0e80015440: fa fa fa fa fa fa fa fa fa fa fa fa fa fa 00 00 0x0c0e80015450: 00 00 00 00 00 00 00 fa fa fa fa fa fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==34632==ABORTING

Address Sanitizer output: Direct leak of 576 byte(s) in 1 object(s) allocated from: #0 0x556652b7d482 in operator new(unsigned long) (kodi-test+0xa2f0482) (BuildId: eac9932a781e7c589c3657d6336c0cb0767a5cee) #1 0x5566531a951d in CXBMCTestUtils::CreateTempFile(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/test/TestUtils.cpp:99:18 #2 0x556652c39f08 in TestXBMCTinyXML2_SaveFile_Test::TestBody() xbmc/utils/test/TestXBMCTinyXML2.cpp:123:10 #3 0x7fad8d11665b (/usr/lib/libgtest.so.1.14.0+0x5365b) (BuildId: d3f0da00423297c687edfdde9cb59f357b95e001) Indirect leak of 43 byte(s) in 1 object(s) allocated from: #0 0x556652b7d482 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi-test+0xa2f0482) (BuildId: eac9932a781e7c589c3657d6336c0cb0767a5cee) #1 0x556652b90196 in std::__new_allocator<char>::allocate(unsigned long, void const*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/new_allocator.h:147:27 #2 0x556652b9001c in std::allocator_traits<std::allocator<char>>::allocate(std::allocator<char>&, unsigned long) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/alloc_traits.h:482:20 #3 0x556652b9001c in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>::_S_allocate(std::allocator<char>&, unsigned long) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/basic_string.h:126:16 #4 0x556652b8fd5f in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>::_M_create(unsigned long&, unsigned long) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/basic_string.tcc:155:14 #5 0x556652b946a3 in void std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>::_M_construct<char const*>(char const*, char const*, std::forward_iterator_tag) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/basic_string.tcc:225:14 #6 0x556652b869e1 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>::basic_string<std::allocator<char>>(char const*, std::allocator<char> const&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/basic_string.h:639:2 #7 0x55665429a52b in KODI::PLATFORM::FILESYSTEM::temp_file_path(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::error_code&) xbmc/platform/posix/Filesystem.cpp:122:10 #8 0x5566531adeac in CTempFile::Create(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/test/TestUtils.cpp:40:23 #9 0x5566531a95eb in CXBMCTestUtils::CreateTempFile(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/test/TestUtils.cpp:100:10 #10 0x556652c39f08 in TestXBMCTinyXML2_SaveFile_Test::TestBody() xbmc/utils/test/TestXBMCTinyXML2.cpp:123:10 #11 0x7fad8d11665b (/usr/lib/libgtest.so.1.14.0+0x5365b) (BuildId: d3f0da00423297c687edfdde9cb59f357b95e001)

Fixes memory leaks like this: Direct leak of 5416 byte(s) in 1 object(s) allocated from: #0 0x564b473d8ba1 in calloc (kodi-test+0xa2a8ba1) (BuildId: e17174d164cea5687c750d197e31e6bf0beb86ad) #1 0x7f6be8db88fa (/usr/lib/libcurl.so.4+0x708fa) (BuildId: b5fe52836b4db517485d04822e61ce49b2793833) #2 0x564b4fb89895 in XCURL::DllLibCurlGlobal::easy_acquire(char const*, char const*, void**, void**) xbmc/filesystem/DllLibCurl.cpp:208:22 #3 0x564b4facc484 in XFILE::CCurlFile::Open(CURL const&) xbmc/filesystem/CurlFile.cpp:1086:21 #4 0x564b4fac72a0 in XFILE::CCurlFile::Service(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>&) xbmc/filesystem/CurlFile.cpp:966:7 #5 0x564b4fac7a69 in XFILE::CCurlFile::Get(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>&) xbmc/filesystem/CurlFile.cpp:960:10 #6 0x564b47bbd6f6 in TestWebServer_CanGetCachedRangedFileWithExactIfRange_Test::TestBody() xbmc/network/test/TestWebServer.cpp:900:3 #7 0x7f6be969665b (/usr/lib/libgtest.so.1.14.0+0x5365b) (BuildId: d3f0da00423297c687edfdde9cb59f357b95e001) Indirect leak of 5416 byte(s) in 1 object(s) allocated from: #0 0x564b473d8ba1 in calloc (kodi-test+0xa2a8ba1) (BuildId: e17174d164cea5687c750d197e31e6bf0beb86ad) #1 0x7f6be8db88fa (/usr/lib/libcurl.so.4+0x708fa) (BuildId: b5fe52836b4db517485d04822e61ce49b2793833) Indirect leak of 5376 byte(s) in 2 object(s) allocated from: #0 0x564b473d8839 in malloc (kodi-test+0xa2a8839) (BuildId: e17174d164cea5687c750d197e31e6bf0beb86ad) #1 0x7f6be8d79a44 (/usr/lib/libcurl.so.4+0x31a44) (BuildId: b5fe52836b4db517485d04822e61ce49b2793833) [...]

To prevent the leaks the CInputStreamAddon instance takes ownership of the CDemuxStream objects created in the cb_get_stream_transfer callback. Example output of address sanitizer: Direct leak of 1776 byte(s) in 6 object(s) allocated from: #0 0x55dc6314f7e2 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xb4bc7e2) (BuildId: cbd496f42c6c4585c86580a090c0960e7fc39797) #1 0x55dc64549c39 in CInputStreamAddon::cb_get_stream_transfer(void*, int, INPUTSTREAM_INFO*) xbmc/cores/VideoPlayer/DVDInputStreams/InputStreamAddon.cpp:413:38 #2 0x???????????? in kodi::addon::CInstanceInputStream::ADDON_GetStream(AddonInstance_InputStream const*, int, INPUTSTREAM_INFO*, void**, void* (*)(void*, int, INPUTSTREAM_INFO*)) xbmc/addons/kodi-dev-kit/include/kodi/addon-instance/Inputstream.h:1888 #3 0x55dc645490bc in CInputStreamAddon::GetStream(int) const xbmc/cores/VideoPlayer/DVDInputStreams/InputStreamAddon.cpp:381:14 #4 0x55dc64548821 in CInputStreamAddon::GetStreams() const xbmc/cores/VideoPlayer/DVDInputStreams/InputStreamAddon.cpp:371:32 #5 0x55dc64548a76 in non-virtual thunk to CInputStreamAddon::GetStreams() const xbmc/cores/VideoPlayer/DVDInputStreams/InputStreamAddon.cpp #6 0x55dc646822e0 in CDVDDemuxClient::RequestStreams() xbmc/cores/VideoPlayer/DVDDemuxers/DVDDemuxClient.cpp:402:32 #7 0x55dc64681cd1 in CDVDDemuxClient::Open(std::shared_ptr<CDVDInputStream>) xbmc/cores/VideoPlayer/DVDDemuxers/DVDDemuxClient.cpp:76:3 #8 0x55dc64785ede in CDVDFactoryDemuxer::CreateDemuxer(std::shared_ptr<CDVDInputStream> const&, bool) xbmc/cores/VideoPlayer/DVDDemuxers/DVDFactoryDemuxer.cpp:58:17 #9 0x55dc64b065e9 in CVideoPlayer::OpenDemuxStream() xbmc/cores/VideoPlayer/VideoPlayer.cpp:830:22 #10 0x55dc64b2288f in CVideoPlayer::Prepare() xbmc/cores/VideoPlayer/VideoPlayer.cpp:1250:8 #11 0x55dc64b36b31 in CVideoPlayer::Process() xbmc/cores/VideoPlayer/VideoPlayer.cpp:1357:3 #12 0x55dc64b72298 in non-virtual thunk to CVideoPlayer::Process() xbmc/cores/VideoPlayer/VideoPlayer.cpp xbmc#13 0x55dc6626eda2 in CThread::Action() xbmc/threads/Thread.cpp:283:5 xbmc#14 0x55dc662715b9 in CThread::Create(bool)::$_0::operator()(CThread*, std::promise<bool>) const xbmc/threads/Thread.cpp:152:18 xbmc#15 0x55dc66270246 in void std::__invoke_impl<void, CThread::Create(bool)::$_0, CThread*, std::promise<bool>>(std::__invoke_other, CThread::Create(bool)::$_0&&, CThread*&&, std::promise<bool>&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/invoke.h:61:14 xbmc#16 0x55dc6626fe76 in std::__invoke_result<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>::type std::__invoke<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>(CThread::Create(bool)::$_0&&, CThread*&&, std::promise<bool>&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/invoke.h:96:14 xbmc#17 0x55dc6626fdaf in void std::thread::_Invoker<std::tuple<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>>::_M_invoke<0ul, 1ul, 2ul>(std::_Index_tuple<0ul, 1ul, 2ul>) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/std_thread.h:292:13 xbmc#18 0x55dc6626fc28 in std::thread::_Invoker<std::tuple<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>>::operator()() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/std_thread.h:299:11 xbmc#19 0x55dc6626f7f8 in std::thread::_State_impl<std::thread::_Invoker<std::tuple<CThread::Create(bool)::$_0, CThread*, std::promise<bool>>>>::_M_run() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/std_thread.h:244:13 xbmc#20 0x7ff10cae1942 in execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:104:18

Only remove the child if the node is actually a child. ==51989==ERROR: AddressSanitizer: heap-use-after-free on address 0x511003b69210 at pc 0x5ce4b249275e bp 0x7fff43e1d430 sp 0x7fff43e1d428 READ of size 8 at 0x511003b69210 thread T0 #0 0x5ce4b249275d in TiXmlAttributeSet::First() /usr/include/tinyxml.h:915:50 #1 0x5ce4b2492098 in TiXmlElement::FirstAttribute() /usr/include/tinyxml.h:1087:61 #2 0x5ce4b2bb091e in CGUIIncludes::ResolveParametersForNode(TiXmlElement*, std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>>> const&) xbmc/guilib/GUIIncludes.cpp:586:37 #3 0x5ce4b2bae9bb in CGUIIncludes::ResolveIncludes(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:485:9 #4 0x5ce4b2ba8eaf in CGUIIncludes::Resolve(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:312:3 #5 0x5ce4b2ba8fce in CGUIIncludes::Resolve(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:318:5 #6 0x5ce4b3e808d3 in ADDON::CSkinInfo::ResolveIncludes(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/addons/Skin.cpp:307:14 #7 0x5ce4b2e00084 in CGUIWindow::Prepare(std::unique_ptr<TiXmlElement, std::default_delete<TiXmlElement>> const&) xbmc/guilib/GUIWindow.cpp:168:15 #8 0x5ce4b2dff45e in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:15 #9 0x5ce4b2dfd540 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14 #10 0x5ce4b2e1cac5 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7 #11 0x5ce4b2e14c77 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52 #12 0x5ce4b19ce9d2 in CGUIWindowHome::OnMessage(CGUIMessage&) xbmc/windows/GUIWindowHome.cpp:182:22 xbmc#13 0x5ce4b2e613a1 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15 xbmc#14 0x5ce4b2e5ce3c in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5 xbmc#15 0x5ce4b683ad63 in int (anonymous namespace)::ActivateWindow<true>(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/GUIBuiltins.cpp:109:52 xbmc#16 0x5ce4b6822865 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 xbmc#17 0x5ce4b34047ff in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 xbmc#18 0x5ce4b3400a16 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 xbmc#19 0x5ce4b34058a0 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp xbmc#20 0x5ce4b2e52261 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 xbmc#21 0x5ce4b2e7cc7f in CGUIWindowManager::DispatchThreadMessages() xbmc/guilib/GUIWindowManager.cpp:1572:7 xbmc#22 0x5ce4b3405bfa in CApplication::Process() xbmc/application/Application.cpp:3139:48 xbmc#23 0x5ce4b33ddc98 in CApplication::Run() xbmc/application/Application.cpp:1855:5 xbmc#24 0x5ce4b251b323 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 xbmc#25 0x5ce4af14af0f in main xbmc/platform/posix/main.cpp:70:16 xbmc#26 0x76d804243ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) xbmc#27 0x76d804243d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) xbmc#28 0x5ce4af010b94 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa317b94) (BuildId: 923aa634157be6adc50052366abd3ca0edfeffc0) 0x511003b69210 is located 208 bytes inside of 216-byte region [0x511003b69140,0x511003b69218) freed by thread T0 here: #0 0x5ce4af148d72 in operator delete(void*, unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44fd72) (BuildId: 923aa634157be6adc50052366abd3ca0edfeffc0) #1 0x76d80670ea48 in TiXmlNode::RemoveChild(TiXmlNode*) (/usr/lib/libtinyxml.so.0+0x8a48) (BuildId: 2f5d236264d4d695dbe432f41e1eb46c7bc2d5d4) #2 0x5ce4b2bae9a3 in CGUIIncludes::ResolveIncludes(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:482:9 #3 0x5ce4b2ba8eaf in CGUIIncludes::Resolve(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:312:3 #4 0x5ce4b2ba8fce in CGUIIncludes::Resolve(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:318:5 #5 0x5ce4b3e808d3 in ADDON::CSkinInfo::ResolveIncludes(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/addons/Skin.cpp:307:14 #6 0x5ce4b2e00084 in CGUIWindow::Prepare(std::unique_ptr<TiXmlElement, std::default_delete<TiXmlElement>> const&) xbmc/guilib/GUIWindow.cpp:168:15 #7 0x5ce4b2dff45e in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:15 #8 0x5ce4b2dfd540 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14 #9 0x5ce4b2e1cac5 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7 #10 0x5ce4b2e14c77 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52 #11 0x5ce4b19ce9d2 in CGUIWindowHome::OnMessage(CGUIMessage&) xbmc/windows/GUIWindowHome.cpp:182:22 #12 0x5ce4b2e613a1 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15 xbmc#13 0x5ce4b2e5ce3c in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5 xbmc#14 0x5ce4b683ad63 in int (anonymous namespace)::ActivateWindow<true>(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/GUIBuiltins.cpp:109:52 xbmc#15 0x5ce4b6822865 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 xbmc#16 0x5ce4b34047ff in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 xbmc#17 0x5ce4b3400a16 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 xbmc#18 0x5ce4b34058a0 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp xbmc#19 0x5ce4b2e52261 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 xbmc#20 0x5ce4b2e7cc7f in CGUIWindowManager::DispatchThreadMessages() xbmc/guilib/GUIWindowManager.cpp:1572:7 xbmc#21 0x5ce4b3405bfa in CApplication::Process() xbmc/application/Application.cpp:3139:48 xbmc#22 0x5ce4b33ddc98 in CApplication::Run() xbmc/application/Application.cpp:1855:5 xbmc#23 0x5ce4b251b323 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 xbmc#24 0x5ce4af14af0f in main xbmc/platform/posix/main.cpp:70:16 xbmc#25 0x76d804243ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) previously allocated by thread T0 here: #0 0x5ce4af147e12 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44ee12) (BuildId: 923aa634157be6adc50052366abd3ca0edfeffc0) #1 0x76d806711497 in TiXmlElement::Clone() const (/usr/lib/libtinyxml.so.0+0xb497) (BuildId: 2f5d236264d4d695dbe432f41e1eb46c7bc2d5d4) SUMMARY: AddressSanitizer: heap-use-after-free /usr/include/tinyxml.h:915:50 in TiXmlAttributeSet::First() Shadow bytes around the buggy address: 0x511003b68f80: 00 00 00 fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69100: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x511003b69180: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x511003b69200: fd fd[fd]fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69280: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69300: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69380: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69400: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69480: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==51989==ABORTING

See comment in code for information. ==30885==ERROR: AddressSanitizer: heap-use-after-free on address 0x51800050bbe8 at pc 0x56aa085d20db bp 0x7ffd92777f50 sp 0x7ffd92777f48 READ of size 1 at 0x51800050bbe8 thread T0 #0 0x56aa085d20da in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:86:9 #1 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40 #2 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27 #3 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28 #4 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29 #5 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #6 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #7 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #8 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #9 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #10 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #11 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #12 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 xbmc#13 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 xbmc#14 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 xbmc#15 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 xbmc#16 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 xbmc#17 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 xbmc#18 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) xbmc#19 0x7517fb043d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) xbmc#20 0x56aa04d91c54 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa317c54) (BuildId: 7f84180dd757174de6de03b115843129667234d3) 0x51800050bbe8 is located 872 bytes inside of 880-byte region [0x51800050b880,0x51800050bbf0) freed by thread T0 here: #0 0x56aa04ec996a in operator delete(void*) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44f96a) (BuildId: 7f84180dd757174de6de03b115843129667234d3) #1 0x56aa08ae24d1 in CGUIStaticItem::~CGUIStaticItem() xbmc/guilib/GUIStaticItem.h:55:38 #2 0x56aa05922763 in std::_Sp_counted_ptr<CGUIStaticItem*, (__gnu_cxx::_Lock_policy)2>::_M_dispose() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:428:9 #3 0x56aa04ecd0bc in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:346:8 #4 0x56aa04eccca9 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1071:11 #5 0x56aa050d1c6c in std::__shared_ptr<CGUIListItem, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1524:31 #6 0x56aa050c6ee8 in std::shared_ptr<CGUIListItem>::~shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr.h:175:11 #7 0x56aa08465110 in void std::_Destroy<std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:151:19 #8 0x56aa0846505e in void std::_Destroy_aux<false>::__destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:163:6 #9 0x56aa08465024 in void std::_Destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:195:7 #10 0x56aa084a624b in void std::_Destroy<std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*, std::allocator<std::shared_ptr<CGUIListItem>>&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/alloc_traits.h:947:7 #11 0x56aa084a624b in std::vector<std::shared_ptr<CGUIListItem>, std::allocator<std::shared_ptr<CGUIListItem>>>::~vector() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_vector.h:732:2 #12 0x56aa086169e5 in CGUIBaseContainer::~CGUIBaseContainer() xbmc/guilib/GUIBaseContainer.cpp:117:1 xbmc#13 0x56aa08c4a148 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59 xbmc#14 0x56aa08c4a198 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59 xbmc#15 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 xbmc#16 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 xbmc#17 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 xbmc#18 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 xbmc#19 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 xbmc#20 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 xbmc#21 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 xbmc#22 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 xbmc#23 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 xbmc#24 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 xbmc#25 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 xbmc#26 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 xbmc#27 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 xbmc#28 0x56aa08b9f39d in CGUIWindow::ClearAll() xbmc/guilib/GUIWindow.cpp:816:21 xbmc#29 0x56aa08b9ed97 in CGUIWindow::FreeResources(bool) xbmc/guilib/GUIWindow.cpp:799:53 xbmc#30 0x56aa08bf8e34 in CGUIWindowManager::DeInitialize() xbmc/guilib/GUIWindowManager.cpp:1452:14 xbmc#31 0x56aa09264d22 in CApplicationSkinHandling::UnloadSkin() xbmc/application/ApplicationSkinHandling.cpp:235:29 xbmc#32 0x56aa0925e0fd in CApplicationSkinHandling::LoadSkin(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/application/ApplicationSkinHandling.cpp:111:3 xbmc#33 0x56aa0926a8e6 in CApplicationSkinHandling::ReloadSkin(bool) xbmc/application/ApplicationSkinHandling.cpp:390:7 xbmc#34 0x56aa0c635399 in ReloadSkin(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/SkinBuiltins.cpp:46:12 xbmc#35 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 xbmc#36 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 xbmc#37 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 xbmc#38 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp xbmc#39 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 xbmc#40 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52 xbmc#41 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40 xbmc#42 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27 xbmc#43 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28 xbmc#44 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29 xbmc#45 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 xbmc#46 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 xbmc#47 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 xbmc#48 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 xbmc#49 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 xbmc#50 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 xbmc#51 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 xbmc#52 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 xbmc#53 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 xbmc#54 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 xbmc#55 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 xbmc#56 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 xbmc#57 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 xbmc#58 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) previously allocated by thread T0 here: #0 0x56aa04ec8ed2 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44eed2) (BuildId: 7f84180dd757174de6de03b115843129667234d3) #1 0x56aa084b3183 in CStaticListProvider::CStaticListProvider(TiXmlElement const*, int) xbmc/guilib/listproviders/StaticProvider.cpp:28:33 #2 0x56aa0849c590 in std::__detail::_MakeUniq<CStaticListProvider>::__single_object std::make_unique<CStaticListProvider, TiXmlElement const*, int&>(TiXmlElement const*&&, int&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/unique_ptr.h:1070:34 #3 0x56aa0849bac7 in IListProvider::CreateSingle(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:34:12 #4 0x56aa0849b582 in IListProvider::Create(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:25:12 #5 0x56aa0864bbe8 in CGUIBaseContainer::LoadListProvider(TiXmlElement*, int, bool) xbmc/guilib/GUIBaseContainer.cpp:1282:20 #6 0x56aa0871b1c3 in CGUIControlFactory::Create(int, CRectGen<float> const&, TiXmlElement*, bool) xbmc/guilib/GUIControlFactory.cpp:1543:17 #7 0x56aa08b884c4 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:281:38 #8 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #9 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #10 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #11 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #12 0x56aa08b87cf6 in CGUIWindow::Load(TiXmlElement*) xbmc/guilib/GUIWindow.cpp:264:11 xbmc#13 0x56aa08b80657 in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:10 xbmc#14 0x56aa08b7e6c0 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14 xbmc#15 0x56aa08b9dc45 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7 xbmc#16 0x56aa08b95df7 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52 xbmc#17 0x56aa08be2521 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15 xbmc#18 0x56aa08bddfbc in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5 xbmc#19 0x56aa0c5b75f3 in int (anonymous namespace)::ActivateWindow<false>(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/GUIBuiltins.cpp:109:52 xbmc#20 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 xbmc#21 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 xbmc#22 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 xbmc#23 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp xbmc#24 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 xbmc#25 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52 xbmc#26 0x56aa0867f896 in CGUIButtonControl::OnClick() xbmc/guilib/GUIButtonControl.cpp:393:16 xbmc#27 0x56aa08677e86 in CGUIButtonControl::OnAction(CAction const&) xbmc/guilib/GUIButtonControl.cpp:212:5 xbmc#28 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 xbmc#29 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 xbmc#30 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 xbmc#31 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 xbmc#32 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 xbmc#33 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 xbmc#34 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 xbmc#35 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 xbmc#36 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 xbmc#37 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 xbmc#38 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 xbmc#39 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 xbmc#40 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 xbmc#41 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) SUMMARY: AddressSanitizer: heap-use-after-free xbmc/guilib/GUIAction.cpp:86:9 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const Shadow bytes around the buggy address: 0x51800050b900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050b980: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050ba00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050ba80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050bb00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x51800050bb80: fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fa fa 0x51800050bc00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x51800050bc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050bd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050bd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==30885==ABORTING

When using a skin that doesn't provide a CGUIEditControl, GUIDialogSettingsBase creates its own. When switching to a skin that does provide one, it loads it from the skin, overwrites the pointer to its own edit control (memory leak!) but still thinks it owns the control because m_newOriginalEdit is true. In DeleteControls() it then deletes the edit control that it doesn't own. Cleaning up and resetting the flag in FreeControls() solves the problem. ASAN error: ==29999==ERROR: AddressSanitizer: heap-use-after-free on address 0x51d0015bd080 at pc 0x5dcd1a23e410 bp 0x7ffe96645b50 sp 0x7ffe96645b48 READ of size 8 at 0x51d0015bd080 thread T0 #0 0x5dcd1a23e40f in CGUIDialogSettingsBase::DeleteControls() xbmc/settings/dialogs/GUIDialogSettingsBase.cpp:476:5 #1 0x5dcd1a22b1c0 in CGUIDialogSettingsBase::~CGUIDialogSettingsBase() xbmc/settings/dialogs/GUIDialogSettingsBase.cpp:77:3 #2 0x5dcd1a27e8a8 in CGUIDialogSettingsManagerBase::~CGUIDialogSettingsManagerBase() xbmc/settings/dialogs/GUIDialogSettingsManagerBase.cpp:19:63 #3 0x5dcd19fee328 in CGUIWindowSettingsCategory::~CGUIWindowSettingsCategory() xbmc/settings/windows/GUIWindowSettingsCategory.cpp:66:57 #4 0x5dcd19fee438 in CGUIWindowSettingsCategory::~CGUIWindowSettingsCategory() xbmc/settings/windows/GUIWindowSettingsCategory.cpp:66:57 #5 0x5dcd1899e2ea in CGUIWindowManager::DestroyWindow(int) xbmc/guilib/GUIWindowManager.cpp:489:5 #6 0x5dcd1899d5bd in CGUIWindowManager::DestroyWindows() xbmc/guilib/GUIWindowManager.cpp:459:5 #7 0x5dcd18f2e94e in CApplication::Cleanup() xbmc/application/Application.cpp:1917:34 #8 0x5dcd18f2d405 in CApplication::Run() xbmc/application/Application.cpp:1876:3 #9 0x5dcd1806a143 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #10 0x5dcd14c97b2f in main xbmc/platform/posix/main.cpp:70:16 #11 0x7fb259c43ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) #12 0x7fb259c43d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) xbmc#13 0x5dcd14b5d7b4 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa3197b4) (BuildId: e4bf2336bbd9ba3ae66ffab4d8a0bca77c50c089) 0x51d0015bd080 is located 0 bytes inside of 2096-byte region [0x51d0015bd080,0x51d0015bd8b0) freed by thread T0 here: #0 0x5dcd14c954ca in operator delete(void*) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa4514ca) (BuildId: e4bf2336bbd9ba3ae66ffab4d8a0bca77c50c089) #1 0x5dcd18582f01 in CGUIEditControl::~CGUIEditControl() xbmc/guilib/GUIEditControl.cpp:106:39 #2 0x5dcd18526695 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #3 0x5dcd1896d04d in CGUIWindow::ClearAll() xbmc/guilib/GUIWindow.cpp:816:21 #4 0x5dcd1896ca47 in CGUIWindow::FreeResources(bool) xbmc/guilib/GUIWindow.cpp:799:53 #5 0x5dcd189c6ae4 in CGUIWindowManager::DeInitialize() xbmc/guilib/GUIWindowManager.cpp:1452:14 #6 0x5dcd190329d2 in CApplicationSkinHandling::UnloadSkin() xbmc/application/ApplicationSkinHandling.cpp:235:29 #7 0x5dcd18f2dd81 in CApplication::Cleanup() xbmc/application/Application.cpp:1895:47 #8 0x5dcd18f2d405 in CApplication::Run() xbmc/application/Application.cpp:1876:3 #9 0x5dcd1806a143 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #10 0x5dcd14c97b2f in main xbmc/platform/posix/main.cpp:70:16 #11 0x7fb259c43ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) previously allocated by thread T0 here: #0 0x5dcd14c94a32 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa450a32) (BuildId: e4bf2336bbd9ba3ae66ffab4d8a0bca77c50c089) #1 0x5dcd184dd051 in CGUIControlFactory::Create(int, CRectGen<float> const&, TiXmlElement*, bool) xbmc/guilib/GUIControlFactory.cpp:1298:17 #2 0x5dcd18956174 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:281:38 #3 0x5dcd189559a6 in CGUIWindow::Load(TiXmlElement*) xbmc/guilib/GUIWindow.cpp:264:11 #4 0x5dcd18578d5a in CGUIDialog::Load(TiXmlElement*) xbmc/guilib/GUIDialog.cpp:39:22 #5 0x5dcd1894e307 in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:10 #6 0x5dcd1894c370 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14 #7 0x5dcd1896b8f5 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7 #8 0x5dcd18963aa7 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52 #9 0x5dcd1857a996 in CGUIDialog::OnMessage(CGUIMessage&) xbmc/guilib/GUIDialog.cpp:93:19 #10 0x5dcd1a2332c2 in CGUIDialogSettingsBase::OnMessage(CGUIMessage&) xbmc/settings/dialogs/GUIDialogSettingsBase.cpp:264:22 #11 0x5dcd19feeab3 in CGUIWindowSettingsCategory::OnMessage(CGUIMessage&) xbmc/settings/windows/GUIWindowSettingsCategory.cpp:75:38 #12 0x5dcd189b01d1 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15 xbmc#13 0x5dcd189abc6c in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5 xbmc#14 0x5dcd189a9ac5 in CGUIWindowManager::ActivateWindow(int, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindowManager.cpp:779:3 xbmc#15 0x5dcd19030b15 in CApplicationSkinHandling::LoadSkin(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/application/ApplicationSkinHandling.cpp:186:50 xbmc#16 0x5dcd19038596 in CApplicationSkinHandling::ReloadSkin(bool) xbmc/application/ApplicationSkinHandling.cpp:390:7 xbmc#17 0x5dcd1c404429 in ReloadSkin(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/SkinBuiltins.cpp:46:12 xbmc#18 0x5dcd1c372a75 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 xbmc#19 0x5dcd18f1bf6a in CApplication::OnApplicationMessage(KODI::MESSAGING::ThreadMessage*) xbmc/application/Application.cpp:1577:30 xbmc#20 0x5dcd18f27390 in non-virtual thunk to CApplication::OnApplicationMessage(KODI::MESSAGING::ThreadMessage*) xbmc/application/Application.cpp xbmc#21 0x5dcd181b400d in KODI::MESSAGING::CApplicationMessenger::ProcessMessage(KODI::MESSAGING::ThreadMessage*) xbmc/messaging/ApplicationMessenger.cpp:244:17 xbmc#22 0x5dcd181b6325 in KODI::MESSAGING::CApplicationMessenger::ProcessMessages() xbmc/messaging/ApplicationMessenger.cpp:217:5 xbmc#23 0x5dcd18f5501a in CApplication::Process() xbmc/application/Application.cpp:3156:38 xbmc#24 0x5dcd18f2cac8 in CApplication::Run() xbmc/application/Application.cpp:1855:5 xbmc#25 0x5dcd1806a143 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 xbmc#26 0x5dcd14c97b2f in main xbmc/platform/posix/main.cpp:70:16 xbmc#27 0x7fb259c43ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) SUMMARY: AddressSanitizer: heap-use-after-free xbmc/settings/dialogs/GUIDialogSettingsBase.cpp:476:5 in CGUIDialogSettingsBase::DeleteControls() Shadow bytes around the buggy address: 0x51d0015bce00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x51d0015bce80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x51d0015bcf00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x51d0015bcf80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x51d0015bd000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x51d0015bd080:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51d0015bd100: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51d0015bd180: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51d0015bd200: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51d0015bd280: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51d0015bd300: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==29999==ABORTING

`m_iOvector` is a pointer array into the match data, so the match data must be kept as long as `m_iOvector` is used. Address Sanitizer output: ==28015==ERROR: AddressSanitizer: heap-use-after-free on address 0x5190000406e8 at pc 0x59cf02e5ad9e bp 0x7ffdcd8a1a10 sp 0x7ffdcd8a1a08 READ of size 8 at 0x5190000406e8 thread T0 #0 0x59cf02e5ad9d in CRegExp::PrivateRegFind(unsigned long, char const*, unsigned int, int) xbmc/utils/RegExp.cpp:425:10 #1 0x59cf013cb942 in CRegExp::RegFind(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, unsigned int, int) xbmc/utils/RegExp.h:95:12 #2 0x59cf0316a9ef in CXBMCTinyXML2::ParseHelper(unsigned long, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>&&) xbmc/utils/XBMCTinyXML2.cpp:106:12 #3 0x59cf0316965b in CXBMCTinyXML2::Parse(std::basic_string_view<char, std::char_traits<char>>) xbmc/utils/XBMCTinyXML2.cpp:82:10 #4 0x59cf03168fac in CXBMCTinyXML2::LoadFile(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/utils/XBMCTinyXML2.cpp:36:3 #5 0x59cf0563fe1b in CMediaSourceSettings::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/settings/MediaSourceSettings.cpp:85:15 #6 0x59cf0563f590 in CMediaSourceSettings::Load() xbmc/settings/MediaSourceSettings.cpp:71:10 #7 0x59cf0563f3d0 in CMediaSourceSettings::OnSettingsLoaded() xbmc/settings/MediaSourceSettings.cpp:61:3 #8 0x59cf053c86c4 in CSettingsManager::OnSettingsLoaded() xbmc/settings/lib/SettingsManager.cpp:1022:22 #9 0x59cf053969dc in CSettingsManager::Load(TiXmlElement const*, bool&, bool, std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CSetting>, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, std::shared_ptr<CSetting>>>>*) xbmc/settings/lib/SettingsManager.cpp:173:5 #10 0x59cf056ed775 in CSettingsBase::LoadValuesFromXml(TiXmlElement const*, bool&) xbmc/settings/SettingsBase.cpp:86:29 #11 0x59cf056b96b0 in CSettings::Load(TiXmlElement const*, bool&) xbmc/settings/Settings.cpp:217:23 #12 0x59cf056b8f00 in CSettings::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/settings/Settings.cpp:125:8 xbmc#13 0x59cf056b87e5 in CSettings::Load() xbmc/settings/Settings.cpp:117:10 xbmc#14 0x59cf05715a60 in CSettingsComponent::Load() xbmc/settings/SettingsComponent.cpp:83:22 xbmc#15 0x59cf041da912 in CApplication::Create() xbmc/application/Application.cpp:320:27 xbmc#16 0x59cf033b4eed in XBMC_Run xbmc/platform/xbmc.cpp:26:22 xbmc#17 0x59cf00752b7f in main xbmc/platform/posix/main.cpp:70:16 xbmc#18 0x74a07d239c87 (/usr/lib/libc.so.6+0x25c87) (BuildId: 32a656aa5562eece8c59a585f5eacd6cf5e2307b) xbmc#19 0x74a07d239d4b in __libc_start_main (/usr/lib/libc.so.6+0x25d4b) (BuildId: 32a656aa5562eece8c59a585f5eacd6cf5e2307b) xbmc#20 0x59cf00618804 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0x9f91804) (BuildId: fa447ae84e6fbfe91e7ec718a600116496d7607e) 0x5190000406e8 is located 104 bytes inside of 1112-byte region [0x519000040680,0x519000040ad8) freed by thread T0 here: #0 0x59cf007069b2 in free.part.0 (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa07f9b2) (BuildId: fa447ae84e6fbfe91e7ec718a600116496d7607e) #1 0x59cf02e59ed8 in CRegExp::PrivateRegFind(unsigned long, char const*, unsigned int, int) xbmc/utils/RegExp.cpp:352:3 #2 0x59cf013cb942 in CRegExp::RegFind(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, unsigned int, int) xbmc/utils/RegExp.h:95:12 #3 0x59cf0316a9ef in CXBMCTinyXML2::ParseHelper(unsigned long, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>&&) xbmc/utils/XBMCTinyXML2.cpp:106:12 #4 0x59cf0316965b in CXBMCTinyXML2::Parse(std::basic_string_view<char, std::char_traits<char>>) xbmc/utils/XBMCTinyXML2.cpp:82:10 #5 0x59cf03168fac in CXBMCTinyXML2::LoadFile(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/utils/XBMCTinyXML2.cpp:36:3 #6 0x59cf0563fe1b in CMediaSourceSettings::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/settings/MediaSourceSettings.cpp:85:15 #7 0x59cf0563f590 in CMediaSourceSettings::Load() xbmc/settings/MediaSourceSettings.cpp:71:10 #8 0x59cf0563f3d0 in CMediaSourceSettings::OnSettingsLoaded() xbmc/settings/MediaSourceSettings.cpp:61:3 #9 0x59cf053c86c4 in CSettingsManager::OnSettingsLoaded() xbmc/settings/lib/SettingsManager.cpp:1022:22 #10 0x59cf053969dc in CSettingsManager::Load(TiXmlElement const*, bool&, bool, std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CSetting>, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, std::shared_ptr<CSetting>>>>*) xbmc/settings/lib/SettingsManager.cpp:173:5 #11 0x59cf056ed775 in CSettingsBase::LoadValuesFromXml(TiXmlElement const*, bool&) xbmc/settings/SettingsBase.cpp:86:29 #12 0x59cf056b96b0 in CSettings::Load(TiXmlElement const*, bool&) xbmc/settings/Settings.cpp:217:23 xbmc#13 0x59cf056b8f00 in CSettings::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/settings/Settings.cpp:125:8 xbmc#14 0x59cf056b87e5 in CSettings::Load() xbmc/settings/Settings.cpp:117:10 xbmc#15 0x59cf05715a60 in CSettingsComponent::Load() xbmc/settings/SettingsComponent.cpp:83:22 xbmc#16 0x59cf041da912 in CApplication::Create() xbmc/application/Application.cpp:320:27 xbmc#17 0x59cf033b4eed in XBMC_Run xbmc/platform/xbmc.cpp:26:22 xbmc#18 0x59cf00752b7f in main xbmc/platform/posix/main.cpp:70:16 xbmc#19 0x74a07d239c87 (/usr/lib/libc.so.6+0x25c87) (BuildId: 32a656aa5562eece8c59a585f5eacd6cf5e2307b) xbmc#20 0x74a07d239d4b in __libc_start_main (/usr/lib/libc.so.6+0x25d4b) (BuildId: 32a656aa5562eece8c59a585f5eacd6cf5e2307b) xbmc#21 0x59cf00618804 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0x9f91804) (BuildId: fa447ae84e6fbfe91e7ec718a600116496d7607e) previously allocated by thread T0 here: #0 0x59cf007079e9 in malloc (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa0809e9) (BuildId: fa447ae84e6fbfe91e7ec718a600116496d7607e) #1 0x74a07fb7faed (/usr/lib/libpcre2-8.so.0+0x12aed) (BuildId: d6a22ace8f92ae592b620499fc467ef7899f99a0) #2 0x74a07fbbf29f in pcre2_match_data_create_8 (/usr/lib/libpcre2-8.so.0+0x5229f) (BuildId: d6a22ace8f92ae592b620499fc467ef7899f99a0) #3 0x59cf02e59c65 in CRegExp::PrivateRegFind(unsigned long, char const*, unsigned int, int) xbmc/utils/RegExp.cpp:347:8 #4 0x59cf013cb942 in CRegExp::RegFind(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, unsigned int, int) xbmc/utils/RegExp.h:95:12 #5 0x59cf0316a9ef in CXBMCTinyXML2::ParseHelper(unsigned long, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>&&) xbmc/utils/XBMCTinyXML2.cpp:106:12 #6 0x59cf0316965b in CXBMCTinyXML2::Parse(std::basic_string_view<char, std::char_traits<char>>) xbmc/utils/XBMCTinyXML2.cpp:82:10 #7 0x59cf03168fac in CXBMCTinyXML2::LoadFile(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/utils/XBMCTinyXML2.cpp:36:3 #8 0x59cf0563fe1b in CMediaSourceSettings::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/settings/MediaSourceSettings.cpp:85:15 #9 0x59cf0563f590 in CMediaSourceSettings::Load() xbmc/settings/MediaSourceSettings.cpp:71:10 #10 0x59cf0563f3d0 in CMediaSourceSettings::OnSettingsLoaded() xbmc/settings/MediaSourceSettings.cpp:61:3 #11 0x59cf053c86c4 in CSettingsManager::OnSettingsLoaded() xbmc/settings/lib/SettingsManager.cpp:1022:22 #12 0x59cf053969dc in CSettingsManager::Load(TiXmlElement const*, bool&, bool, std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CSetting>, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, std::shared_ptr<CSetting>>>>*) xbmc/settings/lib/SettingsManager.cpp:173:5 xbmc#13 0x59cf056ed775 in CSettingsBase::LoadValuesFromXml(TiXmlElement const*, bool&) xbmc/settings/SettingsBase.cpp:86:29 xbmc#14 0x59cf056b96b0 in CSettings::Load(TiXmlElement const*, bool&) xbmc/settings/Settings.cpp:217:23 xbmc#15 0x59cf056b8f00 in CSettings::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/settings/Settings.cpp:125:8 xbmc#16 0x59cf056b87e5 in CSettings::Load() xbmc/settings/Settings.cpp:117:10 xbmc#17 0x59cf05715a60 in CSettingsComponent::Load() xbmc/settings/SettingsComponent.cpp:83:22 xbmc#18 0x59cf041da912 in CApplication::Create() xbmc/application/Application.cpp:320:27 xbmc#19 0x59cf033b4eed in XBMC_Run xbmc/platform/xbmc.cpp:26:22 xbmc#20 0x59cf00752b7f in main xbmc/platform/posix/main.cpp:70:16 xbmc#21 0x74a07d239c87 (/usr/lib/libc.so.6+0x25c87) (BuildId: 32a656aa5562eece8c59a585f5eacd6cf5e2307b) xbmc#22 0x74a07d239d4b in __libc_start_main (/usr/lib/libc.so.6+0x25d4b) (BuildId: 32a656aa5562eece8c59a585f5eacd6cf5e2307b) xbmc#23 0x59cf00618804 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0x9f91804) (BuildId: fa447ae84e6fbfe91e7ec718a600116496d7607e) SUMMARY: AddressSanitizer: heap-use-after-free xbmc/utils/RegExp.cpp:425:10 in CRegExp::PrivateRegFind(unsigned long, char const*, unsigned int, int) Shadow bytes around the buggy address: 0x519000040400: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x519000040480: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x519000040500: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x519000040580: fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa fa 0x519000040600: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x519000040680: fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd 0x519000040700: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x519000040780: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x519000040800: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x519000040880: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x519000040900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==28015==ABORTING

ASAN error: ==226990==ERROR: AddressSanitizer: initialization-order-fiasco on address 0x5a8f25b81ce0 at pc 0x5a8f17dd10ae bp 0x7ffe5391ce50 sp 0x7ffe5391ce48 READ of size 1 at 0x5a8f25b81ce0 thread T0 #0 0x5a8f17dd10ad in XbmcThreads::CRecursiveMutex::getRecursiveAttr() xbmc/platform/posix/threads/RecursiveMutex.cpp:37:8 #1 0x5a8f17817a4e in XbmcThreads::CRecursiveMutex::CRecursiveMutex() xbmc/platform/posix/threads/RecursiveMutex.h:35:60 #2 0x5a8f17817998 in XbmcThreads::CountingLockable<XbmcThreads::CRecursiveMutex>::CountingLockable() xbmc/threads/Lockables.h:47:12 #3 0x5a8f1780dae8 in CCriticalSection::CCriticalSection() xbmc/threads/CriticalSection.h:16:7 #4 0x5a8f1b27fd98 in CComponentContainer<IApplicationComponent>::CComponentContainer() xbmc/utils/ComponentContainer.h:26:7 #5 0x5a8f1b1f3273 in CApplication::CApplication() xbmc/application/Application.cpp:217:15 #6 0x5a8f17918fe0 in xbmcutil::GlobalsSingleton<CApplication>::getInstance() xbmc/utils/GlobalsHandling.h:147:23 #7 0x5a8f17918f0f in __cxx_global_var_init.1 xbmc/application/Application.h:250:1 #8 0x5a8f17918f49 in _GLOBAL__sub_I_UPnPRenderer.cpp xbmc/network/upnp/UPnPRenderer.cpp #9 0x7c5016639dc3 in __libc_start_main (/usr/lib/libc.so.6+0x25dc3) (BuildId: 32a656aa5562eece8c59a585f5eacd6cf5e2307b) #10 0x5a8f17636814 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0x9fa3814) (BuildId: 6cfd7dacce8a4a587ad47d2f082a4e50dad4c176) 0x5a8f25b81ce0 is located 32 bytes before global variable 'XbmcThreads::recursiveAttr' defined in 'xbmc/platform/posix/threads/RecursiveMutex.cpp' (0x5a8f25b81d00) of size 4 registered at: #0 0x5a8f17651629 in __asan_register_globals.part.0 (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0x9fbe629) (BuildId: 6cfd7dacce8a4a587ad47d2f082a4e50dad4c176) #1 0x5a8f17651cce in __asan_register_elf_globals (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0x9fbecce) (BuildId: 6cfd7dacce8a4a587ad47d2f082a4e50dad4c176) #2 0x7c5016639dc3 in __libc_start_main (/usr/lib/libc.so.6+0x25dc3) (BuildId: 32a656aa5562eece8c59a585f5eacd6cf5e2307b) #3 0x5a8f17636814 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0x9fa3814) (BuildId: 6cfd7dacce8a4a587ad47d2f082a4e50dad4c176) 0x5a8f25b81ce0 is located 0 bytes inside of global variable 'XbmcThreads::recursiveAttrSet' defined in 'xbmc/platform/posix/threads/RecursiveMutex.cpp' (0x5a8f25b81ce0) of size 1 'XbmcThreads::recursiveAttrSet' is ascii string '' registered at: #0 0x5a8f17651629 in __asan_register_globals.part.0 (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0x9fbe629) (BuildId: 6cfd7dacce8a4a587ad47d2f082a4e50dad4c176) #1 0x5a8f17651cce in __asan_register_elf_globals (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0x9fbecce) (BuildId: 6cfd7dacce8a4a587ad47d2f082a4e50dad4c176) #2 0x7c5016639dc3 in __libc_start_main (/usr/lib/libc.so.6+0x25dc3) (BuildId: 32a656aa5562eece8c59a585f5eacd6cf5e2307b) #3 0x5a8f17636814 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0x9fa3814) (BuildId: 6cfd7dacce8a4a587ad47d2f082a4e50dad4c176) SUMMARY: AddressSanitizer: initialization-order-fiasco xbmc/platform/posix/threads/RecursiveMutex.cpp:37:8 in XbmcThreads::CRecursiveMutex::getRecursiveAttr() Shadow bytes around the buggy address: 0x5a8f25b81a00: f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 00 00 00 00 0x5a8f25b81a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x5a8f25b81b00: 00 00 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 00 00 00 00 0x5a8f25b81b80: f6 f6 f6 f6 00 00 00 00 f6 f6 f6 f6 f6 f6 f6 f6 0x5a8f25b81c00: f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 =>0x5a8f25b81c80: 00 00 00 00 f6 f6 f6 f6 00 00 00 00[f6]f6 f6 f6 0x5a8f25b81d00: 04 f9 f9 f9 01 f9 f9 f9 00 00 00 00 f6 f6 f6 f6 0x5a8f25b81d80: 00 00 00 00 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 0x5a8f25b81e00: 00 00 00 00 f6 f6 f6 f6 00 00 00 00 f9 f9 f9 f9 0x5a8f25b81e80: 00 f9 f9 f9 00 f9 f9 f9 f6 f6 f6 f6 f6 f6 f6 f6 0x5a8f25b81f00: f6 f6 f6 f6 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb

Only remove the child if the node is actually a child. ==51989==ERROR: AddressSanitizer: heap-use-after-free on address 0x511003b69210 at pc 0x5ce4b249275e bp 0x7fff43e1d430 sp 0x7fff43e1d428 READ of size 8 at 0x511003b69210 thread T0 #0 0x5ce4b249275d in TiXmlAttributeSet::First() /usr/include/tinyxml.h:915:50 #1 0x5ce4b2492098 in TiXmlElement::FirstAttribute() /usr/include/tinyxml.h:1087:61 #2 0x5ce4b2bb091e in CGUIIncludes::ResolveParametersForNode(TiXmlElement*, std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>>> const&) xbmc/guilib/GUIIncludes.cpp:586:37 #3 0x5ce4b2bae9bb in CGUIIncludes::ResolveIncludes(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:485:9 #4 0x5ce4b2ba8eaf in CGUIIncludes::Resolve(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:312:3 #5 0x5ce4b2ba8fce in CGUIIncludes::Resolve(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:318:5 #6 0x5ce4b3e808d3 in ADDON::CSkinInfo::ResolveIncludes(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/addons/Skin.cpp:307:14 #7 0x5ce4b2e00084 in CGUIWindow::Prepare(std::unique_ptr<TiXmlElement, std::default_delete<TiXmlElement>> const&) xbmc/guilib/GUIWindow.cpp:168:15 #8 0x5ce4b2dff45e in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:15 #9 0x5ce4b2dfd540 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14 #10 0x5ce4b2e1cac5 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7 #11 0x5ce4b2e14c77 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52 #12 0x5ce4b19ce9d2 in CGUIWindowHome::OnMessage(CGUIMessage&) xbmc/windows/GUIWindowHome.cpp:182:22 xbmc#13 0x5ce4b2e613a1 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15 xbmc#14 0x5ce4b2e5ce3c in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5 xbmc#15 0x5ce4b683ad63 in int (anonymous namespace)::ActivateWindow<true>(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/GUIBuiltins.cpp:109:52 xbmc#16 0x5ce4b6822865 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 xbmc#17 0x5ce4b34047ff in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 xbmc#18 0x5ce4b3400a16 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 xbmc#19 0x5ce4b34058a0 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp xbmc#20 0x5ce4b2e52261 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 xbmc#21 0x5ce4b2e7cc7f in CGUIWindowManager::DispatchThreadMessages() xbmc/guilib/GUIWindowManager.cpp:1572:7 xbmc#22 0x5ce4b3405bfa in CApplication::Process() xbmc/application/Application.cpp:3139:48 xbmc#23 0x5ce4b33ddc98 in CApplication::Run() xbmc/application/Application.cpp:1855:5 xbmc#24 0x5ce4b251b323 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 xbmc#25 0x5ce4af14af0f in main xbmc/platform/posix/main.cpp:70:16 xbmc#26 0x76d804243ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) xbmc#27 0x76d804243d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) xbmc#28 0x5ce4af010b94 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa317b94) (BuildId: 923aa634157be6adc50052366abd3ca0edfeffc0) 0x511003b69210 is located 208 bytes inside of 216-byte region [0x511003b69140,0x511003b69218) freed by thread T0 here: #0 0x5ce4af148d72 in operator delete(void*, unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44fd72) (BuildId: 923aa634157be6adc50052366abd3ca0edfeffc0) #1 0x76d80670ea48 in TiXmlNode::RemoveChild(TiXmlNode*) (/usr/lib/libtinyxml.so.0+0x8a48) (BuildId: 2f5d236264d4d695dbe432f41e1eb46c7bc2d5d4) #2 0x5ce4b2bae9a3 in CGUIIncludes::ResolveIncludes(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:482:9 #3 0x5ce4b2ba8eaf in CGUIIncludes::Resolve(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:312:3 #4 0x5ce4b2ba8fce in CGUIIncludes::Resolve(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/guilib/GUIIncludes.cpp:318:5 #5 0x5ce4b3e808d3 in ADDON::CSkinInfo::ResolveIncludes(TiXmlElement*, std::map<std::shared_ptr<INFO::InfoBool>, bool, std::less<std::shared_ptr<INFO::InfoBool>>, std::allocator<std::pair<std::shared_ptr<INFO::InfoBool> const, bool>>>*) xbmc/addons/Skin.cpp:307:14 #6 0x5ce4b2e00084 in CGUIWindow::Prepare(std::unique_ptr<TiXmlElement, std::default_delete<TiXmlElement>> const&) xbmc/guilib/GUIWindow.cpp:168:15 #7 0x5ce4b2dff45e in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:15 #8 0x5ce4b2dfd540 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14 #9 0x5ce4b2e1cac5 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7 #10 0x5ce4b2e14c77 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52 #11 0x5ce4b19ce9d2 in CGUIWindowHome::OnMessage(CGUIMessage&) xbmc/windows/GUIWindowHome.cpp:182:22 #12 0x5ce4b2e613a1 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15 xbmc#13 0x5ce4b2e5ce3c in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5 xbmc#14 0x5ce4b683ad63 in int (anonymous namespace)::ActivateWindow<true>(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/GUIBuiltins.cpp:109:52 xbmc#15 0x5ce4b6822865 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 xbmc#16 0x5ce4b34047ff in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 xbmc#17 0x5ce4b3400a16 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 xbmc#18 0x5ce4b34058a0 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp xbmc#19 0x5ce4b2e52261 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 xbmc#20 0x5ce4b2e7cc7f in CGUIWindowManager::DispatchThreadMessages() xbmc/guilib/GUIWindowManager.cpp:1572:7 xbmc#21 0x5ce4b3405bfa in CApplication::Process() xbmc/application/Application.cpp:3139:48 xbmc#22 0x5ce4b33ddc98 in CApplication::Run() xbmc/application/Application.cpp:1855:5 xbmc#23 0x5ce4b251b323 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 xbmc#24 0x5ce4af14af0f in main xbmc/platform/posix/main.cpp:70:16 xbmc#25 0x76d804243ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) previously allocated by thread T0 here: #0 0x5ce4af147e12 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44ee12) (BuildId: 923aa634157be6adc50052366abd3ca0edfeffc0) #1 0x76d806711497 in TiXmlElement::Clone() const (/usr/lib/libtinyxml.so.0+0xb497) (BuildId: 2f5d236264d4d695dbe432f41e1eb46c7bc2d5d4) SUMMARY: AddressSanitizer: heap-use-after-free /usr/include/tinyxml.h:915:50 in TiXmlAttributeSet::First() Shadow bytes around the buggy address: 0x511003b68f80: 00 00 00 fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69100: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x511003b69180: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x511003b69200: fd fd[fd]fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69280: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69300: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69380: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69400: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x511003b69480: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==51989==ABORTING (cherry picked from commit 52988c9)

See comment in code for information. ==30885==ERROR: AddressSanitizer: heap-use-after-free on address 0x51800050bbe8 at pc 0x56aa085d20db bp 0x7ffd92777f50 sp 0x7ffd92777f48 READ of size 1 at 0x51800050bbe8 thread T0 #0 0x56aa085d20da in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:86:9 #1 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40 #2 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27 #3 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28 #4 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29 #5 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 #6 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 #7 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 #8 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 #9 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 #10 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 #11 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 #12 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 xbmc#13 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 xbmc#14 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 xbmc#15 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 xbmc#16 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 xbmc#17 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 xbmc#18 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) xbmc#19 0x7517fb043d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) xbmc#20 0x56aa04d91c54 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa317c54) (BuildId: 7f84180dd757174de6de03b115843129667234d3) 0x51800050bbe8 is located 872 bytes inside of 880-byte region [0x51800050b880,0x51800050bbf0) freed by thread T0 here: #0 0x56aa04ec996a in operator delete(void*) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44f96a) (BuildId: 7f84180dd757174de6de03b115843129667234d3) #1 0x56aa08ae24d1 in CGUIStaticItem::~CGUIStaticItem() xbmc/guilib/GUIStaticItem.h:55:38 #2 0x56aa05922763 in std::_Sp_counted_ptr<CGUIStaticItem*, (__gnu_cxx::_Lock_policy)2>::_M_dispose() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:428:9 #3 0x56aa04ecd0bc in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:346:8 #4 0x56aa04eccca9 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1071:11 #5 0x56aa050d1c6c in std::__shared_ptr<CGUIListItem, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr_base.h:1524:31 #6 0x56aa050c6ee8 in std::shared_ptr<CGUIListItem>::~shared_ptr() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/shared_ptr.h:175:11 #7 0x56aa08465110 in void std::_Destroy<std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:151:19 #8 0x56aa0846505e in void std::_Destroy_aux<false>::__destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:163:6 #9 0x56aa08465024 in void std::_Destroy<std::shared_ptr<CGUIListItem>*>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_construct.h:195:7 #10 0x56aa084a624b in void std::_Destroy<std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>>(std::shared_ptr<CGUIListItem>*, std::shared_ptr<CGUIListItem>*, std::allocator<std::shared_ptr<CGUIListItem>>&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/alloc_traits.h:947:7 #11 0x56aa084a624b in std::vector<std::shared_ptr<CGUIListItem>, std::allocator<std::shared_ptr<CGUIListItem>>>::~vector() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/stl_vector.h:732:2 #12 0x56aa086169e5 in CGUIBaseContainer::~CGUIBaseContainer() xbmc/guilib/GUIBaseContainer.cpp:117:1 xbmc#13 0x56aa08c4a148 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59 xbmc#14 0x56aa08c4a198 in CGUIWrappingListContainer::~CGUIWrappingListContainer() xbmc/guilib/GUIWrappingListContainer.cpp:26:59 xbmc#15 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 xbmc#16 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 xbmc#17 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 xbmc#18 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 xbmc#19 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 xbmc#20 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 xbmc#21 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 xbmc#22 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 xbmc#23 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 xbmc#24 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 xbmc#25 0x56aa08743bb9 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:56:3 xbmc#26 0x56aa08743c48 in CGUIControlGroup::~CGUIControlGroup() xbmc/guilib/GUIControlGroup.cpp:55:1 xbmc#27 0x56aa08758935 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 xbmc#28 0x56aa08b9f39d in CGUIWindow::ClearAll() xbmc/guilib/GUIWindow.cpp:816:21 xbmc#29 0x56aa08b9ed97 in CGUIWindow::FreeResources(bool) xbmc/guilib/GUIWindow.cpp:799:53 xbmc#30 0x56aa08bf8e34 in CGUIWindowManager::DeInitialize() xbmc/guilib/GUIWindowManager.cpp:1452:14 xbmc#31 0x56aa09264d22 in CApplicationSkinHandling::UnloadSkin() xbmc/application/ApplicationSkinHandling.cpp:235:29 xbmc#32 0x56aa0925e0fd in CApplicationSkinHandling::LoadSkin(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/application/ApplicationSkinHandling.cpp:111:3 xbmc#33 0x56aa0926a8e6 in CApplicationSkinHandling::ReloadSkin(bool) xbmc/application/ApplicationSkinHandling.cpp:390:7 xbmc#34 0x56aa0c635399 in ReloadSkin(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/SkinBuiltins.cpp:46:12 xbmc#35 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 xbmc#36 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 xbmc#37 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 xbmc#38 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp xbmc#39 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 xbmc#40 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52 xbmc#41 0x56aa084b7701 in CStaticListProvider::OnClick(std::shared_ptr<CGUIListItem> const&) xbmc/guilib/listproviders/StaticProvider.cpp:136:40 xbmc#42 0x56aa0862e065 in CGUIBaseContainer::OnClick(int) xbmc/guilib/GUIBaseContainer.cpp:881:27 xbmc#43 0x56aa0862b09c in CGUIBaseContainer::OnAction(CAction const&) xbmc/guilib/GUIBaseContainer.cpp:474:28 xbmc#44 0x56aa08c4bdf5 in CGUIWrappingListContainer::OnAction(CAction const&) xbmc/guilib/GUIWrappingListContainer.cpp:75:29 xbmc#45 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 xbmc#46 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 xbmc#47 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 xbmc#48 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 xbmc#49 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 xbmc#50 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 xbmc#51 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 xbmc#52 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 xbmc#53 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 xbmc#54 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 xbmc#55 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 xbmc#56 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 xbmc#57 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 xbmc#58 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) previously allocated by thread T0 here: #0 0x56aa04ec8ed2 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa44eed2) (BuildId: 7f84180dd757174de6de03b115843129667234d3) #1 0x56aa084b3183 in CStaticListProvider::CStaticListProvider(TiXmlElement const*, int) xbmc/guilib/listproviders/StaticProvider.cpp:28:33 #2 0x56aa0849c590 in std::__detail::_MakeUniq<CStaticListProvider>::__single_object std::make_unique<CStaticListProvider, TiXmlElement const*, int&>(TiXmlElement const*&&, int&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../include/c++/13.2.1/bits/unique_ptr.h:1070:34 #3 0x56aa0849bac7 in IListProvider::CreateSingle(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:34:12 #4 0x56aa0849b582 in IListProvider::Create(TiXmlNode const*, int) xbmc/guilib/listproviders/IListProvider.cpp:25:12 #5 0x56aa0864bbe8 in CGUIBaseContainer::LoadListProvider(TiXmlElement*, int, bool) xbmc/guilib/GUIBaseContainer.cpp:1282:20 #6 0x56aa0871b1c3 in CGUIControlFactory::Create(int, CRectGen<float> const&, TiXmlElement*, bool) xbmc/guilib/GUIControlFactory.cpp:1543:17 #7 0x56aa08b884c4 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:281:38 #8 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #9 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #10 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #11 0x56aa08b8a088 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:309:9 #12 0x56aa08b87cf6 in CGUIWindow::Load(TiXmlElement*) xbmc/guilib/GUIWindow.cpp:264:11 xbmc#13 0x56aa08b80657 in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:10 xbmc#14 0x56aa08b7e6c0 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14 xbmc#15 0x56aa08b9dc45 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7 xbmc#16 0x56aa08b95df7 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52 xbmc#17 0x56aa08be2521 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15 xbmc#18 0x56aa08bddfbc in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5 xbmc#19 0x56aa0c5b75f3 in int (anonymous namespace)::ActivateWindow<false>(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/GUIBuiltins.cpp:109:52 xbmc#20 0x56aa0c5a39e5 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 xbmc#21 0x56aa0918597f in CApplication::ExecuteXBMCAction(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::shared_ptr<CGUIListItem> const&) xbmc/application/Application.cpp:3037:32 xbmc#22 0x56aa09181b96 in CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp:3013:14 xbmc#23 0x56aa09186a20 in non-virtual thunk to CApplication::OnMessage(CGUIMessage&) xbmc/application/Application.cpp xbmc#24 0x56aa08bd33e1 in CGUIWindowManager::SendMessage(CGUIMessage&) xbmc/guilib/GUIWindowManager.cpp:510:23 xbmc#25 0x56aa085d2502 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const xbmc/guilib/GUIAction.cpp:89:52 xbmc#26 0x56aa0867f896 in CGUIButtonControl::OnClick() xbmc/guilib/GUIButtonControl.cpp:393:16 xbmc#27 0x56aa08677e86 in CGUIButtonControl::OnAction(CAction const&) xbmc/guilib/GUIButtonControl.cpp:212:5 xbmc#28 0x56aa08b8f441 in CGUIWindow::OnAction(CAction const&) xbmc/guilib/GUIWindow.cpp:429:27 xbmc#29 0x56aa08bee00c in CGUIWindowManager::HandleAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1199:20 xbmc#30 0x56aa08bec973 in CGUIWindowManager::OnAction(CAction const&) const xbmc/guilib/GUIWindowManager.cpp:1144:11 xbmc#31 0x56aa0912be04 in CApplication::OnAction(CAction const&) xbmc/application/Application.cpp:913:54 xbmc#32 0x56aa0c914de1 in CInputManager::ExecuteInputAction(CAction const&) xbmc/input/InputManager.cpp:746:29 xbmc#33 0x56aa0c921842 in CInputManager::HandleKey(CKey const&) xbmc/input/InputManager.cpp:680:10 xbmc#34 0x56aa0c91c2ec in CInputManager::OnKeyUp(CKey const&) xbmc/input/InputManager.cpp:693:5 xbmc#35 0x56aa0c917737 in CInputManager::OnEvent(XBMC_Event&) xbmc/input/InputManager.cpp:361:7 xbmc#36 0x56aa090fe458 in CAppInboundProtocol::HandleEvents() xbmc/application/AppInboundProtocol.cpp:113:43 xbmc#37 0x56aa0915b240 in CApplication::FrameMove(bool, bool) xbmc/application/Application.cpp:1756:17 xbmc#38 0x56aa0915f200 in CApplication::Run() xbmc/application/Application.cpp:1860:7 xbmc#39 0x56aa0829c3e3 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 xbmc#40 0x56aa04ecbfcf in main xbmc/platform/posix/main.cpp:70:16 xbmc#41 0x7517fb043ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) SUMMARY: AddressSanitizer: heap-use-after-free xbmc/guilib/GUIAction.cpp:86:9 in CGUIAction::ExecuteActions(int, int, std::shared_ptr<CGUIListItem> const&) const Shadow bytes around the buggy address: 0x51800050b900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050b980: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050ba00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050ba80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51800050bb00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x51800050bb80: fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fa fa 0x51800050bc00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x51800050bc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050bd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050bd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x51800050be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==30885==ABORTING (cherry picked from commit 9e4cfd2)

When using a skin that doesn't provide a CGUIEditControl, GUIDialogSettingsBase creates its own. When switching to a skin that does provide one, it loads it from the skin, overwrites the pointer to its own edit control (memory leak!) but still thinks it owns the control because m_newOriginalEdit is true. In DeleteControls() it then deletes the edit control that it doesn't own. Cleaning up and resetting the flag in FreeControls() solves the problem. ASAN error: ==29999==ERROR: AddressSanitizer: heap-use-after-free on address 0x51d0015bd080 at pc 0x5dcd1a23e410 bp 0x7ffe96645b50 sp 0x7ffe96645b48 READ of size 8 at 0x51d0015bd080 thread T0 #0 0x5dcd1a23e40f in CGUIDialogSettingsBase::DeleteControls() xbmc/settings/dialogs/GUIDialogSettingsBase.cpp:476:5 #1 0x5dcd1a22b1c0 in CGUIDialogSettingsBase::~CGUIDialogSettingsBase() xbmc/settings/dialogs/GUIDialogSettingsBase.cpp:77:3 #2 0x5dcd1a27e8a8 in CGUIDialogSettingsManagerBase::~CGUIDialogSettingsManagerBase() xbmc/settings/dialogs/GUIDialogSettingsManagerBase.cpp:19:63 #3 0x5dcd19fee328 in CGUIWindowSettingsCategory::~CGUIWindowSettingsCategory() xbmc/settings/windows/GUIWindowSettingsCategory.cpp:66:57 #4 0x5dcd19fee438 in CGUIWindowSettingsCategory::~CGUIWindowSettingsCategory() xbmc/settings/windows/GUIWindowSettingsCategory.cpp:66:57 #5 0x5dcd1899e2ea in CGUIWindowManager::DestroyWindow(int) xbmc/guilib/GUIWindowManager.cpp:489:5 #6 0x5dcd1899d5bd in CGUIWindowManager::DestroyWindows() xbmc/guilib/GUIWindowManager.cpp:459:5 #7 0x5dcd18f2e94e in CApplication::Cleanup() xbmc/application/Application.cpp:1917:34 #8 0x5dcd18f2d405 in CApplication::Run() xbmc/application/Application.cpp:1876:3 #9 0x5dcd1806a143 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #10 0x5dcd14c97b2f in main xbmc/platform/posix/main.cpp:70:16 #11 0x7fb259c43ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) #12 0x7fb259c43d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) xbmc#13 0x5dcd14b5d7b4 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa3197b4) (BuildId: e4bf2336bbd9ba3ae66ffab4d8a0bca77c50c089) 0x51d0015bd080 is located 0 bytes inside of 2096-byte region [0x51d0015bd080,0x51d0015bd8b0) freed by thread T0 here: #0 0x5dcd14c954ca in operator delete(void*) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa4514ca) (BuildId: e4bf2336bbd9ba3ae66ffab4d8a0bca77c50c089) #1 0x5dcd18582f01 in CGUIEditControl::~CGUIEditControl() xbmc/guilib/GUIEditControl.cpp:106:39 #2 0x5dcd18526695 in CGUIControlGroup::ClearAll() xbmc/guilib/GUIControlGroup.cpp:525:5 #3 0x5dcd1896d04d in CGUIWindow::ClearAll() xbmc/guilib/GUIWindow.cpp:816:21 #4 0x5dcd1896ca47 in CGUIWindow::FreeResources(bool) xbmc/guilib/GUIWindow.cpp:799:53 #5 0x5dcd189c6ae4 in CGUIWindowManager::DeInitialize() xbmc/guilib/GUIWindowManager.cpp:1452:14 #6 0x5dcd190329d2 in CApplicationSkinHandling::UnloadSkin() xbmc/application/ApplicationSkinHandling.cpp:235:29 #7 0x5dcd18f2dd81 in CApplication::Cleanup() xbmc/application/Application.cpp:1895:47 #8 0x5dcd18f2d405 in CApplication::Run() xbmc/application/Application.cpp:1876:3 #9 0x5dcd1806a143 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 #10 0x5dcd14c97b2f in main xbmc/platform/posix/main.cpp:70:16 #11 0x7fb259c43ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) previously allocated by thread T0 here: #0 0x5dcd14c94a32 in operator new(unsigned long) (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0xa450a32) (BuildId: e4bf2336bbd9ba3ae66ffab4d8a0bca77c50c089) #1 0x5dcd184dd051 in CGUIControlFactory::Create(int, CRectGen<float> const&, TiXmlElement*, bool) xbmc/guilib/GUIControlFactory.cpp:1298:17 #2 0x5dcd18956174 in CGUIWindow::LoadControl(TiXmlElement*, CGUIControlGroup*, CRectGen<float> const&) xbmc/guilib/GUIWindow.cpp:281:38 #3 0x5dcd189559a6 in CGUIWindow::Load(TiXmlElement*) xbmc/guilib/GUIWindow.cpp:264:11 #4 0x5dcd18578d5a in CGUIDialog::Load(TiXmlElement*) xbmc/guilib/GUIDialog.cpp:39:22 #5 0x5dcd1894e307 in CGUIWindow::LoadXML(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindow.cpp:155:10 #6 0x5dcd1894c370 in CGUIWindow::Load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, bool) xbmc/guilib/GUIWindow.cpp:109:14 #7 0x5dcd1896b8f5 in CGUIWindow::AllocResources(bool) xbmc/guilib/GUIWindow.cpp:765:7 #8 0x5dcd18963aa7 in CGUIWindow::OnMessage(CGUIMessage&) xbmc/guilib/GUIWindow.cpp:594:52 #9 0x5dcd1857a996 in CGUIDialog::OnMessage(CGUIMessage&) xbmc/guilib/GUIDialog.cpp:93:19 #10 0x5dcd1a2332c2 in CGUIDialogSettingsBase::OnMessage(CGUIMessage&) xbmc/settings/dialogs/GUIDialogSettingsBase.cpp:264:22 #11 0x5dcd19feeab3 in CGUIWindowSettingsCategory::OnMessage(CGUIMessage&) xbmc/settings/windows/GUIWindowSettingsCategory.cpp:75:38 #12 0x5dcd189b01d1 in CGUIWindowManager::ActivateWindow_Internal(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:896:15 xbmc#13 0x5dcd189abc6c in CGUIWindowManager::ActivateWindow(int, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, bool, bool) xbmc/guilib/GUIWindowManager.cpp:802:5 xbmc#14 0x5dcd189a9ac5 in CGUIWindowManager::ActivateWindow(int, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/guilib/GUIWindowManager.cpp:779:3 xbmc#15 0x5dcd19030b15 in CApplicationSkinHandling::LoadSkin(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/application/ApplicationSkinHandling.cpp:186:50 xbmc#16 0x5dcd19038596 in CApplicationSkinHandling::ReloadSkin(bool) xbmc/application/ApplicationSkinHandling.cpp:390:7 xbmc#17 0x5dcd1c404429 in ReloadSkin(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) xbmc/interfaces/builtins/SkinBuiltins.cpp:46:12 xbmc#18 0x5dcd1c372a75 in CBuiltins::Execute(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) xbmc/interfaces/builtins/Builtins.cpp:158:14 xbmc#19 0x5dcd18f1bf6a in CApplication::OnApplicationMessage(KODI::MESSAGING::ThreadMessage*) xbmc/application/Application.cpp:1577:30 xbmc#20 0x5dcd18f27390 in non-virtual thunk to CApplication::OnApplicationMessage(KODI::MESSAGING::ThreadMessage*) xbmc/application/Application.cpp xbmc#21 0x5dcd181b400d in KODI::MESSAGING::CApplicationMessenger::ProcessMessage(KODI::MESSAGING::ThreadMessage*) xbmc/messaging/ApplicationMessenger.cpp:244:17 xbmc#22 0x5dcd181b6325 in KODI::MESSAGING::CApplicationMessenger::ProcessMessages() xbmc/messaging/ApplicationMessenger.cpp:217:5 xbmc#23 0x5dcd18f5501a in CApplication::Process() xbmc/application/Application.cpp:3156:38 xbmc#24 0x5dcd18f2cac8 in CApplication::Run() xbmc/application/Application.cpp:1855:5 xbmc#25 0x5dcd1806a143 in XBMC_Run xbmc/platform/xbmc.cpp:61:26 xbmc#26 0x5dcd14c97b2f in main xbmc/platform/posix/main.cpp:70:16 xbmc#27 0x7fb259c43ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af) SUMMARY: AddressSanitizer: heap-use-after-free xbmc/settings/dialogs/GUIDialogSettingsBase.cpp:476:5 in CGUIDialogSettingsBase::DeleteControls() Shadow bytes around the buggy address: 0x51d0015bce00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x51d0015bce80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x51d0015bcf00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x51d0015bcf80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x51d0015bd000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x51d0015bd080:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51d0015bd100: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51d0015bd180: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51d0015bd200: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51d0015bd280: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x51d0015bd300: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==29999==ABORTING (cherry picked from commit 3be3878)

github-actions · 2024-08-14T08:18:25Z

This pull request is now marked stale because it has been open over a year without activity. Remove the stale label or add a comment to reset the stale state.

ASAN error: ==226990==ERROR: AddressSanitizer: initialization-order-fiasco on address 0x5a8f25b81ce0 at pc 0x5a8f17dd10ae bp 0x7ffe5391ce50 sp 0x7ffe5391ce48 READ of size 1 at 0x5a8f25b81ce0 thread T0 #0 0x5a8f17dd10ad in XbmcThreads::CRecursiveMutex::getRecursiveAttr() xbmc/platform/posix/threads/RecursiveMutex.cpp:37:8 #1 0x5a8f17817a4e in XbmcThreads::CRecursiveMutex::CRecursiveMutex() xbmc/platform/posix/threads/RecursiveMutex.h:35:60 #2 0x5a8f17817998 in XbmcThreads::CountingLockable<XbmcThreads::CRecursiveMutex>::CountingLockable() xbmc/threads/Lockables.h:47:12 #3 0x5a8f1780dae8 in CCriticalSection::CCriticalSection() xbmc/threads/CriticalSection.h:16:7 #4 0x5a8f1b27fd98 in CComponentContainer<IApplicationComponent>::CComponentContainer() xbmc/utils/ComponentContainer.h:26:7 #5 0x5a8f1b1f3273 in CApplication::CApplication() xbmc/application/Application.cpp:217:15 #6 0x5a8f17918fe0 in xbmcutil::GlobalsSingleton<CApplication>::getInstance() xbmc/utils/GlobalsHandling.h:147:23 #7 0x5a8f17918f0f in __cxx_global_var_init.1 xbmc/application/Application.h:250:1 #8 0x5a8f17918f49 in _GLOBAL__sub_I_UPnPRenderer.cpp xbmc/network/upnp/UPnPRenderer.cpp #9 0x7c5016639dc3 in __libc_start_main (/usr/lib/libc.so.6+0x25dc3) (BuildId: 32a656aa5562eece8c59a585f5eacd6cf5e2307b) #10 0x5a8f17636814 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0x9fa3814) (BuildId: 6cfd7dacce8a4a587ad47d2f082a4e50dad4c176) 0x5a8f25b81ce0 is located 32 bytes before global variable 'XbmcThreads::recursiveAttr' defined in 'xbmc/platform/posix/threads/RecursiveMutex.cpp' (0x5a8f25b81d00) of size 4 registered at: #0 0x5a8f17651629 in __asan_register_globals.part.0 (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0x9fbe629) (BuildId: 6cfd7dacce8a4a587ad47d2f082a4e50dad4c176) #1 0x5a8f17651cce in __asan_register_elf_globals (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0x9fbecce) (BuildId: 6cfd7dacce8a4a587ad47d2f082a4e50dad4c176) #2 0x7c5016639dc3 in __libc_start_main (/usr/lib/libc.so.6+0x25dc3) (BuildId: 32a656aa5562eece8c59a585f5eacd6cf5e2307b) #3 0x5a8f17636814 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0x9fa3814) (BuildId: 6cfd7dacce8a4a587ad47d2f082a4e50dad4c176) 0x5a8f25b81ce0 is located 0 bytes inside of global variable 'XbmcThreads::recursiveAttrSet' defined in 'xbmc/platform/posix/threads/RecursiveMutex.cpp' (0x5a8f25b81ce0) of size 1 'XbmcThreads::recursiveAttrSet' is ascii string '' registered at: #0 0x5a8f17651629 in __asan_register_globals.part.0 (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0x9fbe629) (BuildId: 6cfd7dacce8a4a587ad47d2f082a4e50dad4c176) #1 0x5a8f17651cce in __asan_register_elf_globals (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0x9fbecce) (BuildId: 6cfd7dacce8a4a587ad47d2f082a4e50dad4c176) #2 0x7c5016639dc3 in __libc_start_main (/usr/lib/libc.so.6+0x25dc3) (BuildId: 32a656aa5562eece8c59a585f5eacd6cf5e2307b) #3 0x5a8f17636814 in _start (/home/mark/Coding/Repos/kodi-git/build_clang_debug_sanitizer/kodi.bin+0x9fa3814) (BuildId: 6cfd7dacce8a4a587ad47d2f082a4e50dad4c176) SUMMARY: AddressSanitizer: initialization-order-fiasco xbmc/platform/posix/threads/RecursiveMutex.cpp:37:8 in XbmcThreads::CRecursiveMutex::getRecursiveAttr() Shadow bytes around the buggy address: 0x5a8f25b81a00: f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 00 00 00 00 0x5a8f25b81a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x5a8f25b81b00: 00 00 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 00 00 00 00 0x5a8f25b81b80: f6 f6 f6 f6 00 00 00 00 f6 f6 f6 f6 f6 f6 f6 f6 0x5a8f25b81c00: f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 =>0x5a8f25b81c80: 00 00 00 00 f6 f6 f6 f6 00 00 00 00[f6]f6 f6 f6 0x5a8f25b81d00: 04 f9 f9 f9 01 f9 f9 f9 00 00 00 00 f6 f6 f6 f6 0x5a8f25b81d80: 00 00 00 00 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 0x5a8f25b81e00: 00 00 00 00 f6 f6 f6 f6 00 00 00 00 f9 f9 f9 f9 0x5a8f25b81e80: 00 f9 f9 f9 00 f9 f9 f9 f6 f6 f6 f6 f6 f6 f6 f6 0x5a8f25b81f00: f6 f6 f6 f6 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb (cherry picked from commit 317a652)

Fixes the following Valgrind warning: Thread 67 Vaapi-Output: Conditional jump or move depends on uninitialised value(s) at 0x14DF1F0: VAAPI::COutput::InitCycle() (VAAPI.cpp:2055) by 0x14E367E: VAAPI::COutput::StateMachine(int, Actor::Protocol*, Actor::Message*) (VAAPI.cpp:1719) by 0x14E3860: VAAPI::COutput::Process() (VAAPI.cpp:1897) by 0x19A7F24: CThread::Action() (Thread.cpp:283) by 0x19A9207: operator() (Thread.cpp:152) by 0x19A9207: __invoke_impl<void, CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > (invoke.h:61) by 0x19A9207: __invoke<CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > (invoke.h:96) by 0x19A9207: _M_invoke<0, 1, 2> (std_thread.h:301) by 0x19A9207: operator() (std_thread.h:308) by 0x19A9207: std::thread::_State_impl<std::thread::_Invoker<std::tuple<CThread::Create(bool)::{lambda(CThread*, std::promise<bool>)#1}, CThread*, std::promise<bool> > > >::_M_run() (std_thread.h:253) by 0x882DC33: execute_native_thread_routine (thread.cc:104) by 0x8A9639C: start_thread (pthread_create.c:447) by 0x8B1B2A3: clone (clone.S:100) Uninitialised value was created by a heap allocation at 0x5CA1F93: operator new(unsigned long) (vg_replace_malloc.c:487) by 0x14E1496: VAAPI::CDecoder::Create(CDVDStreamInfo&, CProcessInfo&, AVPixelFormat) (VAAPI.cpp:1256) by 0x15052EA: operator() (std_function.h:591) by 0x15052EA: CDVDFactoryCodec::CreateVideoCodecHWAccel(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, CDVDStreamInfo&, CProcessInfo&, AVPixelFormat) (DVDFactoryCodec.cpp:118) by 0x14CDC06: CDVDVideoCodecFFmpeg::GetFormat(AVCodecContext*, AVPixelFormat const*) (DVDVideoCodecFFmpeg.cpp:287) by 0x2DC40F5: ff_get_format (in kodi.bin) by 0x2EF4379: get_pixel_format (in kodi.bin) by 0x2EF6345: h264_init_ps (in kodi.bin) by 0x2EF945E: ff_h264_queue_decode_slice (in kodi.bin) by 0x2EFF8DB: h264_decode_frame (in kodi.bin) by 0x2DC2A0B: ff_decode_receive_frame_internal (in kodi.bin) by 0x2DC2F54: decode_receive_frame_internal (in kodi.bin) by 0x2DC31FB: avcodec_send_packet (in kodi.bin)

Fixes the following Valgrind warning: Thread 67 Vaapi-Output: Conditional jump or move depends on uninitialised value(s) at 0x14DF1F0: VAAPI::COutput::InitCycle() (VAAPI.cpp:2055) by 0x14E367E: VAAPI::COutput::StateMachine(int, Actor::Protocol*, Actor::Message*) (VAAPI.cpp:1719) by 0x14E3860: VAAPI::COutput::Process() (VAAPI.cpp:1897) by 0x19A7F24: CThread::Action() (Thread.cpp:283) by 0x19A9207: operator() (Thread.cpp:152) by 0x19A9207: __invoke_impl<void, CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > (invoke.h:61) by 0x19A9207: __invoke<CThread::Create(bool)::<lambda(CThread*, std::promise<bool>)>, CThread*, std::promise<bool> > (invoke.h:96) by 0x19A9207: _M_invoke<0, 1, 2> (std_thread.h:301) by 0x19A9207: operator() (std_thread.h:308) by 0x19A9207: std::thread::_State_impl<std::thread::_Invoker<std::tuple<CThread::Create(bool)::{lambda(CThread*, std::promise<bool>)#1}, CThread*, std::promise<bool> > > >::_M_run() (std_thread.h:253) by 0x882DC33: execute_native_thread_routine (thread.cc:104) by 0x8A9639C: start_thread (pthread_create.c:447) by 0x8B1B2A3: clone (clone.S:100) Uninitialised value was created by a heap allocation at 0x5CA1F93: operator new(unsigned long) (vg_replace_malloc.c:487) by 0x14E1496: VAAPI::CDecoder::Create(CDVDStreamInfo&, CProcessInfo&, AVPixelFormat) (VAAPI.cpp:1256) by 0x15052EA: operator() (std_function.h:591) by 0x15052EA: CDVDFactoryCodec::CreateVideoCodecHWAccel(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, CDVDStreamInfo&, CProcessInfo&, AVPixelFormat) (DVDFactoryCodec.cpp:118) by 0x14CDC06: CDVDVideoCodecFFmpeg::GetFormat(AVCodecContext*, AVPixelFormat const*) (DVDVideoCodecFFmpeg.cpp:287) by 0x2DC40F5: ff_get_format (in kodi.bin) by 0x2EF4379: get_pixel_format (in kodi.bin) by 0x2EF6345: h264_init_ps (in kodi.bin) by 0x2EF945E: ff_h264_queue_decode_slice (in kodi.bin) by 0x2EFF8DB: h264_decode_frame (in kodi.bin) by 0x2DC2A0B: ff_decode_receive_frame_internal (in kodi.bin) by 0x2DC2F54: decode_receive_frame_internal (in kodi.bin) by 0x2DC31FB: avcodec_send_packet (in kodi.bin) (cherry picked from commit 30f9568)

DaveTBlake reviewed Sep 1, 2019

View reviewed changes

Initial work to add boxsets navigation

d8d7799

the-black-eagle force-pushed the ADD_BOXSETS_ABILITY branch from 3f54334 to 050f0ed Compare September 4, 2019 06:24

DaveTBlake suggested changes Sep 4, 2019

View reviewed changes

DaveTBlake reviewed Sep 4, 2019

View reviewed changes

Add listitems (DiscName and IsBoxset)

bdca0e7

Remove unused code, switch to using pItem->SetArt Add support for reading disc subtitles Bump db version to 73. Update album & song tables for box sets Remove strDiscSubtitle from artist table

the-black-eagle force-pushed the ADD_BOXSETS_ABILITY branch from 050f0ed to 7b810fd Compare September 4, 2019 11:07

DaveTBlake reviewed Sep 5, 2019

View reviewed changes

the-black-eagle added 2 commits September 5, 2019 09:25

Show the disc subtitle in songview and MusicVisualisation

695590b

Start to add JSON support

4a5357d

the-black-eagle force-pushed the ADD_BOXSETS_ABILITY branch from 7b810fd to 4a5357d Compare September 5, 2019 08:26

github-actions Bot added the Stale label Aug 14, 2024

Conversation

the-black-eagle commented Aug 31, 2019

Description

Motivation and Context

How Has This Been Tested?

Screenshots (if appropriate):

Types of change

Checklist:

Uh oh!

DaveTBlake commented Aug 31, 2019 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

the-black-eagle commented Aug 31, 2019

Uh oh!

the-black-eagle commented Sep 1, 2019

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

DaveTBlake commented Sep 1, 2019

Uh oh!

DaveTBlake commented Sep 1, 2019 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

the-black-eagle commented Sep 1, 2019

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

DaveTBlake commented Sep 1, 2019

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

DaveTBlake commented Sep 4, 2019

Uh oh!

the-black-eagle commented Sep 4, 2019

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

DaveTBlake left a comment

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

DaveTBlake commented Sep 4, 2019

Uh oh!

DaveTBlake commented Aug 31, 2019 •

edited

Loading

DaveTBlake commented Sep 1, 2019 •

edited

Loading

DaveTBlake Sep 4, 2019 •

edited

Loading