search

christf / snapcastc

C implementation of snapcast focussing on audio quality and ease of maintenance.
GNU General Public License v3.0
43 stars 6 forks source link

Server: Memory Corruption on client handling #60

Closed christf closed 4 years ago

christf commented 4 years ago

Asan says there is a problem when refreshing clients. I am not sure what triggers this but sometimes(TM) the server crashes when built with asan displaying this trace:

Refreshing Client (2) has IP fda0:fc66:c0b6:0:76da:38ff:fe8b:ac08, port 38527
Refreshing Client (3) has IP fe80::5a05:a9c2:4bb4:49dc, port 35484
AddressSanitizer:DEADLYSIGNAL
=================================================================
==26885==ERROR: AddressSanitizer: SEGV on unknown address 0x000010000001 (pc 0x55c0ecce8f31 bp 0x7ffcb0e54980 sp 0x7ffcb0e54980 T0)
==26885==The signal is caused by a WRITE memory access.
    #0 0x55c0ecce8f30 in taskqueue_unlink (/home/christof/Programmierung/snapcastc/build/src/snapcast-server+0xef30)
    #1 0x55c0ecce91c6 in taskqueue_remove (/home/christof/Programmierung/snapcastc/build/src/snapcast-server+0xf1c6)
    #2 0x55c0ecce8c52 in reschedule_task (/home/christof/Programmierung/snapcastc/build/src/snapcast-server+0xec52)
    #3 0x55c0ecce401c in clientmgr_refresh_client (/home/christof/Programmierung/snapcastc/build/src/snapcast-server+0xa01c)
    #4 0x55c0ecce3181 in intercom_handle_client_operation (/home/christof/Programmierung/snapcastc/build/src/snapcast-server+0x9181)
    #5 0x55c0ecce335b in intercom_handle_packet (/home/christof/Programmierung/snapcastc/build/src/snapcast-server+0x935b)
    #6 0x55c0eccea1c1 in intercom_handle_in (/home/christof/Programmierung/snapcastc/build/src/snapcast-server+0x101c1)
    #7 0x55c0ecce0ecb in loop (/home/christof/Programmierung/snapcastc/build/src/snapcast-server+0x6ecb)
    #8 0x55c0ecce24b1 in main (/home/christof/Programmierung/snapcastc/build/src/snapcast-server+0x84b1)
    #9 0x7f6c0a88609a in __libc_start_main ../csu/libc-start.c:308
    #10 0x55c0eccdf6f9 in _start (/home/christof/Programmierung/snapcastc/build/src/snapcast-server+0x56f9)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/home/christof/Programmierung/snapcastc/build/src/snapcast-server+0xef30) in taskqueue_unlink
==26885==ABORTING

before that, sometimes but not always this is in the logs:

Client [0] unknown: cannot delete
christf commented 4 years ago

VECTOR_GETINDEX is broken. Considering this log:

Initializing socket: 1705
starting loop
clientmgr: creating client: 3869592022
ADDING client 3869592022
hostname of peer: localhost
added client 3869592022(localhost) to stream default
Refreshing Client (3869592022) has IP ::ffff:127.0.0.1, port 52514
clientmgr: creating client: 2
ADDING client 2
hostname of peer: fda0:fc66:c0b6:0:76da:38ff:fe8b:ac08
added client 2(fda0:fc66:c0b6:0:76da:38ff:fe8b:ac08) to stream default
Refreshing Client (2) has IP fda0:fc66:c0b6:0:76da:38ff:fe8b:ac08, port 55940
Refreshing Client (3869592022) has IP ::ffff:127.0.0.1, port 52514
Refreshing Client (3869592022) has IP ::ffff:127.0.0.1, port 52514
Refreshing Client (3869592022) has IP ::ffff:127.0.0.1, port 52514
Refreshing Client (3869592022) has IP ::ffff:127.0.0.1, port 52514
REMOVING client 2, 1 clients left in stream.
Client fda0:fc66:c0b6:0:76da:38ff:fe8b:ac08(2) has IP fda0:fc66:c0b6:0:76da:38ff:fe8b:ac08, port 55940
removing client at vector elemend 0
clientmgr: creating client: 3869592022
ADDING client 3869592022
hostname of peer: localhost
added client 3869592022(localhost) to stream default
Refreshing Client (3869592022) has IP ::ffff:127.0.0.1, port 52514
Refreshing Client (3869592022) has IP ::ffff:127.0.0.1, port 52514
Refreshing Client (3869592022) has IP ::ffff:127.0.0.1, port 52514
REMOVING client 3869592022, 1 clients left in stream.
Client localhost(3869592022) has IP ::ffff:127.0.0.1, port 52514
removing client at vector element 0
Refreshing Client (3869592022) has IP ::ffff:127.0.0.1, port 52514
Refreshing Client (3869592022) has IP ::ffff:127.0.0.1, port 52514
Refreshing Client (3869592022) has IP ::ffff:127.0.0.1, port 52514
Refreshing Client (3869592022) has IP ::ffff:127.0.0.1, port 52514

the client with id 2 is stored at index 1 instead of index 0. As a result, the wrong client is removed. This explains the symptoms as task queue items are later attempted to be unlinked that have already expired.