0004809: High impact static analysis bug: use after free

ID	Project	Category	View Status	Date Submitted	Last Update

0004809	ardour	bugs	public	2012-04-04 23:18	2020-04-19 20:16

Reporter	ahurst	Assigned To	cth103
Priority	normal	Severity	major	Reproducibility	have not tried
Status	closed	Resolution	fixed
Product Version	3.0-beta3
Target Version	3.0

Summary	0004809: High impact static analysis bug: use after free
Description	Object is freed twice at libs/ardour/audiosource.cc:424. First occurrence: libs/ardour/audiosource.cc:424 (primary defect) Second occurrence: libs/ardour/audiosource.cc:416 (valid, but at least it's inside an error condition)
Additional Information	*** "operator delete(void )" frees "peakfile_descriptor". 401 delete peakfile_descriptor; 402 403 if (nread != sizeof (PeakData) npeaks) { 404 cerr << "AudioSource[" 405 << _name 406 << "]: cannot read peaks from peakfile! (read only " 407 << nread 408 << " not " 409 << npeaks 410 << "at sample " 411 << start 412 << " = byte " 413 << first_peak_byte 414 << ')' 415 << endl; *** Use after free (USE_AFTER_FREE) 416 delete peakfile_descriptor; 417 return -1; 418 } 419 420 if (zero_fill) { 421 memset (&peaks[npeaks], 0, sizeof (PeakData) * zero_fill); 422 } 423 *** Use after free (USE_AFTER_FREE) 424 delete peakfile_descriptor; 425 return 0;
Tags	No tags attached.

Date Modified	Username	Field	Change
2012-04-04 23:18	ahurst	New Issue
2012-04-05 01:13	cth103	cost	=> 0.00
2012-04-05 01:13	cth103	Target Version	=> 3.0 beta4
2012-04-05 01:22	cth103	Note Added: 0013081
2012-04-05 01:22	cth103	Status	new => resolved
2012-04-05 01:22	cth103	Resolution	open => fixed
2012-04-05 01:22	cth103	Assigned To	=> cth103
2012-05-23 15:08	cth103	Target Version	3.0 beta4 => 3.0
2020-04-19 20:16	system	Note Added: 0023018
2020-04-19 20:16	system	Status	resolved => closed

cth103 2012-04-05 01:22 administrator ~0013081	SVN 11792.

system 2020-04-19 20:16 developer ~0023018	Issue has been closed automatically, by Trigger Close Plugin. Feel free to re-open with additional information if you think the issue is not resolved.