#464 attempting double-free

[Henri Salo]

Credit: Henri Salo from Nixu Corporation

/home/afl/builds/lame/2017-08-18/bin/lame ~/lame-double-free.riff 
=================================================================
==31111==ERROR: AddressSanitizer: attempting double-free on 0x61600000f980 in thread T0:
    #0 0x7f9b2c89f527 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x54527)
    #1 0x7f9b2bdb9734 in fclose (/lib/x86_64-linux-gnu/libc.so.6+0x69734)
    #2 0x41c9a5 in close_input_file /home/afl/temp/lame/lame/lame/frontend/get_audio.c:1923
    #3 0x41c9a5 in open_wave_file /home/afl/temp/lame/lame/lame/frontend/get_audio.c:1842
    #4 0x41c9a5 in init_infile /home/afl/temp/lame/lame/lame/frontend/get_audio.c:622
    #5 0x407d5c in init_files /home/afl/temp/lame/lame/lame/frontend/lame_main.c:116
    #6 0x407d5c in lame_main /home/afl/temp/lame/lame/lame/frontend/lame_main.c:646
    #7 0x403c48 in c_main /home/afl/temp/lame/lame/lame/frontend/main.c:490
    #8 0x403c48 in main /home/afl/temp/lame/lame/lame/frontend/main.c:458
    #9 0x7f9b2bd71b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
    #10 0x404a15 (/home/afl/builds/lame/2017-08-18/bin/lame+0x404a15)

0x61600000f980 is located 0 bytes inside of 568-byte region [0x61600000f980,0x61600000fbb8)
freed by thread T0 here:
==31111==AddressSanitizer CHECK failed: ../../../../src/libsanitizer/asan/asan_allocator2.cc:234 "((id)) != (0)" (0x0, 0x0)
    #0 0x7f9b2c8a4ba3 (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x59ba3)
    #1 0x7f9b2c8a8ae3 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5dae3)
    #2 0x7f9b2c864aeb (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x19aeb)
    #3 0x7f9b2c8a2bbb (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x57bbb)
    #4 0x7f9b2c8a3447 (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x58447)
    #5 0x7f9b2c86a4fd (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x1f4fd)
    #6 0x7f9b2c89f4d5 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x544d5)
    #7 0x7f9b2bdb9734 in fclose (/lib/x86_64-linux-gnu/libc.so.6+0x69734)
    #8 0x41c9a5 in close_input_file /home/afl/temp/lame/lame/lame/frontend/get_audio.c:1923
    #9 0x41c9a5 in open_wave_file /home/afl/temp/lame/lame/lame/frontend/get_audio.c:1842
    #10 0x41c9a5 in init_infile /home/afl/temp/lame/lame/lame/frontend/get_audio.c:622
    #11 0x407d5c in init_files /home/afl/temp/lame/lame/lame/frontend/lame_main.c:116
    #12 0x407d5c in lame_main /home/afl/temp/lame/lame/lame/frontend/lame_main.c:646
    #13 0x403c48 in c_main /home/afl/temp/lame/lame/lame/frontend/main.c:490
    #14 0x403c48 in main /home/afl/temp/lame/lame/lame/frontend/main.c:458
    #15 0x7f9b2bd71b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
    #16 0x404a15 (/home/afl/builds/lame/2017-08-18/bin/lame+0x404a15)

Feel free to ask if you need any more information and I can try to provide.

[Robert Hegemann]

Thanks! A fix for this issue is now in CVS.

[Henri Salo]

Can you make this issue public, thanks?

[Robert Hegemann]

You can download the GNU tarball from CVS webview of module lame. It is sometimes a few minutes behind, but should contain my changes now.

This 'double free' issue is not an issue of any actual release version, but my fault as I tried to eleminate the exit calls.

[Henri Salo]

Alright. I meant that I reported this bug as "Private" and it could be "Public" now that it is fixed.

[Robert Hegemann]

Ah, didn't notice that. OK