Bug 356812

Summary: use-after-free crash on closing ktnef after opening a non-TNEF file
Product: [Applications] ktnef Reporter: Santhiar <santhiar.anirudh>
Component: generalAssignee: kdepim bugs <kdepim-bugs>
Status: RESOLVED DUPLICATE    
Severity: crash CC: montel
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: screenshot showing that the error dialog is not application modal

Description Santhiar 2015-12-17 03:58:29 UTC 
ktnef crashes with a use-after-free bug if it is closed when the error dialog saying cannot open file is being shown

Reproducible: Always

Steps to Reproduce:
1. Open a non TNEF file from File -> Open
2. When the error dialog saying cannot open file is shown,
3. Quit ktnef from the command line, saying "qdbus `qdbus | grep ktnef` /ktnef/MainWindow_1/actions/file_quit trigger"

Actual Results:  
ktnef crashes

Expected Results:  
ktnef closes smoothly

Version information:
Qt: 4.8.7
KDE Development Platform: 4.14.13
KTnef: 4.14.10

Here is the backtrace from KCrash:
Application: KTnef (ktnef), signal: Segmentation fault
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Current thread is 1 (Thread 0x7f1653389780 (LWP 23215))]

Thread 2 (Thread 0x7f164104d700 (LWP 23217)):
#0  0x00007f164d82f4ac in send () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x00007f164d82a020 in __vsyslog_chk () from /lib/x86_64-linux-gnu/libc.so.6
#2  0x00007f164d82a3af in syslog () from /lib/x86_64-linux-gnu/libc.so.6
#3  0x00007f164e3aac93 in QMutex::lock (this=0x259d650) at thread/qmutex.cpp:180
#4  0x00007f164e389645 in QMutex::lockInline (this=0x259d650) at ../../include/QtCore/../../src/corelib/thread/qmutex.h:201
#5  0x00007f164e3866c0 in QMutexLocker::QMutexLocker (this=0x7f164104ca20, m=0x259d650) at ../../include/QtCore/../../src/corelib/thread/qmutex.h:109
#6  0x00007f164e58be54 in QThreadData::canWaitLocked (this=0x259d600) at ../../include/QtCore/private/../../../src/corelib/thread/qthread_p.h:236
#7  0x00007f164e58f30b in QEventDispatcherUNIX::processEvents (this=0x7f163c0008f0, flags=...) at kernel/qeventdispatcher_unix.cpp:911
#8  0x00007f164e537f6c in QEventLoop::processEvents (this=0x7f164104cc78, flags=...) at kernel/qeventloop.cpp:149
#9  0x00007f164e538332 in QEventLoop::exec (this=0x7f164104cc78, flags=...) at kernel/qeventloop.cpp:225
#10 0x00007f164e3b00a0 in QThread::exec (this=0x259d7d0) at thread/qthread.cpp:659
#11 0x00007f164e507994 in QInotifyFileSystemWatcherEngine::run (this=0x259d7d0) at io/qfilesystemwatcher_inotify.cpp:265
#12 0x00007f164e3b4b2a in QThreadPrivate::start (arg=0x259d7d0) at thread/qthread_unix.cpp:361
#13 0x00007f164d525e9a in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
#14 0x00007f164d82e38d in clone () from /lib/x86_64-linux-gnu/libc.so.6
#15 0x0000000000000000 in ?? ()

Thread 1 (Thread 0x7f1653389780 (LWP 23215)):
[KCrash Handler]
#6  QPointer<QItemSelectionModel>::operator QItemSelectionModel* (this=0x2a8) at ../../include/QtCore/../../src/corelib/kernel/qpointer.h:78
#7  0x00007f16501a215b in QAbstractItemView::selectionModel (this=0x22d0eb0) at itemviews/qabstractitemview.cpp:766
#8  0x00007f1650268fa9 in QTreeWidget::clear (this=0x22d0eb0) at itemviews/qtreewidget.cpp:3273
#9  0x000000000041ccf3 in KTNEFView::setAttachments (this=0x22d0eb0, list=...) at KDE/kde/applications/kdepim/ktnef/ktnefview.cpp:90
#10 0x0000000000417c30 in KTNEFMain::loadFile (this=0x2295e10, filename=...) at KDE/kde/applications/kdepim/ktnef/ktnefmain.cpp:204
#11 0x000000000041830e in KTNEFMain::openFile (this=0x2295e10) at KDE/kde/applications/kdepim/ktnef/ktnefmain.cpp:228
#12 0x00007f164e564607 in QMetaObject::activate (sender=0x229b690, m=0x7f1650979540 <QAction::staticMetaObject>, local_signal_index=1, argv=0x7fffb7a04920) at kernel/qobject.cpp:3569
#13 0x00007f164f95b41d in QAction::triggered (this=0x229b690, _t1=false) at .moc/debug-shared/moc_qaction.cpp:277
#14 0x00007f164f95b232 in QAction::activate (this=0x229b690, event=QAction::Trigger) at kernel/qaction.cpp:1257
#15 0x00007f164f95d6ca in QAction::trigger (this=0x229b690) at qt/src/gui/kernel/qaction.h:218
#16 0x00007f16500bbf93 in QToolButton::nextCheckState (this=0x22ee2a0) at widgets/qtoolbutton.cpp:1152
#17 0x00007f164ff761c4 in QAbstractButtonPrivate::click (this=0x22e51c0) at widgets/qabstractbutton.cpp:530
#18 0x00007f164ff7775c in QAbstractButton::mouseReleaseEvent (this=0x22ee2a0, e=0x7fffb7a06278) at widgets/qabstractbutton.cpp:1123
#19 0x00007f16500bb854 in QToolButton::mouseReleaseEvent (this=0x22ee2a0, e=0x7fffb7a06278) at widgets/qtoolbutton.cpp:723
#20 0x00007f164f9f497e in QWidget::event (this=0x22ee2a0, event=0x7fffb7a06278) at kernel/qwidget.cpp:8389
#21 0x00007f164ff77581 in QAbstractButton::event (this=0x22ee2a0, e=0x7fffb7a06278) at widgets/qabstractbutton.cpp:1082
#22 0x00007f16500bc029 in QToolButton::event (this=0x22ee2a0, event=0x7fffb7a06278) at widgets/qtoolbutton.cpp:1168
#23 0x00007f164f96b48f in QApplicationPrivate::notify_helper (this=0x21c4920, receiver=0x22ee2a0, e=0x7fffb7a06278) at kernel/qapplication.cpp:4565
#24 0x00007f164f96e893 in QApplication::notify (this=0x7fffb7a07930, receiver=0x22ee2a0, e=0x7fffb7a06278) at kernel/qapplication.cpp:4108
#25 0x00007f1650f9ef7b in KApplication::notify (this=0x7fffb7a07930, receiver=0x22ee2a0, event=0x7fffb7a06278) at KDE/kde/kdelibs/kdeui/kernel/kapplication.cpp:311
#26 0x00007f164e53cdc6 in QCoreApplication::notifyInternal (this=0x7fffb7a07930, receiver=0x22ee2a0, event=0x7fffb7a06278) at kernel/qcoreapplication.cpp:955
#27 0x00007f164f97602f in QCoreApplication::sendSpontaneousEvent (receiver=0x22ee2a0, event=0x7fffb7a06278) at qt/src/gui/../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:234
#28 0x00007f164f96c531 in QApplicationPrivate::sendMouseEvent (receiver=0x22ee2a0, event=0x7fffb7a06278, alienWidget=0x22ee2a0, nativeWidget=0x2295e10, buttonDown=0x7f16509bf050 <qt_button_down>, lastMouseReceiver=..., spontaneous=true) at kernel/qapplication.cpp:3171
#29 0x00007f164fa3d5e5 in QETWidget::translateMouseEvent (this=0x2295e10, event=0x7fffb7a075b8) at kernel/qapplication_x11.cpp:4524
#30 0x00007f164fa38ff6 in QApplication::x11ProcessEvent (this=0x7fffb7a07930, event=0x7fffb7a075b8) at kernel/qapplication_x11.cpp:3520
#31 0x00007f164fa83456 in QEventDispatcherX11::processEvents (this=0x21984c0, flags=...) at kernel/qeventdispatcher_x11.cpp:151
#32 0x00007f164e537f6c in QEventLoop::processEvents (this=0x7fffb7a078b0, flags=...) at kernel/qeventloop.cpp:149
#33 0x00007f164e538332 in QEventLoop::exec (this=0x7fffb7a078b0, flags=...) at kernel/qeventloop.cpp:225
#34 0x00007f164e53d5ee in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1229
#35 0x00007f164f96d526 in QApplication::exec () at kernel/qapplication.cpp:3823
#36 0x000000000041db6b in main (argc=<optimized out>, argv=<optimized out>) at KDE/kde/applications/kdepim/ktnef/main.cpp:63
Comment 1 Santhiar 2015-12-17 04:01:11 UTC 
Created attachment 96137 [details]
screenshot showing that the error dialog is not application modal

In earlier versions of ktnef, the error can be reproduced by issuing a quit via the GUI rather than the terminal (as the attached screenshot demonstrates).

The crash is a use-after-free bug. I built a version of ktnef using AddressSanitizer and here is the report generated by AddressSanitizer for this bug:
=================================================================
==23263==ERROR: AddressSanitizer: heap-use-after-free on address 0x60c0000b9900 at pc 0x46e008 bp 0x7fff05913b70 sp 0x7fff05913b68
READ of size 8 at 0x60c0000b9900 thread T0
    #0 0x46e007 in KTNEFMain::loadFile(QString const&) (KDE/install-asan/bin/ktnef+0x46e007)
    #1 0x46f807 in KTNEFMain::openFile() (KDE/install-asan/bin/ktnef+0x46f807)
    #2 0x494412 in KTNEFMain::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (KDE/install-asan/bin/ktnef+0x494412)
    #3 0x7f9f84909606 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (install/qt4/lib/libQtCore.so.4+0x255606)
    #4 0x7f9f85e3741c in QAction::triggered(bool) (install/qt4/lib/libQtGui.so.4+0x22541c)
    #5 0x7f9f85e37231 in QAction::activate(QAction::ActionEvent) (install/qt4/lib/libQtGui.so.4+0x225231)
    #6 0x7f9f85e396c9 in QAction::trigger() (install/qt4/lib/libQtGui.so.4+0x2276c9)
    #7 0x7f9f86597f92 in QToolButton::nextCheckState() (install/qt4/lib/libQtGui.so.4+0x985f92)
    #8 0x7f9f864521c3 in QAbstractButtonPrivate::click() (install/qt4/lib/libQtGui.so.4+0x8401c3)
    #9 0x7f9f8645375b in QAbstractButton::mouseReleaseEvent(QMouseEvent*) (install/qt4/lib/libQtGui.so.4+0x84175b)
    #10 0x7f9f86597853 in QToolButton::mouseReleaseEvent(QMouseEvent*) (install/qt4/lib/libQtGui.so.4+0x985853)
    #11 0x7f9f85ed097d in QWidget::event(QEvent*) (install/qt4/lib/libQtGui.so.4+0x2be97d)
    #12 0x7f9f86453580 in QAbstractButton::event(QEvent*) (install/qt4/lib/libQtGui.so.4+0x841580)
    #13 0x7f9f86598028 in QToolButton::event(QEvent*) (install/qt4/lib/libQtGui.so.4+0x986028)
    #14 0x7f9f85e4748e in QApplicationPrivate::notify_helper(QObject*, QEvent*) (install/qt4/lib/libQtGui.so.4+0x23548e)
    #15 0x7f9f85e4a892 in QApplication::notify(QObject*, QEvent*) (install/qt4/lib/libQtGui.so.4+0x238892)
    #16 0x7f9f87709340 in KApplication::notify(QObject*, QEvent*) KDE/kde/kdelibs/kdeui/kernel/kapplication.cpp:311
    #17 0x7f9f848e1dc5 in QCoreApplication::notifyInternal(QObject*, QEvent*) (install/qt4/lib/libQtCore.so.4+0x22ddc5)
    #18 0x7f9f85e5202e in QCoreApplication::sendSpontaneousEvent(QObject*, QEvent*) (install/qt4/lib/libQtGui.so.4+0x24002e)
    #19 0x7f9f85e48530 in QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool) (install/qt4/lib/libQtGui.so.4+0x236530)
    #20 0x7f9f85f195e4 in QETWidget::translateMouseEvent(_XEvent const*) (install/qt4/lib/libQtGui.so.4+0x3075e4)
    #21 0x7f9f85f14ff5 in QApplication::x11ProcessEvent(_XEvent*) (install/qt4/lib/libQtGui.so.4+0x302ff5)
    #22 0x7f9f85f5f455 in QEventDispatcherX11::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (install/qt4/lib/libQtGui.so.4+0x34d455)
    #23 0x7f9f848dcf6b in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (install/qt4/lib/libQtCore.so.4+0x228f6b)
    #24 0x7f9f848dd331 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (install/qt4/lib/libQtCore.so.4+0x229331)
    #25 0x7f9f848e25ed in QCoreApplication::exec() (install/qt4/lib/libQtCore.so.4+0x22e5ed)
    #26 0x7f9f85e49525 in QApplication::exec() (install/qt4/lib/libQtGui.so.4+0x237525)
    #27 0x483563 in main (KDE/install-asan/bin/ktnef+0x483563)
    #28 0x7f9f834d876c (/lib/x86_64-linux-gnu/libc.so.6+0x2176c)
    #29 0x454e7c in _start (KDE/install-asan/bin/ktnef+0x454e7c)
0x60c0000b9900 is located 64 bytes inside of 128-byte region [0x60c0000b98c0,0x60c0000b9940)
freed by thread T0 here:
    #0 0x44049a in operator delete(void*) (KDE/install-asan/bin/ktnef+0x44049a)
    #1 0x46bf34 in KTNEFMain::~KTNEFMain() (KDE/install-asan/bin/ktnef+0x46bf34)
    #2 0x7f9f84902e3d in qDeleteInEventHandler(QObject*) (install/qt4/lib/libQtCore.so.4+0x24ee3d)
    #3 0x7f9f849029a7 in QObject::event(QEvent*) (install/qt4/lib/libQtCore.so.4+0x24e9a7)
    #4 0x7f9f85ed2345 in QWidget::event(QEvent*) (install/qt4/lib/libQtGui.so.4+0x2c0345)
    #5 0x7f9f864f3f72 in QMainWindow::event(QEvent*) (install/qt4/lib/libQtGui.so.4+0x8e1f72)
    #6 0x7f9f87a29133 in KMainWindow::event(QEvent*) KDE/kde/kdelibs/kdeui/widgets/kmainwindow.cpp:1126
    #7 0x7f9f87b2f0b2 in KXmlGuiWindow::event(QEvent*) KDE/kde/kdelibs/kdeui/xmlgui/kxmlguiwindow.cpp:126
    #8 0x7f9f85e4748e in QApplicationPrivate::notify_helper(QObject*, QEvent*) (install/qt4/lib/libQtGui.so.4+0x23548e)
    #9 0x7f9f85e4d32b in QApplication::notify(QObject*, QEvent*) (install/qt4/lib/libQtGui.so.4+0x23b32b)
    #10 0x7f9f87709340 in KApplication::notify(QObject*, QEvent*) KDE/kde/kdelibs/kdeui/kernel/kapplication.cpp:311
    #11 0x7f9f848e1dc5 in QCoreApplication::notifyInternal(QObject*, QEvent*) (install/qt4/lib/libQtCore.so.4+0x22ddc5)
    #12 0x7f9f848e6549 in QCoreApplication::sendEvent(QObject*, QEvent*) (install/qt4/lib/libQtCore.so.4+0x232549)
    #13 0x7f9f848e33f3 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (install/qt4/lib/libQtCore.so.4+0x22f3f3)
    #14 0x7f9f849342f6 in QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (install/qt4/lib/libQtCore.so.4+0x2802f6)
    #15 0x7f9f85f5f669 in QEventDispatcherX11::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (install/qt4/lib/libQtGui.so.4+0x34d669)
    #16 0x7f9f848dcf6b in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (install/qt4/lib/libQtCore.so.4+0x228f6b)
    #17 0x7f9f848dd331 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (install/qt4/lib/libQtCore.so.4+0x229331)
    #18 0x7f9f865fbc8a in QDialog::exec() (install/qt4/lib/libQtGui.so.4+0x9e9c8a)
    #19 0x7f9f874959dc in KMessageBox::createKMessageBox(KDialog*, QIcon const&, QString const&, QStringList const&, QString const&, bool*, QFlags<KMessageBox::Option>, QString const&, QMessageBox::Icon) KDE/kde/kdelibs/kdeui/dialogs/kmessagebox.cpp:344
    #20 0x7f9f87492fe1 in KMessageBox::createKMessageBox(KDialog*, QMessageBox::Icon, QString const&, QStringList const&, QString const&, bool*, QFlags<KMessageBox::Option>, QString const&) KDE/kde/kdelibs/kdeui/dialogs/kmessagebox.cpp:158
    #21 0x7f9f874a3d4a in KMessageBox::errorListWId(unsigned long, QString const&, QStringList const&, QString const&, QFlags<KMessageBox::Option>) KDE/kde/kdelibs/kdeui/dialogs/kmessagebox.cpp:854
    #22 0x7f9f874a340b in KMessageBox::error(QWidget*, QString const&, QString const&, QFlags<KMessageBox::Option>) KDE/kde/kdelibs/kdeui/dialogs/kmessagebox.cpp:821
    #23 0x46db45 in KTNEFMain::loadFile(QString const&) (KDE/install-asan/bin/ktnef+0x46db45)
    #24 0x46f807 in KTNEFMain::openFile() (KDE/install-asan/bin/ktnef+0x46f807)
    #25 0x494412 in KTNEFMain::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (KDE/install-asan/bin/ktnef+0x494412)
    #26 0x7f9f84909606 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (install/qt4/lib/libQtCore.so.4+0x255606)
    #27 0x7f9f85e3741c in QAction::triggered(bool) (install/qt4/lib/libQtGui.so.4+0x22541c)
    #28 0x7f9f85e37231 in QAction::activate(QAction::ActionEvent) (install/qt4/lib/libQtGui.so.4+0x225231)
    #29 0x7f9f85e396c9 in QAction::trigger() (install/qt4/lib/libQtGui.so.4+0x2276c9)
    #30 0x7f9f86597f92 in QToolButton::nextCheckState() (install/qt4/lib/libQtGui.so.4+0x985f92)
    #31 0x7f9f864521c3 in QAbstractButtonPrivate::click() (install/qt4/lib/libQtGui.so.4+0x8401c3)
    #32 0x7f9f8645375b in QAbstractButton::mouseReleaseEvent(QMouseEvent*) (install/qt4/lib/libQtGui.so.4+0x84175b)
    #33 0x7f9f86597853 in QToolButton::mouseReleaseEvent(QMouseEvent*) (install/qt4/lib/libQtGui.so.4+0x985853)
    #34 0x7f9f85ed097d in QWidget::event(QEvent*) (install/qt4/lib/libQtGui.so.4+0x2be97d)
    #35 0x7f9f86453580 in QAbstractButton::event(QEvent*) (install/qt4/lib/libQtGui.so.4+0x841580)
    #36 0x7f9f86598028 in QToolButton::event(QEvent*) (install/qt4/lib/libQtGui.so.4+0x986028)
    #37 0x7f9f85e4748e in QApplicationPrivate::notify_helper(QObject*, QEvent*) (install/qt4/lib/libQtGui.so.4+0x23548e)
    #38 0x7f9f85e4a892 in QApplication::notify(QObject*, QEvent*) (install/qt4/lib/libQtGui.so.4+0x238892)
    #39 0x7f9f87709340 in KApplication::notify(QObject*, QEvent*) KDE/kde/kdelibs/kdeui/kernel/kapplication.cpp:311
    #40 0x7f9f848e1dc5 in QCoreApplication::notifyInternal(QObject*, QEvent*) (install/qt4/lib/libQtCore.so.4+0x22ddc5)
    #41 0x7f9f85e5202e in QCoreApplication::sendSpontaneousEvent(QObject*, QEvent*) (install/qt4/lib/libQtGui.so.4+0x24002e)
    #42 0x7f9f85e48530 in QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool) (install/qt4/lib/libQtGui.so.4+0x236530)
    #43 0x7f9f85f195e4 in QETWidget::translateMouseEvent(_XEvent const*) (install/qt4/lib/libQtGui.so.4+0x3075e4)
    #44 0x7f9f85f14ff5 in QApplication::x11ProcessEvent(_XEvent*) (install/qt4/lib/libQtGui.so.4+0x302ff5)
    #45 0x7f9f85f5f455 in QEventDispatcherX11::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (install/qt4/lib/libQtGui.so.4+0x34d455)
    #46 0x7f9f848dcf6b in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (install/qt4/lib/libQtCore.so.4+0x228f6b)
    #47 0x7f9f848dd331 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (install/qt4/lib/libQtCore.so.4+0x229331)
    #48 0x7f9f848e25ed in QCoreApplication::exec() (install/qt4/lib/libQtCore.so.4+0x22e5ed)
    #49 0x7f9f85e49525 in QApplication::exec() (install/qt4/lib/libQtGui.so.4+0x237525)
    #50 0x483563 in main (KDE/install-asan/bin/ktnef+0x483563)
    #51 0x7f9f834d876c (/lib/x86_64-linux-gnu/libc.so.6+0x2176c)
    #52 0x454e7c in _start (KDE/install-asan/bin/ktnef+0x454e7c)
previously allocated by thread T0 here:
    #0 0x44021a in operator new(unsigned long) (KDE/install-asan/bin/ktnef+0x44021a)
    #1 0x4833b4 in main (KDE/install-asan/bin/ktnef+0x4833b4)
    #2 0x7f9f834d876c (/lib/x86_64-linux-gnu/libc.so.6+0x2176c)
    #3 0x454e7c in _start (KDE/install-asan/bin/ktnef+0x454e7c)
SUMMARY: AddressSanitizer: heap-use-after-free ??:0 KTNEFMain::loadFile(QString const&)
Shadow bytes around the buggy address:
  0x0c188000f2d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c188000f2e0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c188000f2f0: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
  0x0c188000f300: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c188000f310: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
=>0x0c188000f320:[fd]fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
  0x0c188000f330: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c188000f340: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c188000f350: 00 00 00 00 00 00 00 07 fa fa fa fa fa fa fa fa
  0x0c188000f360: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c188000f370: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:     fa
  Heap right redzone:    fb
  Freed heap region:     fd
  Stack left redzone:    f1
  Stack mid redzone:     f2
  Stack right redzone:   f3
  Stack partial redzone: f4
  Stack after return:    f5
  Stack use after scope: f8
  Global redzone:        f9
  Global init order:     f6
  Poisoned by user:      f7
  ASan internal:         fe
==23263==ABORTING
Comment 2 Laurent Montel 2015-12-17 05:42:30 UTC 
Why did you open the same bug as 356351 that I fixed ???
Comment 3 Santhiar 2015-12-17 06:27:27 UTC 
Oops, really sorry, forgot I'd already filed this one.

*** This bug has been marked as a duplicate of bug 356351 ***