From 98d7d04ae787d6b50715f2aac3be01eba8f7c5dc Mon Sep 17 00:00:00 2001
From: Robin Gareus <robin@gareus.org>
Date: Wed, 26 Feb 2020 01:34:36 +0100
Subject: Fix potential memory corruption at session close

(valgrind trace, line-numbers from mixbus+6.0-190-g0ec6bc35a)
==29797== Invalid write of size 4
==29797==    at 0x619BB3F: boost::dynamic_bitset<unsigned int, std::allocator<unsigned int> >::reference::do_reset() (dynamic_bitset.hpp:120)
==29797==    by 0x6196002: boost::dynamic_bitset<unsigned int, std::allocator<unsigned int> >::reference::do_assign(bool) (dynamic_bitset.hpp:122)
==29797==    by 0x618F670: boost::dynamic_bitset<unsigned int, std::allocator<unsigned int> >::reference::operator=(bool) (dynamic_bitset.hpp:107)
==29797==    by 0x617E426: ARDOUR::Session::unmark_send_id(unsigned int) (session.cc:5633)
==29797==    by 0x6156714: ARDOUR::Send::~Send() (send.cc:125)
==29797==    by 0x5CE12A7: ARDOUR::InternalSend::~InternalSend() (internal_send.cc:71)
==29797==    by 0x5CE1319: ARDOUR::InternalSend::~InternalSend() (internal_send.cc:76)
==29797==    by 0x1556128: void boost::checked_delete<ARDOUR::InternalSend>(ARDOUR::InternalSend*) (checked_delete.hpp:34)
==29797==    by 0x155E689: boost::detail::sp_counted_impl_p<ARDOUR::InternalSend>::dispose() (sp_counted_impl.hpp:92)
==29797==    by 0xCC0E30: boost::detail::sp_counted_base::release() (sp_counted_base_std_atomic.hpp:110)
==29797==    by 0xCC0EA6: boost::detail::shared_count::~shared_count() (shared_count.hpp:426)
==29797==    by 0x134BD15: boost::shared_ptr<ARDOUR::InternalSend>::~shared_ptr() (shared_ptr.hpp:366)
==29797==    by 0x60FACC1: ARDOUR::Route::~Route() (route.cc:498)
==29797==    by 0x60FAF4D: ARDOUR::Route::~Route() (route.cc:517)
==29797==    by 0x166144C: void boost::checked_delete<ARDOUR::Route>(ARDOUR::Route*) (checked_delete.hpp:34)
==29797==    by 0x166338F: boost::detail::sp_counted_impl_p<ARDOUR::Route>::dispose() (sp_counted_impl.hpp:92)
==29797==    by 0xCC0E30: boost::detail::sp_counted_base::release() (sp_counted_base_std_atomic.hpp:110)
==29797==    by 0xCC0EA6: boost::detail::shared_count::~shared_count() (shared_count.hpp:426)
==29797==    by 0xCD2385: boost::shared_ptr<ARDOUR::Route>::~shared_ptr() (shared_ptr.hpp:366)
==29797==    by 0x615D0E5: ARDOUR::Session::~Session() (session.cc:455)
==29797==    by 0x615D4A3: ARDOUR::Session::~Session() (session.cc:461)
---
 libs/ardour/session.cc | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'libs/ardour/session.cc')

diff --git a/libs/ardour/session.cc b/libs/ardour/session.cc
index 8d13570689..66e1d10caf 100644
--- a/libs/ardour/session.cc
+++ b/libs/ardour/session.cc
@@ -5466,6 +5466,9 @@ Session::mark_insert_id (uint32_t id)
 void
 Session::unmark_send_id (uint32_t id)
 {
+	if (deletion_in_progress ()) {
+		return;
+	}
 	if (id < send_bitset.size()) {
 		send_bitset[id] = false;
 	}
@@ -5474,6 +5477,9 @@ Session::unmark_send_id (uint32_t id)
 void
 Session::unmark_aux_send_id (uint32_t id)
 {
+	if (deletion_in_progress ()) {
+		return;
+	}
 	if (id < aux_send_bitset.size()) {
 		aux_send_bitset[id] = false;
 	}
@@ -5493,6 +5499,9 @@ Session::unmark_return_id (uint32_t id)
 void
 Session::unmark_insert_id (uint32_t id)
 {
+	if (deletion_in_progress ()) {
+		return;
+	}
 	if (id < insert_bitset.size()) {
 		insert_bitset[id] = false;
 	}
-- 
cgit v1.2.3