Invalid read of size 1 in AudioStreamPlaybackOGGVorbis::_mix_internal

**Godot version:**
3.2.alpha.custom_build. 24e1039eb
**OS/device including version:**
Ubuntu 19.04
**Issue description:**
Godot must be compiled with sanitizers support(`scons p=x11 -j6 use_ubsan=yes use_lsan=yes use_asan=yes`) or checked with Valgrind(this is much slower)
When importing ogg files, Godot read freed memory:
```
READ of size 1 at 0x627000d790f5 thread T9
    #0 0x445407c in get8 thirdparty/misc/stb_vorbis.c:1298
    #1 0x4457899 in get8_packet_raw thirdparty/misc/stb_vorbis.c:1529
    #2 0x4457c43 in get_bits thirdparty/misc/stb_vorbis.c:1560
    #3 0x44756d7 in vorbis_decode_initial thirdparty/misc/stb_vorbis.c:3122
    #4 0x447f33d in vorbis_decode_packet thirdparty/misc/stb_vorbis.c:3438
    #5 0x44a0541 in stb_vorbis_get_frame_float thirdparty/misc/stb_vorbis.c:4942
    #6 0x44a7bf0 in stb_vorbis_get_samples_float_interleaved thirdparty/misc/stb_vorbis.c:5355
    #7 0x32f03d0 in AudioStreamPlaybackOGGVorbis::_mix_internal(AudioFrame*, int) modules/stb_vorbis/audio_stream_ogg_vorbis.cpp:48
    #8 0xd779e9d in AudioStreamPlaybackResampled::mix(AudioFrame*, float, int) servers/audio/audio_stream.cpp:84
    #9 0x74e2b18 in EditorAudioStreamPreviewPlugin::generate(Ref<Resource> const&, Vector2 const&) const editor/plugins/editor_preview_plugins.cpp:639
    #10 0x60eb1da in EditorResourcePreviewGenerator::generate_from_path(String const&, Vector2 const&) const editor/editor_resource_preview.cpp:69
    #11 0x60f2a27 in EditorResourcePreview::_generate_preview(Ref<ImageTexture>&, Ref<ImageTexture>&, EditorResourcePreview::QueueItem const&, String const&) editor/editor_resource_preview.cpp:167
    #12 0x60f8ff4 in EditorResourcePreview::_thread() editor/editor_resource_preview.cpp:270
    #13 0x60ef9a0 in EditorResourcePreview::_thread_func(void*) editor/editor_resource_preview.cpp:107
    #14 0x4ec42fd in ThreadPosix::thread_callback(void*) drivers/unix/thread_posix.cpp:74
    #15 0x7f4f6b4b2181 in start_thread /build/glibc-KRRWSm/glibc-2.29/nptl/pthread_create.c:486
    #16 0x7f4f6a721b1e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11db1e)

0x627000d790f5 is located 6133 bytes inside of 12092-byte region [0x627000d77900,0x627000d7a83c)
freed by thread T0 here:
    #0 0x7f4f6bf2604f in __interceptor_free (/lib/x86_64-linux-gnu/libasan.so.5+0x10c04f)
    #1 0xe94b899 in Memory::free_static(void*, bool) core/os/memory.cpp:181
    #2 0xc865e01 in AudioServer::audio_data_free(void*) servers/audio_server.cpp:1165
    #3 0x32f5cea in AudioStreamOGGVorbis::clear_data() modules/stb_vorbis/audio_stream_ogg_vorbis.cpp:160
    #4 0x32f70ee in AudioStreamOGGVorbis::set_data(PoolVector<unsigned char> const&) modules/stb_vorbis/audio_stream_ogg_vorbis.cpp:210
    #5 0x331d237 in MethodBind1<PoolVector<unsigned char> const&>::call(Object*, Variant const**, int, Variant::CallError&) core/method_bind.gen.inc:775
    #6 0xe158110 in ClassDB::set_property(Object*, StringName const&, Variant const&, bool*) core/class_db.cpp:1031
    #7 0xe3a8400 in Object::set(StringName const&, Variant const&, bool*) core/object.cpp:422
    #8 0xe4c4c17 in Resource::reload_from_file() core/resource.cpp:145
    #9 0x5c2f5f3 in EditorNode::_resources_reimported(Vector<String> const&) editor/editor_node.cpp:583
    #10 0x58d76e8 in MethodBind1<Vector<String> const&>::call(Object*, Variant const**, int, Variant::CallError&) core/method_bind.gen.inc:775
    #11 0xe3b8852 in Object::call(StringName const&, Variant const**, int, Variant::CallError&) core/object.cpp:921
    #12 0xe3c1f4a in Object::emit_signal(StringName const&, Variant const**, int) core/object.cpp:1218
    #13 0xe3c3e08 in Object::emit_signal(StringName const&, Variant const&, Variant const&, Variant const&, Variant const&, Variant const&) core/object.cpp:1274
    #14 0x5a0181f in EditorFileSystem::reimport_files(Vector<String> const&) editor/editor_file_system.cpp:2001
    #15 0x59be298 in EditorFileSystem::_update_scan_actions() editor/editor_file_system.cpp:590
    #16 0x59d7a74 in EditorFileSystem::_notification(int) editor/editor_file_system.cpp:1163
    #17 0x5a10479 in EditorFileSystem::_notificationv(int, bool) (/usr/bin/godots+0x5a10479)
    #18 0xe3b8dbd in Object::notification(int, bool) core/object.cpp:931
    #19 0x92e5617 in SceneTree::_notify_group_pause(StringName const&, int) scene/main/scene_tree.cpp:958
    #20 0x92d62c2 in SceneTree::idle(float) scene/main/scene_tree.cpp:516
    #21 0x156af00 in Main::iteration() main/main.cpp:1930
    #22 0x146a00c in OS_X11::run() platform/x11/os_x11.cpp:3184
    #23 0x13e6ba3 in main platform/x11/godot_x11.cpp:56
    #24 0x7f4f6a62ab6a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x26b6a)

previously allocated by thread T9 here:
    #0 0x7f4f6bf26448 in malloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10c448)
    #1 0xe94a844 in Memory::alloc_static(unsigned long, bool) core/os/memory.cpp:85
    #2 0xc863745 in AudioServer::audio_data_alloc(unsigned int, unsigned char const*) servers/audio_server.cpp:1140
    #3 0x32f73a7 in AudioStreamOGGVorbis::set_data(PoolVector<unsigned char> const&) modules/stb_vorbis/audio_stream_ogg_vorbis.cpp:212
    #4 0x331d237 in MethodBind1<PoolVector<unsigned char> const&>::call(Object*, Variant const**, int, Variant::CallError&) core/method_bind.gen.inc:775
    #5 0xe158110 in ClassDB::set_property(Object*, StringName const&, Variant const&, bool*) core/class_db.cpp:1031
    #6 0xe3a8400 in Object::set(StringName const&, Variant const&, bool*) core/object.cpp:422
    #7 0xed743f3 in ResourceInteractiveLoaderBinary::poll() core/io/resource_format_binary.cpp:745
    #8 0xeddffba in ResourceFormatLoader::load(String const&, String const&, Error*) core/io/resource_loader.cpp:197
    #9 0xede5bda in ResourceLoader::_load(String const&, String const&, String const&, bool, Error*) core/io/resource_loader.cpp:270
    #10 0xedca720 in ResourceFormatImporter::load(String const&, String const&, Error*) core/io/resource_importer.cpp:133
    #11 0xede5bda in ResourceLoader::_load(String const&, String const&, String const&, bool, Error*) core/io/resource_loader.cpp:270
    #12 0xede8980 in ResourceLoader::load(String const&, String const&, bool, Error*) core/io/resource_loader.cpp:396
    #13 0x60eb044 in EditorResourcePreviewGenerator::generate_from_path(String const&, Vector2 const&) const editor/editor_resource_preview.cpp:66
    #14 0x60f2a27 in EditorResourcePreview::_generate_preview(Ref<ImageTexture>&, Ref<ImageTexture>&, EditorResourcePreview::QueueItem const&, String const&) editor/editor_resource_preview.cpp:167
    #15 0x60f8ff4 in EditorResourcePreview::_thread() editor/editor_resource_preview.cpp:270
    #16 0x60ef9a0 in EditorResourcePreview::_thread_func(void*) editor/editor_resource_preview.cpp:107
    #17 0x4ec42fd in ThreadPosix::thread_callback(void*) drivers/unix/thread_posix.cpp:74
    #18 0x7f4f6b4b2181 in start_thread /build/glibc-KRRWSm/glibc-2.29/nptl/pthread_create.c:486

Thread T9 created by T0 here:
    #0 0x7f4f6be54311 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a311)
    #1 0x4ec47f3 in ThreadPosix::create_func_posix(void (*)(void*), void*, Thread::Settings const&) drivers/unix/thread_posix.cpp:90
    #2 0xe95ff67 in Thread::create(void (*)(void*), void*, Thread::Settings const&) core/os/thread.cpp:51
    #3 0x6103067 in EditorResourcePreview::start() editor/editor_resource_preview.cpp:454
    #4 0x5c2ff56 in EditorNode::_sources_changed(bool) editor/editor_node.cpp:599
    #5 0x1e7b871 in MethodBind1<bool>::call(Object*, Variant const**, int, Variant::CallError&) core/method_bind.gen.inc:775
    #6 0xe3b8852 in Object::call(StringName const&, Variant const**, int, Variant::CallError&) core/object.cpp:921
    #7 0xe3c1f4a in Object::emit_signal(StringName const&, Variant const**, int) core/object.cpp:1218
    #8 0xe3c3e08 in Object::emit_signal(StringName const&, Variant const&, Variant const&, Variant const&, Variant const&, Variant const&) core/object.cpp:1274
    #9 0x59d823b in EditorFileSystem::_notification(int) editor/editor_file_system.cpp:1165
    #10 0x5a10479 in EditorFileSystem::_notificationv(int, bool) (/usr/bin/godots+0x5a10479)
    #11 0xe3b8dbd in Object::notification(int, bool) core/object.cpp:931
    #12 0x92e5617 in SceneTree::_notify_group_pause(StringName const&, int) scene/main/scene_tree.cpp:958
    #13 0x92d62c2 in SceneTree::idle(float) scene/main/scene_tree.cpp:516
    #14 0x156af00 in Main::iteration() main/main.cpp:1930
    #15 0x146a00c in OS_X11::run() platform/x11/os_x11.cpp:3184
    #16 0x13e6ba3 in main platform/x11/godot_x11.cpp:56
    #17 0x7f4f6a62ab6a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x26b6a)

SUMMARY: AddressSanitizer: heap-use-after-free thirdparty/misc/stb_vorbis.c:1298 in get8
Shadow bytes around the buggy address:
  0x0c4e801a71c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c4e801a71d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c4e801a71e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c4e801a71f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c4e801a7200: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c4e801a7210: fd fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd
  0x0c4e801a7220: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c4e801a7230: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c4e801a7240: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c4e801a7250: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c4e801a7260: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==9245==ABORTING
```
**Steps to reproduce:**
![jfile](https://user-images.githubusercontent.com/41945903/65035843-7c6f7f80-d94a-11e9-8a81-5b4b3cfdec02.gif)

**Minimal reproduction project:**
[qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq.zip](https://github.com/godotengine/godot/files/3620830/qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq.zip)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Invalid read of size 1 in AudioStreamPlaybackOGGVorbis::_mix_internal #32178

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Invalid read of size 1 in AudioStreamPlaybackOGGVorbis::_mix_internal #32178

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions