Double-freed memory #725
Description
The client program tries to double-free memory when it's run like this:
./client 0.0.0.0 7 0 22222 11111
client(23370,0x1fea1cc80) malloc: nano zone abandoned due to inability to reserve vm space.
usrsctp_connect: Invalid argument
Local addresses: fe80::274:7b4b:c8c7:1120, fe80::77e4:3652:239:3dd4, fe80::ce81:b1c:bd2c:69e, fe80::a011:6aa0:e76f:4fb4, fe80::78a3:24b5:f856:5f7b, fe80::729:b39b:9655:f97d, fe80::8c9d:e0ff:fe1a:c7ad, 192.168.0.149, fe80::c5b:c266:c639:1d7f, fe80::1, ::1, 127.0.0.1.
Peer addresses: .
=================================================================
==23370==ERROR: AddressSanitizer: attempting double-free on 0x612000000340 in thread T0:
#0 0x000101019480 in free+0x7c (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x3d480)
#1 0x0001008805f0 in usrsctp_freepaddrs user_socket.c:2755
#2 0x0001003e01e4 in main client.c:269
#3 0x00018f7aab48 (<unknown module>)
0x612000000340 is located 0 bytes inside of 320-byte region [0x612000000340,0x612000000480)
freed by thread T0 here:
#0 0x000101019480 in free+0x7c (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x3d480)
#1 0x000100880ba4 in usrsctp_freeladdrs user_socket.c:2834
#2 0x0001003dff48 in main client.c:221
#3 0x00018f7aab48 (<unknown module>)
previously allocated by thread T0 here:
#0 0x00010101967c in calloc+0x80 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x3d67c)
#1 0x00010088080c in usrsctp_getladdrs user_socket.c:2778
#2 0x0001003dfcc0 in main client.c:175
#3 0x00018f7aab48 (<unknown module>)
SUMMARY: AddressSanitizer: double-free user_socket.c:2755 in usrsctp_freepaddrs
==23370==ABORTINGMy guess is: here we assume that usrsctp_getladdrs and usrsctp_getpaddrs have always allocated memory, before returning >= 0.