Double free error in windows XP sp3 #105
Description
When attempting to run decaf from a ubuntu 20.04 host, with VMI enabled with a windows XP sp3 guest, the code in VMI_remove_process() sometimes (perhaps one in every 4 closed processes) causes a double free error when it deletes the process object. This occurs with or without loading any plugins.
We have done some initial investigations, and it seems that the process_pid_map.erase(iter); in /shared/vmi.cpp on line 372, sometimes corrupts iter with pointers to a seemingly irrelevant data structure. Then on line 373 delete iter->second; attempts to free this data structure (a tcache used by malloc) instead of the process pointer it is supposed to.
The crash can be worked around by creating a copy of iter->second, i.e. process * proc = iter->second. Then using that pointer for deletion at the end of the function. However, without knowing exactly what is causing the underlying issue, we do not know what the bug might end up doing to the system over time.
Decaf was compiled from source using the instructions provide in the wiki, with only the default VMI enabled. Please let me know if any other information would help.