epan: Free cf->edt before free cf->epan when redissecting.

This because cf->edt->pi is pointing to data allocated in wmem_file_scope and epan_free() will free all data in wmem_file_scope. In Qt packet_list_clear() we check and use cf->edt, which will give a heap-use-after-free error. Change-Id: I97d532ba976b7bc5fe2995a224ca168edf3da38b Reviewed-on: https://code.wireshark.org/review/11803 Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
author: Stig Bjørlykke <stig@bjorlykke.org> 2015-11-13 13:01:19 +0100
committer: Stig Bjørlykke <stig@bjorlykke.org> 2015-11-13 14:08:03 +0000
commit: da71ccbf778cca5d9c48e010597570a40fd190c0 (patch)
tree: 77bd02877f6da31caf7c6659bf68a58619ef8975
parent: f10433351080f2dac4450b3a0137a4bdf1605afd (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/file.c b/file.c
index b83bd27138..03617091e8 100644
--- a/file.c
+++ b/file.c
@@ -1623,6 +1623,8 @@ rescan_packets(capture_file *cf, const char *action, const char *action_item, gb
     cf->redissecting = TRUE;
 
     /* 'reset' dissection session */
+    epan_dissect_free(cf->edt);
+    cf->edt = NULL;
     epan_free(cf->epan);
     cf->epan = ws_epan_new(cf);
     cf->cinfo.epan = cf->epan;
author	Stig Bjørlykke <stig@bjorlykke.org>	2015-11-13 13:01:19 +0100
committer	Stig Bjørlykke <stig@bjorlykke.org>	2015-11-13 14:08:03 +0000
commit	da71ccbf778cca5d9c48e010597570a40fd190c0 (patch)
tree	77bd02877f6da31caf7c6659bf68a58619ef8975
parent	f10433351080f2dac4450b3a0137a4bdf1605afd (diff)