Ensure to copy the (un)resolved (source|destination) address columns before freeing epan memory

Otherwise addresses like AT_STRINGZ using pinfo->pool are using an already freed memory block Bug: 11387 Change-Id: I615d6bf202d57a949e75ba06a39f8d3e464def2f Reviewed-on: https://code.wireshark.org/review/9744 Reviewed-by: Evan Huus <eapache@gmail.com> Petri-Dish: Evan Huus <eapache@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
author: Pascal Quantin <pascal.quantin@gmail.com> 2015-07-21 23:46:03 +0200
committer: Anders Broman <a.broman58@gmail.com> 2015-07-22 07:05:52 +0000
commit: 32d9a1d714d5d253428a5c3d5450e1d3316a9f16 (patch)
tree: ad725fe14107193d382f0a40344437a1e79a1b56
parent: 83dc308f3681a28ee943e771e3b93117901ca231 (diff)
2 files changed, 35 insertions, 35 deletions
diff --git a/ui/gtk/packet_list_store.c b/ui/gtk/packet_list_store.c
index 842497b14d..2774450ae9 100644
--- a/ui/gtk/packet_list_store.c
+++ b/ui/gtk/packet_list_store.c
@@ -662,24 +662,6 @@ packet_list_change_record(PacketList *packet_list, PacketListRecord *record, gin
 
 	col_item = &cfile.cinfo.columns[col];
 	switch (col_item->col_fmt) {
-		case COL_DEF_SRC:
-		case COL_RES_SRC:	/* COL_DEF_SRC is currently just like COL_RES_SRC */
-		case COL_UNRES_SRC:
-		case COL_DEF_DL_SRC:
-		case COL_RES_DL_SRC:
-		case COL_UNRES_DL_SRC:
-		case COL_DEF_NET_SRC:
-		case COL_RES_NET_SRC:
-		case COL_UNRES_NET_SRC:
-		case COL_DEF_DST:
-		case COL_RES_DST:	/* COL_DEF_DST is currently just like COL_RES_DST */
-		case COL_UNRES_DST:
-		case COL_DEF_DL_DST:
-		case COL_RES_DL_DST:
-		case COL_UNRES_DL_DST:
-		case COL_DEF_NET_DST:
-		case COL_RES_NET_DST:
-		case COL_UNRES_NET_DST:
 		case COL_PROTOCOL:
 		case COL_INFO:
 		case COL_IF_DIR:
@@ -702,6 +684,24 @@ packet_list_change_record(PacketList *packet_list, PacketListRecord *record, gin
 			}
 		/* !! FALL-THROUGH!! */
 
+		case COL_DEF_SRC:
+		case COL_RES_SRC:	/* COL_DEF_SRC is currently just like COL_RES_SRC */
+		case COL_UNRES_SRC:
+		case COL_DEF_DL_SRC:
+		case COL_RES_DL_SRC:
+		case COL_UNRES_DL_SRC:
+		case COL_DEF_NET_SRC:
+		case COL_RES_NET_SRC:
+		case COL_UNRES_NET_SRC:
+		case COL_DEF_DST:
+		case COL_RES_DST:	/* COL_DEF_DST is currently just like COL_RES_DST */
+		case COL_UNRES_DST:
+		case COL_DEF_DL_DST:
+		case COL_RES_DL_DST:
+		case COL_UNRES_DL_DST:
+		case COL_DEF_NET_DST:
+		case COL_RES_NET_DST:
+		case COL_UNRES_NET_DST:
 		default:
 			if(col_item->col_data){
 				col_text_len = strlen(col_item->col_data);
diff --git a/ui/qt/packet_list_record.cpp b/ui/qt/packet_list_record.cpp
index 9211f9b371..cd94014a25 100644
--- a/ui/qt/packet_list_record.cpp
+++ b/ui/qt/packet_list_record.cpp
@@ -197,6 +197,23 @@ void PacketListRecord::cacheColumnStrings(column_info *cinfo)
         }
 
         switch (cinfo->col_fmt[column]) {
+        case COL_PROTOCOL:
+        case COL_INFO:
+        case COL_IF_DIR:
+        case COL_DCE_CALL:
+        case COL_8021Q_VLAN_ID:
+        case COL_EXPERT:
+        case COL_FREQ_CHAN:
+            if (cinfo->columns[column].col_data && cinfo->columns[column].col_data != cinfo->columns[column].col_buf) {
+                /* This is a constant string, so we don't have to copy it */
+                // XXX - ui/gtk/packet_list_store.c uses G_MAXUSHORT. We don't do proper UTF8
+                // truncation in either case.
+                int col_text_len = MIN(qstrlen(cinfo->col_data[column]) + 1, COL_MAX_INFO_LEN);
+                col_text_.append(QByteArray::fromRawData(cinfo->columns[column].col_data, col_text_len));
+                break;
+            }
+            /* !! FALL-THROUGH!! */
+
         case COL_DEF_SRC:
         case COL_RES_SRC:        /* COL_DEF_SRC is currently just like COL_RES_SRC */
         case COL_UNRES_SRC:
@@ -215,23 +232,6 @@ void PacketListRecord::cacheColumnStrings(column_info *cinfo)
         case COL_DEF_NET_DST:
         case COL_RES_NET_DST:
         case COL_UNRES_NET_DST:
-        case COL_PROTOCOL:
-        case COL_INFO:
-        case COL_IF_DIR:
-        case COL_DCE_CALL:
-        case COL_8021Q_VLAN_ID:
-        case COL_EXPERT:
-        case COL_FREQ_CHAN:
-            if (cinfo->columns[column].col_data && cinfo->columns[column].col_data != cinfo->columns[column].col_buf) {
-                /* This is a constant string, so we don't have to copy it */
-                // XXX - ui/gtk/packet_list_store.c uses G_MAXUSHORT. We don't do proper UTF8
-                // truncation in either case.
-                int col_text_len = MIN(qstrlen(cinfo->col_data[column]) + 1, COL_MAX_INFO_LEN);
-                col_text_.append(QByteArray::fromRawData(cinfo->columns[column].col_data, col_text_len));
-                break;
-            }
-            /* !! FALL-THROUGH!! */
-
         default:
             if (!get_column_resolved(column) && cinfo->col_expr.col_expr_val[column]) {
                 /* Use the unresolved value in col_expr_val */
author	Pascal Quantin <pascal.quantin@gmail.com>	2015-07-21 23:46:03 +0200
committer	Anders Broman <a.broman58@gmail.com>	2015-07-22 07:05:52 +0000
commit	32d9a1d714d5d253428a5c3d5450e1d3316a9f16 (patch)
tree	ad725fe14107193d382f0a40344437a1e79a1b56
parent	83dc308f3681a28ee943e771e3b93117901ca231 (diff)