diff options
| author | Anders Broman <anders.broman@ericsson.com> | 2012-02-23 11:29:24 +0000 |
|---|---|---|
| committer | Anders Broman <anders.broman@ericsson.com> | 2012-02-23 11:29:24 +0000 |
| commit | 511d403ec2b24392ea29782be3030f637f3bbf16 (patch) | |
| tree | 28505bae09817ef60a84a40cb0ec8d92b9923990 | |
| parent | 416117f63ace41efda85a8efb2c583dbce42d582 (diff) | |
From Kundok Park:
new_packet_list: crash in add_byte_views from decrypted zigbee data
The cause of the crash I saw was that the add_byte_views() function in
main_proto_draw.c relies on output from previous dissector run while the
function may eventually trigger dissector to run again which wipes out the
previous output.
The patch copies the output of the dissector before calling add_byte_tab() so
that even when add_byte_tab() updates the dissector output, the loop continues
with previous dissector output.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5130
svn path=/trunk/; revision=41158
| -rw-r--r-- | ui/gtk/main_proto_draw.c | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/ui/gtk/main_proto_draw.c b/ui/gtk/main_proto_draw.c index 927d7697e6..86b37bcae5 100644 --- a/ui/gtk/main_proto_draw.c +++ b/ui/gtk/main_proto_draw.c @@ -795,6 +795,8 @@ add_byte_views(epan_dissect_t *edt, GtkWidget *tree_view, { GSList *src_le; data_source *src; + int i, count = 0; + data_source *srccpy, *srcptr; /* * Get rid of all the old notebook tabs. @@ -806,9 +808,27 @@ add_byte_views(epan_dissect_t *edt, GtkWidget *tree_view, * Add to the specified byte view notebook tabs for hex dumps * of all the data sources for the specified frame. */ + /* Note: + * The fundamental problem is that the edt->pi.data_src, etc. in the + * following loop was using the ep memory pool and while in the loop, + * any update caused by add_byte_tab() would trigger another + * epan_dissect_run() call which will reset the memory pool and invalidate + * the content of edt->pi.data_src linked list. + * As a work-around the data_src linked list may be + * copied over to a local (stack) storage. + * The other data structure, such as src->tvb and edt->tree may need be + * copied as well, but not done in this workaround. */ + for (src_le = edt->pi.data_src; src_le != NULL; src_le = src_le->next) { + count++; + } + srccpy = srcptr = (data_source *) g_malloc(count*sizeof(data_source)); for (src_le = edt->pi.data_src; src_le != NULL; src_le = src_le->next) { src = src_le->data; - add_byte_tab(byte_nb_ptr, get_data_source_name(src), src->tvb, edt->tree, + *srcptr = *src; + srcptr++; + } + for (i = 0; i < count; i++) { + add_byte_tab(byte_nb_ptr, get_data_source_name(&srccpy[i]), srccpy[i].tvb, edt->tree, tree_view); } |