diff options
| author | Michael Mann <mmann78@netscape.net> | 2017-12-22 15:50:16 -0500 |
|---|---|---|
| committer | Michael Mann <mmann78@netscape.net> | 2017-12-23 01:08:31 +0000 |
| commit | 54f6df525e57513398e348b76cd7395e6a4b1298 (patch) | |
| tree | f5800f79667cffff55660897161ef3720c51d6b6 /ui/qt/rpc_service_response_time_dialog.cpp | |
| parent | 56cca5bd58a308d65e8d2a759bb02b040f5afc7e (diff) | |
RPC Service Response Time dialog: Fix crash
There were a few use-after-free situations. Fix one by using epan API
to get program name for tap structure.
tap structure shouldn't be deleted because it's needed. Will be freed
by the tap reset/free function.
Change-Id: Ia18d84340362839926036c777106ca1c6d1b18f5
Ping-Bug: 14141
Reviewed-on: https://code.wireshark.org/review/24950
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Diffstat (limited to 'ui/qt/rpc_service_response_time_dialog.cpp')
| -rw-r--r-- | ui/qt/rpc_service_response_time_dialog.cpp | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/ui/qt/rpc_service_response_time_dialog.cpp b/ui/qt/rpc_service_response_time_dialog.cpp index 2c33351af7..f47d80a8c1 100644 --- a/ui/qt/rpc_service_response_time_dialog.cpp +++ b/ui/qt/rpc_service_response_time_dialog.cpp @@ -386,7 +386,6 @@ void RpcServiceResponseTimeDialog::fillTree() { void *tap_data = NULL; const QString program_name = program_combo_->currentText(); - gchar *program_name_cptr = qstring_strdup(program_name); guint32 max_procs = 0; switch (dlg_type_) { @@ -397,8 +396,8 @@ void RpcServiceResponseTimeDialog::fillTree() guid_key *dkey = dce_name_to_uuid_key_[program_name]; dcerpcstat_tap_data_t *dtap_data = g_new0(dcerpcstat_tap_data_t, 1); dtap_data->uuid = dkey->guid; - dtap_data->prog = program_name_cptr; dtap_data->ver = (guint16) version_combo_->itemData(version_combo_->currentIndex()).toUInt(); + dtap_data->prog = dcerpc_get_proto_name(&dtap_data->uuid, dtap_data->ver); dcerpc_sub_dissector *procs = dcerpc_get_proto_sub_dissector(&(dkey->guid), dtap_data->ver); for (int i = 0; procs[i].name; i++) { @@ -414,8 +413,8 @@ void RpcServiceResponseTimeDialog::fillTree() if (!onc_name_to_program_.contains(program_name)) return; rpcstat_tap_data_t *otap_data = g_new0(rpcstat_tap_data_t, 1); - otap_data->prog = program_name_cptr; otap_data->program = onc_name_to_program_[program_name]; + otap_data->prog = rpc_prog_name(otap_data->program); otap_data->version = (guint32) version_combo_->itemData(version_combo_->currentIndex()).toUInt(); onc_rpc_num_procedures_ = -1; @@ -431,8 +430,6 @@ void RpcServiceResponseTimeDialog::fillTree() set_srt_table_param_data(srt_, tap_data); ServiceResponseTimeDialog::fillTree(); - g_free(program_name_cptr); - g_free(tap_data); } /* |