diff options
| author | Peter Wu <peter@lekensteyn.nl> | 2019-04-06 18:42:39 +0100 |
|---|---|---|
| committer | Guy Harris <guy@alum.mit.edu> | 2019-04-06 20:00:57 +0000 |
| commit | f0a2b8303a9fcd18d09e27d79bd21ac19d9da7d0 (patch) | |
| tree | 62eac2ad5fb725ca6128acfdd2cf33fadb17a54e /ui/qt/rtp_analysis_dialog.cpp | |
| parent | 3ba1c7ff7749a6c55a0e6155fd5c4fef6ca8644d (diff) | |
Revert "Get rid of the per-capture_file wtap_rec and Buffer."
This reverts commit 9445403f9558901dc54c88754ff21795ea1803f3.
cf_select_packet frees the buffer backing the dissection result
(cf->edt) which results in use-after-frees when callers try to access
the contents. See for example this call trace:
* PacketList::selectionChanged
* cf_select_packet(cap_file_, row)
* frameSelected(row) -> ByteViewTab::selectedFrameChanged
* addTab(source_name, get_data_source_tvb(source))
get_data_source_tvb returns the buffer that backs the dissection and
must remain valid even after dissection has completed. If this is not
done, then a possibly expensive redissection must be done in order to
populate the byte view. The temporary memory savings are not worth it.
Bug: 15683
Change-Id: Ia5ec2c7736cdebbac3c5bf46a4e2470c9236262d
Reviewed-on: https://code.wireshark.org/review/32758
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Diffstat (limited to 'ui/qt/rtp_analysis_dialog.cpp')
| -rw-r--r-- | ui/qt/rtp_analysis_dialog.cpp | 21 |
1 files changed, 3 insertions, 18 deletions
diff --git a/ui/qt/rtp_analysis_dialog.cpp b/ui/qt/rtp_analysis_dialog.cpp index dab1b94a5c..bc54d70820 100644 --- a/ui/qt/rtp_analysis_dialog.cpp +++ b/ui/qt/rtp_analysis_dialog.cpp @@ -1558,24 +1558,15 @@ void RtpAnalysisDialog::findStreams() frame_data *fdata = cap_file_.capFile()->current_frame; - wtap_rec rec; - Buffer buf; - wtap_rec_init(&rec); - ws_buffer_init(&buf, 1500); - if (!cf_read_record(cap_file_.capFile(), fdata, &rec, &buf)) { - wtap_rec_cleanup(&rec); - ws_buffer_free(&buf); - close(); - return; - } + if (!cf_read_record(cap_file_.capFile(), fdata)) close(); epan_dissect_t edt; epan_dissect_init(&edt, cap_file_.capFile()->epan, TRUE, FALSE); epan_dissect_prime_with_dfilter(&edt, sfcode); epan_dissect_prime_with_hfid(&edt, hfid_rtp_ssrc); - epan_dissect_run(&edt, cap_file_.capFile()->cd_t, &rec, - frame_tvbuff_new_buffer(&cap_file_.capFile()->provider, fdata, &buf), + epan_dissect_run(&edt, cap_file_.capFile()->cd_t, &cap_file_.capFile()->rec, + frame_tvbuff_new_buffer(&cap_file_.capFile()->provider, fdata, &cap_file_.capFile()->buf), fdata, NULL); /* @@ -1584,8 +1575,6 @@ void RtpAnalysisDialog::findStreams() */ if (!dfilter_apply_edt(sfcode, &edt)) { epan_dissect_cleanup(&edt); - wtap_rec_cleanup(&rec); - ws_buffer_free(&buf); dfilter_free(sfcode); err_str_ = tr("Please select an RTPv2 packet with an SSRC value"); updateWidgets(); @@ -1605,8 +1594,6 @@ void RtpAnalysisDialog::findStreams() if (gp == NULL || gp->len == 0) { /* XXX - should not happen, as the filter includes rtp.ssrc */ epan_dissect_cleanup(&edt); - wtap_rec_cleanup(&rec); - ws_buffer_free(&buf); err_str_ = tr("SSRC value not found."); updateWidgets(); return; @@ -1614,8 +1601,6 @@ void RtpAnalysisDialog::findStreams() fwd_statinfo_.id.ssrc = fvalue_get_uinteger(&((field_info *)gp->pdata[0])->value); epan_dissect_cleanup(&edt); - wtap_rec_cleanup(&rec); - ws_buffer_free(&buf); /* Register the tap listener */ memset(&tapinfo_, 0, sizeof(rtpstream_tapinfo_t)); |