diff options
| author | Peter Wu <peter@lekensteyn.nl> | 2014-07-29 00:04:00 +0200 |
|---|---|---|
| committer | Evan Huus <eapache@gmail.com> | 2014-07-29 01:53:32 +0000 |
| commit | 0272b9c435db6b8665504d402ce1a23325f5b409 (patch) | |
| tree | 37d6e8f1ad8906b16261f7995e9af218fcf217a7 | |
| parent | 3db115a545587f3420b9509bd4dc6097417184d5 (diff) | |
Fix heap-use-after-free via setlocale
setlocale returns a statically-allocated memory which can be modified by
subsequent calls of setlocale. This triggers a heap-use-after free in
ASAN when the setlocale function is called again with the previous
pointer.
This was found when trying to use the "Show All Streams" option via
the Telephony -> RTP menu.
While at it, add some modelines
Change-Id: Ide47e877ce828734fd8c5c1b064d9c505ba2b37a
Reviewed-on: https://code.wireshark.org/review/3234
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Evan Huus <eapache@gmail.com>
| -rw-r--r-- | echld/dispatcher.c | 13 | ||||
| -rw-r--r-- | ui/cli/tap-rtp.c | 16 | ||||
| -rw-r--r-- | ui/gtk/gui_utils.c | 3 | ||||
| -rw-r--r-- | ui/gtk/hostlist_table.c | 3 | ||||
| -rw-r--r-- | ui/gtk/iax2_analysis.c | 3 | ||||
| -rw-r--r-- | ui/gtk/mcast_stream_dlg.c | 15 | ||||
| -rw-r--r-- | ui/gtk/rtp_stream_dlg.c | 15 |
7 files changed, 61 insertions, 7 deletions
diff --git a/echld/dispatcher.c b/echld/dispatcher.c index 2286fc630a..c6176ebd9c 100644 --- a/echld/dispatcher.c +++ b/echld/dispatcher.c @@ -1062,4 +1062,15 @@ void echld_dispatcher_start(int* in_pipe_fds, int* out_pipe_fds, char* argv0, in exit(dispatcher_loop()); } - +/* + * Editor modelines - http://www.wireshark.org/tools/modelines.html + * + * Local variables: + * c-basic-offset: 4 + * tab-width: 8 + * indent-tabs-mode: t + * End: + * + * vi: set shiftwidth=4 tabstop=8 noexpandtab: + * :indentSize=4:tabSize=8:noTabs=false: + */ diff --git a/ui/cli/tap-rtp.c b/ui/cli/tap-rtp.c index 3456bacc86..11322dab84 100644 --- a/ui/cli/tap-rtp.c +++ b/ui/cli/tap-rtp.c @@ -71,7 +71,7 @@ rtp_streams_stat_draw(void *arg _U_) printf("%15s %5s %15s %5s %10s %16s %5s %12s %15s %15s %15s %s\n","Src IP addr", "Port", "Dest IP addr", "Port", "SSRC", "Payload", "Pkts", "Lost", "Max Delta(ms)", "Max Jitter(ms)", "Mean Jitter(ms)", "Problems?"); /* save the current locale */ - savelocale = setlocale(LC_NUMERIC, NULL); + savelocale = g_strdup(setlocale(LC_NUMERIC, NULL)); /* switch to "C" locale to avoid problems with localized decimal separators in g_snprintf("%f") functions */ setlocale(LC_NUMERIC, "C"); @@ -129,6 +129,7 @@ rtp_streams_stat_draw(void *arg _U_) printf("==============================================================\n"); /* restore previous locale setting */ setlocale(LC_NUMERIC, savelocale); + g_free(savelocale); } @@ -157,3 +158,16 @@ register_tap_listener_rtp_streams(void) { register_stat_cmd_arg("rtp,streams", rtp_streams_stat_init,NULL); } + +/* + * Editor modelines - http://www.wireshark.org/tools/modelines.html + * + * Local variables: + * c-basic-offset: 4 + * tab-width: 8 + * indent-tabs-mode: nil + * End: + * + * vi: set shiftwidth=4 tabstop=8 expandtab: + * :indentSize=4:tabSize=8:noTabs=true: + */ diff --git a/ui/gtk/gui_utils.c b/ui/gtk/gui_utils.c index 5d72960f3d..5643f3e1fd 100644 --- a/ui/gtk/gui_utils.c +++ b/ui/gtk/gui_utils.c @@ -1355,7 +1355,7 @@ float_data_func(GtkTreeViewColumn *column _U_, gtk_tree_model_get(model, iter, float_col, &float_val, -1); /* save the current locale */ - savelocale = setlocale(LC_NUMERIC, NULL); + savelocale = g_strdup(setlocale(LC_NUMERIC, NULL)); /* switch to "C" locale to avoid problems with localized decimal separators * in g_snprintf("%f") functions */ @@ -1364,6 +1364,7 @@ float_data_func(GtkTreeViewColumn *column _U_, g_snprintf(buf, sizeof(buf), "%.2f", float_val); /* restore previous locale setting */ setlocale(LC_NUMERIC, savelocale); + g_free(savelocale); g_object_set(renderer, "text", buf, NULL); } diff --git a/ui/gtk/hostlist_table.c b/ui/gtk/hostlist_table.c index 0f1d034fae..3f5a65adfe 100644 --- a/ui/gtk/hostlist_table.c +++ b/ui/gtk/hostlist_table.c @@ -889,7 +889,7 @@ copy_as_csv_cb(GtkWindow *copy_bt, gpointer data _U_) if (!csv.talkers) return; - savelocale = setlocale(LC_NUMERIC, NULL); + savelocale = g_strdup(setlocale(LC_NUMERIC, NULL)); setlocale(LC_NUMERIC, "C"); csv.CSV_str = g_string_new(""); @@ -917,6 +917,7 @@ copy_as_csv_cb(GtkWindow *copy_bt, gpointer data _U_) cb = gtk_clipboard_get(GDK_SELECTION_CLIPBOARD); /* Get the default clipboard */ gtk_clipboard_set_text(cb, csv.CSV_str->str, -1); /* Copy the CSV data into the clipboard */ setlocale(LC_NUMERIC, savelocale); + g_free(savelocale); g_string_free(csv.CSV_str, TRUE); /* Free the memory */ } diff --git a/ui/gtk/iax2_analysis.c b/ui/gtk/iax2_analysis.c index 9e77528e4a..2935f0f2f9 100644 --- a/ui/gtk/iax2_analysis.c +++ b/ui/gtk/iax2_analysis.c @@ -3131,7 +3131,7 @@ iax2_float_data_func (GtkTreeViewColumn *column _U_, gtk_tree_model_get(model, iter, float_col, &float_val, -1); /* save the current locale */ - savelocale = setlocale(LC_NUMERIC, NULL); + savelocale = g_strdup(setlocale(LC_NUMERIC, NULL)); /* switch to "C" locale to avoid problems with localized decimal separators * in g_snprintf("%f") functions */ @@ -3140,6 +3140,7 @@ iax2_float_data_func (GtkTreeViewColumn *column _U_, g_snprintf(buf, sizeof(buf), "%.2f", float_val); /* restore previous locale setting */ setlocale(LC_NUMERIC, savelocale); + g_free(savelocale); g_object_set(renderer, "text", buf, NULL); } diff --git a/ui/gtk/mcast_stream_dlg.c b/ui/gtk/mcast_stream_dlg.c index 545ba07571..e9c45f479b 100644 --- a/ui/gtk/mcast_stream_dlg.c +++ b/ui/gtk/mcast_stream_dlg.c @@ -369,7 +369,7 @@ add_to_list_store(mcast_stream_info_t* strinfo) char *savelocale; /* save the current locale */ - savelocale = setlocale(LC_NUMERIC, NULL); + savelocale = g_strdup(setlocale(LC_NUMERIC, NULL)); /* switch to "C" locale to avoid problems with localized decimal separators in g_snprintf("%f") functions */ setlocale(LC_NUMERIC, "C"); @@ -388,6 +388,7 @@ add_to_list_store(mcast_stream_info_t* strinfo) /* restore previous locale setting */ setlocale(LC_NUMERIC, savelocale); + g_free(savelocale); /* Acquire an iterator */ gtk_list_store_append(list_store, &list_iter); @@ -793,3 +794,15 @@ register_tap_listener_mcast_stream_dlg(void) { } +/* + * Editor modelines - http://www.wireshark.org/tools/modelines.html + * + * Local variables: + * c-basic-offset: 4 + * tab-width: 8 + * indent-tabs-mode: t + * End: + * + * vi: set shiftwidth=4 tabstop=8 noexpandtab: + * :indentSize=4:tabSize=8:noTabs=false: + */ diff --git a/ui/gtk/rtp_stream_dlg.c b/ui/gtk/rtp_stream_dlg.c index ba707a5d76..ae89d5f10c 100644 --- a/ui/gtk/rtp_stream_dlg.c +++ b/ui/gtk/rtp_stream_dlg.c @@ -681,7 +681,7 @@ add_to_list_store(rtp_stream_info_t* strinfo) char *savelocale; /* save the current locale */ - savelocale = setlocale(LC_NUMERIC, NULL); + savelocale = g_strdup(setlocale(LC_NUMERIC, NULL)); /* switch to "C" locale to avoid problems with localized decimal separators in g_snprintf("%f") functions */ setlocale(LC_NUMERIC, "C"); @@ -718,6 +718,7 @@ add_to_list_store(rtp_stream_info_t* strinfo) /* restore previous locale setting */ setlocale(LC_NUMERIC, savelocale); + g_free(savelocale); /* Acquire an iterator */ gtk_list_store_append(list_store, &list_iter); @@ -1136,3 +1137,15 @@ register_tap_listener_rtp_stream_dlg(void) { } +/* + * Editor modelines - http://www.wireshark.org/tools/modelines.html + * + * Local variables: + * c-basic-offset: 4 + * tab-width: 8 + * indent-tabs-mode: t + * End: + * + * vi: set shiftwidth=4 tabstop=8 noexpandtab: + * :indentSize=4:tabSize=8:noTabs=false: + */ |