diff options
author | Stig Bjørlykke <stig@bjorlykke.org> | 2015-11-13 13:01:19 +0100 |
---|---|---|
committer | Stig Bjørlykke <stig@bjorlykke.org> | 2015-11-13 14:08:03 +0000 |
commit | da71ccbf778cca5d9c48e010597570a40fd190c0 (patch) | |
tree | 77bd02877f6da31caf7c6659bf68a58619ef8975 | |
parent | f10433351080f2dac4450b3a0137a4bdf1605afd (diff) |
epan: Free cf->edt before free cf->epan when redissecting.
This because cf->edt->pi is pointing to data allocated in
wmem_file_scope and epan_free() will free all data in wmem_file_scope.
In Qt packet_list_clear() we check and use cf->edt, which will give a
heap-use-after-free error.
Change-Id: I97d532ba976b7bc5fe2995a224ca168edf3da38b
Reviewed-on: https://code.wireshark.org/review/11803
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
-rw-r--r-- | file.c | 2 |
1 files changed, 2 insertions, 0 deletions
@@ -1623,6 +1623,8 @@ rescan_packets(capture_file *cf, const char *action, const char *action_item, gb cf->redissecting = TRUE; /* 'reset' dissection session */ + epan_dissect_free(cf->edt); + cf->edt = NULL; epan_free(cf->epan); cf->epan = ws_epan_new(cf); cf->cinfo.epan = cf->epan; |