Qt: Fix use-after-free pattern

QString.toUtf8() returns a QByteArray object and .constData() returns a pointer inside that object. It is not safe to store this pointer as it will become invalid after the statement. Change-Id: I8f54ede75577719008835038934e935cd5feba3f Reviewed-on: https://code.wireshark.org/review/10067 Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com> Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
author: Stig Bjørlykke <stig@bjorlykke.org> 2015-08-17 13:18:30 +0200
committer: Anders Broman <a.broman58@gmail.com> 2015-08-18 10:52:08 +0000
commit: df17ff3cac653eaf4a499ce5fd4cead59ada81a0 (patch)
tree: 2d158d9e15962b9c193b867b5c064d73ddac3551
parent: 9e7277963646b0adbf9d929bb140a111ef357493 (diff)
6 files changed, 11 insertions, 7 deletions
diff --git a/ui/qt/response_time_delay_dialog.cpp b/ui/qt/response_time_delay_dialog.cpp
index 8753c3b5c6..dd80261c3c 100644
--- a/ui/qt/response_time_delay_dialog.cpp
+++ b/ui/qt/response_time_delay_dialog.cpp
@@ -245,9 +245,10 @@ void ResponseTimeDelayDialog::fillTree()
     rtd_table_dissector_init(rtd_, &rtd_data.stat_table, NULL, NULL);
     rtd_data.user_data = this;
 
+    QString display_filter = displayFilter();
     GString *error_string = register_tap_listener(get_rtd_tap_listener_name(rtd_),
                           &rtd_data,
-                          displayFilter(),
+                          display_filter.toUtf8().constData(),
                           0,
                           tapReset,
                           get_rtd_packet_func(rtd_),
diff --git a/ui/qt/service_response_time_dialog.cpp b/ui/qt/service_response_time_dialog.cpp
index 80381acb57..b976b5f0f2 100644
--- a/ui/qt/service_response_time_dialog.cpp
+++ b/ui/qt/service_response_time_dialog.cpp
@@ -307,9 +307,10 @@ void ServiceResponseTimeDialog::fillTree()
 
     srt_table_dissector_init(srt_, srt_data.srt_array, NULL, NULL);
 
+    QString display_filter = displayFilter();
     GString *error_string = register_tap_listener(get_srt_tap_listener_name(srt_),
                           &srt_data,
-                          displayFilter(),
+                          display_filter.toUtf8().constData(),
                           0,
                           tapReset,
                           get_srt_packet_func(srt_),
diff --git a/ui/qt/simple_statistics_dialog.cpp b/ui/qt/simple_statistics_dialog.cpp
index 285c002911..265dd085d9 100644
--- a/ui/qt/simple_statistics_dialog.cpp
+++ b/ui/qt/simple_statistics_dialog.cpp
@@ -251,9 +251,10 @@ void SimpleStatisticsDialog::fillTree()
 
     stu_->stat_tap_init_cb(stu_, NULL, NULL);
 
+    QString display_filter = displayFilter();
     GString *error_string = register_tap_listener(stu_->tap_name,
                           &stat_data,
-                          displayFilter(),
+                          display_filter.toUtf8().constData(),
                           0,
                           tapReset,
                           stu_->packet_func,
diff --git a/ui/qt/stats_tree_dialog.cpp b/ui/qt/stats_tree_dialog.cpp
index 798ed32004..83fe65245e 100644
--- a/ui/qt/stats_tree_dialog.cpp
+++ b/ui/qt/stats_tree_dialog.cpp
@@ -126,7 +126,8 @@ void StatsTreeDialog::fillTree()
     if (st_) {
         stats_tree_free(st_);
     }
-    st_ = stats_tree_new(st_cfg_, NULL, displayFilter());
+    QString display_filter = displayFilter();
+    st_ = stats_tree_new(st_cfg_, NULL, display_filter.toUtf8().constData());
 
     // Add number of columns for this stats_tree
     QStringList header_labels;
diff --git a/ui/qt/tap_parameter_dialog.cpp b/ui/qt/tap_parameter_dialog.cpp
index dc44201fd9..fb2922cc10 100644
--- a/ui/qt/tap_parameter_dialog.cpp
+++ b/ui/qt/tap_parameter_dialog.cpp
@@ -146,9 +146,9 @@ QHBoxLayout *TapParameterDialog::filterLayout()
     return ui->filterLayout;
 }
 
-const char *TapParameterDialog::displayFilter()
+QString TapParameterDialog::displayFilter()
 {
-    return ui->displayFilterLineEdit->text().toUtf8().constData();
+    return ui->displayFilterLineEdit->text();
 }
 
 // This assumes that we're called before signals are connected or show()
diff --git a/ui/qt/tap_parameter_dialog.h b/ui/qt/tap_parameter_dialog.h
index 51613db31a..c9188829fb 100644
--- a/ui/qt/tap_parameter_dialog.h
+++ b/ui/qt/tap_parameter_dialog.h
@@ -76,7 +76,7 @@ protected:
 
     void showEvent(QShowEvent *);
     void contextMenuEvent(QContextMenuEvent *event);
-    const char *displayFilter();
+    QString displayFilter();
     void setDisplayFilter(const QString &filter);
     void setHint(const QString &hint);
     // Retap packets on showEvent. RPC stats need to disable this.
author	Stig Bjørlykke <stig@bjorlykke.org>	2015-08-17 13:18:30 +0200
committer	Anders Broman <a.broman58@gmail.com>	2015-08-18 10:52:08 +0000
commit	df17ff3cac653eaf4a499ce5fd4cead59ada81a0 (patch)
tree	2d158d9e15962b9c193b867b5c064d73ddac3551
parent	9e7277963646b0adbf9d929bb140a111ef357493 (diff)