diff options
author | Evan Huus <eapache@gmail.com> | 2013-07-25 23:58:49 +0000 |
---|---|---|
committer | Evan Huus <eapache@gmail.com> | 2013-07-25 23:58:49 +0000 |
commit | 8441fff193a094e8907b0d7026f87e15600436dc (patch) | |
tree | 51a98634c61a4042511d4144ab53e283217c6e1e /asn1 | |
parent | a05f55bffc2bc7d52d3f35370a7ae1eea2b75839 (diff) |
Use the pinfo pool for adding data sources in the h245 dissector. The packet
pool is freed before the packet is displayed or otherwise processed, so adding
data sources from it leads to use-after-free errors.
Not sure why this wasn't showing up in the fuzz-bot valgrind step, there
are lots of h245 captures in the menagerie...
svn path=/trunk/; revision=50897
Diffstat (limited to 'asn1')
-rw-r--r-- | asn1/h245/h245.cnf | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/asn1/h245/h245.cnf b/asn1/h245/h245.cnf index f5de35e079..01bb44b489 100644 --- a/asn1/h245/h245.cnf +++ b/asn1/h245/h245.cnf @@ -775,7 +775,7 @@ if (h245_pi != NULL) %(DEFAULT_BODY)s gefx = gef_ctx_get(actx->private_data); if (gefx) { - buf = wmem_new(wmem_packet_scope(), guint8); + buf = wmem_new(actx->pinfo->pool, guint8); buf[0] = value; value_tvb = tvb_new_child_real_data(tvb, buf, sizeof(guint8), sizeof(guint8)); /* DEBUG */ /*proto_tree_add_text(tree, tvb, offset>>3, 0, "*** DEBUG dissector_try_string: %%s", gefx->key);*/ @@ -792,7 +792,7 @@ if (h245_pi != NULL) %(DEFAULT_BODY)s gefx = gef_ctx_get(actx->private_data); if (gefx) { - buf = (guint8 *)wmem_new(wmem_packet_scope(), guint16); + buf = (guint8 *)wmem_new(actx->pinfo->pool, guint16); phtons(buf, value); value_tvb = tvb_new_child_real_data(tvb, buf, sizeof(guint16), sizeof(guint16)); /* DEBUG */ /*proto_tree_add_text(tree, tvb, offset>>3, 0, "*** DEBUG dissector_try_string: %%s", gefx->key);*/ @@ -809,7 +809,7 @@ if (h245_pi != NULL) %(DEFAULT_BODY)s gefx = gef_ctx_get(actx->private_data); if (gefx) { - buf = (guint8 *)wmem_new(wmem_packet_scope(), guint16); + buf = (guint8 *)wmem_new(actx->pinfo->pool, guint16); phtons(buf, value); value_tvb = tvb_new_child_real_data(tvb, buf, sizeof(guint16), sizeof(guint16)); /* DEBUG */ /*proto_tree_add_text(tree, tvb, offset>>3, 0, "*** DEBUG dissector_try_string: %%s", gefx->key);*/ @@ -826,7 +826,7 @@ if (h245_pi != NULL) %(DEFAULT_BODY)s gefx = gef_ctx_get(actx->private_data); if (gefx) { - buf = (guint8 *)wmem_new(wmem_packet_scope(), guint32); + buf = (guint8 *)wmem_new(actx->pinfo->pool, guint32); phtonl(buf, value); value_tvb = tvb_new_child_real_data(tvb, buf, sizeof(guint32), sizeof(guint32)); /* DEBUG */ /*proto_tree_add_text(tree, tvb, offset>>3, 0, "*** DEBUG dissector_try_string: %%s", gefx->key);*/ @@ -843,7 +843,7 @@ if (h245_pi != NULL) %(DEFAULT_BODY)s gefx = gef_ctx_get(actx->private_data); if (gefx) { - buf = (guint8 *)wmem_new(wmem_packet_scope(), guint32); + buf = (guint8 *)wmem_new(actx->pinfo->pool, guint32); phtonl(buf, value); value_tvb = tvb_new_child_real_data(tvb, buf, sizeof(guint32), sizeof(guint32)); /* DEBUG */ /*proto_tree_add_text(tree, tvb, offset>>3, 0, "*** DEBUG dissector_try_string: %%s", gefx->key);*/ |