diff options
| author | Peter Wu <peter@lekensteyn.nl> | 2019-01-24 12:08:57 +0100 |
|---|---|---|
| committer | Anders Broman <a.broman58@gmail.com> | 2019-01-25 04:53:10 +0000 |
| commit | 31aba351e206b31bd82614f6402f4a1de5f4c1b3 (patch) | |
| tree | e8a20d143ba119b0a3e68b211e72061f76f644ec /epan/wslua | |
| parent | 66345f008f944820425467c9fdb17155829f6489 (diff) | |
wiretap: fix memleaks with wtap_rec::opt_comment
The memory ownership of wtap_rec::opt_comment was not clear. Users of
wtap were leaking memory (editcap.c). wtap readers were not sure about
freeing old comments (erf) or simply ignored memleaks (pcapng).
To fix this, ensure opt_comment is owned by wtap_rec and free it with
wtap_rec_cleanup. The erf issue was already addressed since
cf_get_packet_comment properly duplicates wth.opt_comment memory.
- wtap file formats (readers):
- Should allocate memory for new comments.
- Should free a comment from an earlier read before writing a new one.
- Users of wth:
- Can only assume that opt_comment remains valid until the next read.
- Can assume that wtap_dump does not modify the comment.
- For random access (wtap_seek_read): should call wtap_rec_cleanup
to free the comment.
The test_tshark_z_expert_comment and test_text2pcap_sip_pcapng tests now
pass when built with ASAN.
This change was created by carefully looking at all users opt
"opt_comment" and cf_get_packet_comment. Thanks to Vasil Velichkov for
an initial patch which helped validating this version.
Bug: 7515
Change-Id: If3152d1391e7e0d9860f04f3bc2ec41a1f6cc54b
Reviewed-on: https://code.wireshark.org/review/31713
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Vasil Velichkov <vvvelichkov@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'epan/wslua')
| -rw-r--r-- | epan/wslua/wslua_dumper.c | 5 | ||||
| -rw-r--r-- | epan/wslua/wslua_frame_info.c | 1 |
2 files changed, 6 insertions, 0 deletions
diff --git a/epan/wslua/wslua_dumper.c b/epan/wslua/wslua_dumper.c index 64e4a6affd..1d9fa36ba5 100644 --- a/epan/wslua/wslua_dumper.c +++ b/epan/wslua/wslua_dumper.c @@ -440,6 +440,11 @@ WSLUA_METHOD Dumper_dump_current(lua_State* L) { rec.rec_header.packet_header.pkt_encap = lua_pinfo->rec->rec_header.packet_header.pkt_encap; rec.rec_header.packet_header.pseudo_header = *lua_pinfo->pseudo_header; + /* + * wtap_dump does not modify rec.opt_comment, so it should be possible to + * pass epan_get_user_comment() or lua_pinfo->rec->opt_comment directly. + * Temporarily duplicating the memory should not hurt though. + */ if (lua_pinfo->fd->has_user_comment) { rec.opt_comment = wmem_strdup(wmem_packet_scope(), epan_get_user_comment(lua_pinfo->epan, lua_pinfo->fd)); rec.has_comment_changed = TRUE; diff --git a/epan/wslua/wslua_frame_info.c b/epan/wslua/wslua_frame_info.c index e283bd4459..fa6359c6cf 100644 --- a/epan/wslua/wslua_frame_info.c +++ b/epan/wslua/wslua_frame_info.c @@ -207,6 +207,7 @@ WSLUA_ATTRIBUTE_NAMED_NUMBER_SETTER(FrameInfo,original_length,rec->rec_header.pa WSLUA_ATTRIBUTE_NAMED_NUMBER_GETTER(FrameInfo,encap,rec->rec_header.packet_header.pkt_encap); WSLUA_ATTRIBUTE_NAMED_NUMBER_SETTER(FrameInfo,encap,rec->rec_header.packet_header.pkt_encap,int); +// XXX rec->opt_comment is glib-allocated memory, rec is wtap_rec. What frees it? /* WSLUA_ATTRIBUTE FrameInfo_comment RW A string comment for the packet, if the `wtap_presence_flags.COMMENTS` was set in the presence flags; nil if there is no comment. */ WSLUA_ATTRIBUTE_NAMED_STRING_GETTER(FrameInfo,comment,rec->opt_comment); |