diff options
author | Tigran Mkrtchyan <tigran.mkrtchyan@desy.de> | 2016-02-23 17:13:12 +0100 |
---|---|---|
committer | Peter Wu <peter@lekensteyn.nl> | 2016-02-24 11:56:13 +0000 |
commit | f897899f6137cc471b3236719b96507471d58884 (patch) | |
tree | 41ca5915b753f115a197b6a0b869cdc5fb23ed26 /epan | |
parent | 08c3bbbbb6547f5c838c600dd942ecd5fbca1fd4 (diff) |
packet-nfs: fix double-free
fixes regression introduced by f5340b2
g_hash_table_remove will call free on object, thus there is no need for explicit g_free,
as is causes a double-free:
*** Error in `/usr/sbin/wireshark-gtk': double free or corruption (fasttop): 0x0000555556e6bf50 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x77da5)[0x7fffef80ada5]
/lib64/libc.so.6(+0x804fa)[0x7fffef8134fa]
/lib64/libc.so.6(cfree+0x4c)[0x7fffef816cac]
/lib64/libglib-2.0.so.0(g_free+0xe)[0x7ffff09665ee]
/lib64/libglib-2.0.so.0(+0x388ba)[0x7ffff094f8ba]
/lib64/libwireshark.so.6(+0x1cfb46b)[0x7ffff49d646b]
/lib64/libwireshark.so.6(+0x1d03d99)[0x7ffff49ded99]
/lib64/libwireshark.so.6(+0x173b11f)[0x7ffff441611f]
/lib64/libwireshark.so.6(+0x173bba5)[0x7ffff4416ba5]
/lib64/libwireshark.so.6(call_dissector_with_data+0x26)[0x7ffff4419ad6]
.....
The g_hash_table_insert will remove and deallocate existing entry, so we
don't need to do it at all.
Change-Id: Ide47d1f9deb3e1b0d8adefd31fc6f3bf5cbaa010
Signed-off-by: Tigran Mkrtchyan <tigran.mkrtchyan@desy.de>
Reviewed-on: https://code.wireshark.org/review/14096
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Diffstat (limited to 'epan')
-rw-r--r-- | epan/dissectors/packet-nfs.c | 21 |
1 files changed, 2 insertions, 19 deletions
diff --git a/epan/dissectors/packet-nfs.c b/epan/dissectors/packet-nfs.c index cdd9eeee18..384f6fd3ba 100644 --- a/epan/dissectors/packet-nfs.c +++ b/epan/dissectors/packet-nfs.c @@ -1058,7 +1058,7 @@ void nfs_name_snoop_add_name(int xid, tvbuff_t *tvb, int name_offset, int name_len, int parent_offset, int parent_len, const char *name) { - nfs_name_snoop_t *nns, *old_nns; + nfs_name_snoop_t *nns; const char *ptr; if (name_len <= 0) { @@ -1111,24 +1111,7 @@ nfs_name_snoop_add_name(int xid, tvbuff_t *tvb, int name_offset, int name_len, i nns->full_name_len = 0; nns->full_name = NULL; - /* remove any old entry for this */ - old_nns = (nfs_name_snoop_t *)g_hash_table_lookup(nfs_name_snoop_unmatched, GINT_TO_POINTER(xid)); - if (old_nns) { - /* if we haven't seen the reply yet, then there are no - matched entries for it, thus we can dealloc the arrays*/ - if (!old_nns->fh) { - g_free(old_nns->name); - old_nns->name = NULL; - old_nns->name_len = 0; - - g_free(old_nns->parent); - old_nns->parent = NULL; - old_nns->parent_len = 0; - } - g_free(old_nns); - g_hash_table_remove(nfs_name_snoop_unmatched, GINT_TO_POINTER(xid)); - } - + /* any old entry will be deallocated and removed */ g_hash_table_insert(nfs_name_snoop_unmatched, GINT_TO_POINTER(xid), nns); } |