aboutsummaryrefslogtreecommitdiffstats
path: root/epan
diff options
context:
space:
mode:
authorTigran Mkrtchyan <tigran.mkrtchyan@desy.de>2016-02-23 17:13:12 +0100
committerPeter Wu <peter@lekensteyn.nl>2016-02-24 11:56:13 +0000
commitf897899f6137cc471b3236719b96507471d58884 (patch)
tree41ca5915b753f115a197b6a0b869cdc5fb23ed26 /epan
parent08c3bbbbb6547f5c838c600dd942ecd5fbca1fd4 (diff)
packet-nfs: fix double-free
fixes regression introduced by f5340b2 g_hash_table_remove will call free on object, thus there is no need for explicit g_free, as is causes a double-free: *** Error in `/usr/sbin/wireshark-gtk': double free or corruption (fasttop): 0x0000555556e6bf50 *** ======= Backtrace: ========= /lib64/libc.so.6(+0x77da5)[0x7fffef80ada5] /lib64/libc.so.6(+0x804fa)[0x7fffef8134fa] /lib64/libc.so.6(cfree+0x4c)[0x7fffef816cac] /lib64/libglib-2.0.so.0(g_free+0xe)[0x7ffff09665ee] /lib64/libglib-2.0.so.0(+0x388ba)[0x7ffff094f8ba] /lib64/libwireshark.so.6(+0x1cfb46b)[0x7ffff49d646b] /lib64/libwireshark.so.6(+0x1d03d99)[0x7ffff49ded99] /lib64/libwireshark.so.6(+0x173b11f)[0x7ffff441611f] /lib64/libwireshark.so.6(+0x173bba5)[0x7ffff4416ba5] /lib64/libwireshark.so.6(call_dissector_with_data+0x26)[0x7ffff4419ad6] ..... The g_hash_table_insert will remove and deallocate existing entry, so we don't need to do it at all. Change-Id: Ide47d1f9deb3e1b0d8adefd31fc6f3bf5cbaa010 Signed-off-by: Tigran Mkrtchyan <tigran.mkrtchyan@desy.de> Reviewed-on: https://code.wireshark.org/review/14096 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Diffstat (limited to 'epan')
-rw-r--r--epan/dissectors/packet-nfs.c21
1 files changed, 2 insertions, 19 deletions
diff --git a/epan/dissectors/packet-nfs.c b/epan/dissectors/packet-nfs.c
index cdd9eeee18..384f6fd3ba 100644
--- a/epan/dissectors/packet-nfs.c
+++ b/epan/dissectors/packet-nfs.c
@@ -1058,7 +1058,7 @@ void
nfs_name_snoop_add_name(int xid, tvbuff_t *tvb, int name_offset, int name_len, int parent_offset,
int parent_len, const char *name)
{
- nfs_name_snoop_t *nns, *old_nns;
+ nfs_name_snoop_t *nns;
const char *ptr;
if (name_len <= 0) {
@@ -1111,24 +1111,7 @@ nfs_name_snoop_add_name(int xid, tvbuff_t *tvb, int name_offset, int name_len, i
nns->full_name_len = 0;
nns->full_name = NULL;
- /* remove any old entry for this */
- old_nns = (nfs_name_snoop_t *)g_hash_table_lookup(nfs_name_snoop_unmatched, GINT_TO_POINTER(xid));
- if (old_nns) {
- /* if we haven't seen the reply yet, then there are no
- matched entries for it, thus we can dealloc the arrays*/
- if (!old_nns->fh) {
- g_free(old_nns->name);
- old_nns->name = NULL;
- old_nns->name_len = 0;
-
- g_free(old_nns->parent);
- old_nns->parent = NULL;
- old_nns->parent_len = 0;
- }
- g_free(old_nns);
- g_hash_table_remove(nfs_name_snoop_unmatched, GINT_TO_POINTER(xid));
- }
-
+ /* any old entry will be deallocated and removed */
g_hash_table_insert(nfs_name_snoop_unmatched, GINT_TO_POINTER(xid), nns);
}