qt: fix use-after-free pattern

qstring.toUtf8() returns a QByteArray object and .constData() returns
a pointer inside that object. It is not safe to store this pointer as
it will become invalid after the statement. Store a const reference
instead. (Due to scoping differences, some are copy-assigned though.)

In the UAT dialog, strlen(bytes.constData()) has also been replaced by
bytes.size() as an optimization.

Caught by ASAN.

Change-Id: Ie09f999a32d0ef1abaa1e658b9403b74bedffc37
Reviewed-on: https://code.wireshark.org/review/5528
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>

1 files changed, 6 insertions, 2 deletions

diff --git a/ui/qt/conversation_dialog.cpp b/ui/qt/conversation_dialog.cpp
index 0821e84097..cf03f46e70 100644
--- a/ui/qt/conversation_dialog.cpp
+++ b/ui/qt/conversation_dialog.cpp
@@ -162,11 +162,13 @@ bool ConversationDialog::addTrafficTable(register_ct_t* table)
             conv_tree, SLOT(setNameResolutionEnabled(bool)));
 
     // XXX Move to ConversationTreeWidget ctor?
+    QByteArray filter_utf8;
     const char *filter = NULL;
     if (displayFilterCheckBox()->isChecked()) {
         filter = cap_file_->dfilter;
     } else if (!filter_.isEmpty()) {
-        filter = filter_.toUtf8().constData();
+        filter_utf8 = filter_.toUtf8();
+        filter = filter_utf8.constData();
     }
 
     conv_tree->trafficTreeHash()->user_data = conv_tree;
@@ -289,11 +291,13 @@ void ConversationDialog::on_displayFilterCheckBox_toggled(bool checked)
         return;
     }
 
+    QByteArray filter_utf8;
     const char *filter = NULL;
     if (checked) {
         filter = cap_file_->dfilter;
     } else if (!filter_.isEmpty()) {
-        filter = filter_.toUtf8().constData();
+        filter_utf8 = filter_.toUtf8();
+        filter = filter_utf8.constData();
     }
 
     for (int i = 0; i < trafficTableTabWidget()->count(); i++) {