diff options
| author | Stig Bjørlykke <stig@bjorlykke.org> | 2015-09-05 19:39:51 +0200 |
|---|---|---|
| committer | Stig Bjørlykke <stig@bjorlykke.org> | 2015-09-08 06:30:02 +0000 |
| commit | 91d863cc1612453d4ed1c7629738d3057ea61373 (patch) | |
| tree | df83452cbec2148c970f814a935ca46ec288b4fd /ui | |
| parent | f25b8c6784e7dab61e0754159dd3202bda584da9 (diff) | |
Qt: Fix use-after-free pattern
This fixes crashes due to use of deallocated memory in:
- Export Packet Dissections
- Merge Capture Files
- Edit Packet Comment
Change-Id: I3dab8c0735eb5e642d6a4580d20bc3c81cf1345b
Reviewed-on: https://code.wireshark.org/review/10392
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Diffstat (limited to 'ui')
| -rw-r--r-- | ui/qt/export_dissection_dialog.cpp | 10 | ||||
| -rw-r--r-- | ui/qt/import_text_dialog.cpp | 5 | ||||
| -rw-r--r-- | ui/qt/main_window.cpp | 15 | ||||
| -rw-r--r-- | ui/qt/packet_list.cpp | 5 |
4 files changed, 23 insertions, 12 deletions
diff --git a/ui/qt/export_dissection_dialog.cpp b/ui/qt/export_dissection_dialog.cpp index 80360fbec3..14a7acb4e4 100644 --- a/ui/qt/export_dissection_dialog.cpp +++ b/ui/qt/export_dissection_dialog.cpp @@ -48,9 +48,9 @@ ExportDissectionDialog::ExportDissectionDialog(QWidget *parent, capture_file *ca QFileDialog(parent), export_type_(export_type), cap_file_(cap_file) - #if !defined(Q_OS_WIN) +#if !defined(Q_OS_WIN) , save_bt_(NULL) - #endif /* Q_OS_WIN */ +#endif /* Q_OS_WIN */ { #if !defined(Q_OS_WIN) QDialogButtonBox *button_box = findChild<QDialogButtonBox *>(); @@ -86,6 +86,7 @@ ExportDissectionDialog::ExportDissectionDialog(QWidget *parent, capture_file *ca fd_grid->addItem(new QSpacerItem(1, 1), last_row, 0); fd_grid->addLayout(h_box, last_row, 1); + print_args_.file = NULL; /* Init the export range */ packet_range_init(&print_args_.range, cap_file_); /* Default to displayed packets */ @@ -120,6 +121,9 @@ ExportDissectionDialog::ExportDissectionDialog(QWidget *parent, capture_file *ca ExportDissectionDialog::~ExportDissectionDialog() { +#if !defined(Q_OS_WIN) + g_free(print_args_.file); +#endif } int ExportDissectionDialog::exec() @@ -137,7 +141,7 @@ int ExportDissectionDialog::exec() /* Fill in our print (and export) args */ - print_args_.file = file_name.toUtf8().data(); + print_args_.file = qstring_strdup(file_name); print_args_.format = PR_FMT_TEXT; print_args_.to_file = TRUE; print_args_.cmd = NULL; diff --git a/ui/qt/import_text_dialog.cpp b/ui/qt/import_text_dialog.cpp index 4fe2e3e007..1ba09cf1a0 100644 --- a/ui/qt/import_text_dialog.cpp +++ b/ui/qt/import_text_dialog.cpp @@ -41,6 +41,7 @@ #include <ui_import_text_dialog.h> #include "wireshark_application.h" +#include "qt_ui_utils.h" #include <QFileDialog> #include <QDebug> @@ -213,7 +214,7 @@ int ImportTextDialog::exec() { return result(); } - import_info_.import_text_filename = g_strdup(ti_ui_->textFileLineEdit->text().toUtf8().data()); + import_info_.import_text_filename = qstring_strdup(ti_ui_->textFileLineEdit->text()); import_info_.import_text_file = ws_fopen(import_info_.import_text_filename, "rb"); if (!import_info_.import_text_file) { open_failure_alert_box(import_info_.import_text_filename, errno, FALSE); @@ -227,7 +228,7 @@ int ImportTextDialog::exec() { ti_ui_->octalOffsetButton->isChecked() ? OFFSET_OCT : OFFSET_NONE; import_info_.date_timestamp = ti_ui_->dateTimeLineEdit->text().length() > 0; - import_info_.date_timestamp_format = g_strdup(ti_ui_->dateTimeLineEdit->text().toUtf8().data()); + import_info_.date_timestamp_format = qstring_strdup(ti_ui_->dateTimeLineEdit->text()); encap_val = ti_ui_->encapComboBox->itemData(ti_ui_->encapComboBox->currentIndex()); import_info_.dummy_header_type = HEADER_NONE; diff --git a/ui/qt/main_window.cpp b/ui/qt/main_window.cpp index 620f75d4c8..a1b25ee61a 100644 --- a/ui/qt/main_window.cpp +++ b/ui/qt/main_window.cpp @@ -911,21 +911,24 @@ void MainWindow::mergeCaptureFile() tmpname = NULL; if (merge_dlg.mergeType() == 0) { /* chronological order */ - in_filenames[0] = capture_file_.capFile()->filename; - in_filenames[1] = file_name.toUtf8().data(); + in_filenames[0] = g_strdup(capture_file_.capFile()->filename); + in_filenames[1] = qstring_strdup(file_name); merge_status = cf_merge_files(&tmpname, 2, in_filenames, file_type, FALSE); } else if (merge_dlg.mergeType() <= 0) { /* prepend file */ - in_filenames[0] = file_name.toUtf8().data(); - in_filenames[1] = capture_file_.capFile()->filename; + in_filenames[0] = qstring_strdup(file_name); + in_filenames[1] = g_strdup(capture_file_.capFile()->filename); merge_status = cf_merge_files(&tmpname, 2, in_filenames, file_type, TRUE); } else { /* append file */ - in_filenames[0] = capture_file_.capFile()->filename; - in_filenames[1] = file_name.toUtf8().data(); + in_filenames[0] = g_strdup(capture_file_.capFile()->filename); + in_filenames[1] = qstring_strdup(file_name); merge_status = cf_merge_files(&tmpname, 2, in_filenames, file_type, TRUE); } + g_free(in_filenames[0]); + g_free(in_filenames[1]); + if (merge_status != CF_OK) { if (rfcode != NULL) dfilter_free(rfcode); diff --git a/ui/qt/packet_list.cpp b/ui/qt/packet_list.cpp index fa3483db80..2dea54531a 100644 --- a/ui/qt/packet_list.cpp +++ b/ui/qt/packet_list.cpp @@ -888,7 +888,7 @@ void PacketList::setPacketComment(QString new_comment) { int row = currentIndex().row(); frame_data *fdata; - gchar *new_packet_comment = new_comment.toUtf8().data(); + gchar *new_packet_comment; if (!cap_file_ || !packet_list_model_) return; @@ -899,9 +899,12 @@ void PacketList::setPacketComment(QString new_comment) /* Check if we are clearing the comment */ if(new_comment.isEmpty()) { new_packet_comment = NULL; + } else { + new_packet_comment = qstring_strdup(new_comment); } cf_set_user_packet_comment(cap_file_, fdata, new_packet_comment); + g_free(new_packet_comment); redrawVisiblePackets(); } |