Wireshark-bugs: [Wireshark-bugs] [Bug 2017] VoIP trace crashes Wireshark when specific RTP Playe

Date: Tue, 4 Dec 2007 06:47:05 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2017





------- Comment #9 from stephentfisher@xxxxxxxxx  2007-12-04 06:47 GMT -------
I finally just tracked down where the problem lies - just not the reason why
it's happening quite yet :).

In the function RTP_packet_draw in gtk/voip_calls.c, line 628 calls the
COPY_ADDRESS macro from epan/address.h for copying the source address over to
the new_gai struct.  Sometimes the g_malloc (which is using the normal malloc
call on most systems) in that macro returns the pointer address of a previously
allocated pointer a second time.  The duplicate pointer addresses are inserted
into the "the_tapinfo_struct.graph_analysis->list" list on line 641 and later
double freed (since the same pointer address is in the list twice - not
necessarily right after one another) at line 187 in function voip_calls_reset()
also of gtk/voip_calls.c.

The question now is: Why is g_malloc allocating memory for us at the same
address a second time in the same loop?  Or is there really an error occuring
in malloc that g_malloc is ignoring?


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.