Wireshark-bugs: [Wireshark-bugs] [Bug 8518] glibc detected /usr/bin/tshark: double free or corru

Date: Mon, 25 Mar 2013 01:25:22 +0000

Comment # 2 on bug 8518 from
Quick analysis: if a wiretap open function (such as libpcap_open) fails, frees
wth->priv and returns -1, the caller then calls wtap_close(wth) which tries to
free wth->priv again (unless it's null).

So, if the caller is guaranteed to call wtap_close on error then all the
individual file handlers can stop freeing their private data on error.
Otherwise they need to set the pointer to NULL after freeing so that wtap_close
doesn't try to free it again.

I suspect the former (that wtap_close is always called when a file dissector
returns error), but I haven't time to make sure at the moment.


You are receiving this mail because:
  • You are watching all bug changes.