URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f0a2b8303a9fcd18d09e27d79bd21ac19d9da7d0
Submitter: "Guy Harris <guy@xxxxxxxxxxxx>"
Changed: branch: master
Repository: wireshark
Commits:
f0a2b83 by Peter Wu (peter@xxxxxxxxxxxxx):
Revert "Get rid of the per-capture_file wtap_rec and Buffer."
This reverts commit 9445403f9558901dc54c88754ff21795ea1803f3.
cf_select_packet frees the buffer backing the dissection result
(cf->edt) which results in use-after-frees when callers try to access
the contents. See for example this call trace:
* PacketList::selectionChanged
* cf_select_packet(cap_file_, row)
* frameSelected(row) -> ByteViewTab::selectedFrameChanged
* addTab(source_name, get_data_source_tvb(source))
get_data_source_tvb returns the buffer that backs the dissection and
must remain valid even after dissection has completed. If this is not
done, then a possibly expensive redissection must be done in order to
populate the byte view. The temporary memory savings are not worth it.
Bug: 15683
Change-Id: Ia5ec2c7736cdebbac3c5bf46a4e2470c9236262d
Reviewed-on: https://code.wireshark.org/review/32758
Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@xxxxxxxxxxxx>
Actions performed:
from 3ba1c7f LTE RRC: upgrade dissector to v15.5.0
add f0a2b83 Revert "Get rid of the per-capture_file wtap_rec and Buffer."
Summary of changes:
cfile.h | 3 +
file.c | 165 ++++++++++++++++--------------------
file.h | 15 +++-
ui/proto_hier_stats.c | 2 +-
ui/qt/address_editor_frame.cpp | 15 +---
ui/qt/iax2_analysis_dialog.cpp | 19 +----
ui/qt/models/packet_list_record.cpp | 2 +-
ui/qt/packet_dialog.cpp | 21 ++---
ui/qt/packet_dialog.h | 2 +-
ui/qt/packet_list.cpp | 2 +-
ui/qt/rtp_analysis_dialog.cpp | 21 +----
ui/qt/utils/frame_information.cpp | 2 +-
ui/tap-rlc-graph.c | 19 +----
ui/tap-tcp-stream.c | 18 +---
14 files changed, 121 insertions(+), 185 deletions(-)