Wireshark-commits: [Wireshark-commits] master 759fb11: FrameInformation: fix a crash in the destruc

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>
Date: Wed, 15 Apr 2020 14:27:48 +0000
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=759fb119a723e660c712cc7f319b1e1b31a5765c
Submitter: "Anders Broman <a.broman58@xxxxxxxxx>"
Changed: branch: master
Repository: wireshark

Commits:

759fb11 by Martin Kaiser (wireshark@xxxxxxxxx):

    FrameInformation: fix a crash in the destructor
    
    It's possible to create a FrameInformation object that's not backed by
    any frame data. In this case, fi_ is NULL and loadFrameTree() does not
    run a dissection. However, we run epan_dissect_cleanup() unconditionally
    in the destructor, even if edt_ is uninitialized. This causes a crash
    when wireshark is closed.
    
    Convert edt_ into a pointer. Run the cleanup only if we ran the
    dissection before.
    
    The issue can be reproduced by applying a display filter that makes the
    list of the packets smaller than the packet list window. Right click
    onto an "empty" part of the packet list and select "Mark/Unmark Frame".
    Exiting wireshark at this point causes a segmentation fault
    
    Thread 1 "wireshark" received signal SIGSEGV, Segmentation fault.
    tvb_free_chain (tvb=0xf000e000d000c) at ../epan/tvbuff.c:124
    124			tvb_free_internal(tvb);
    (gdb) bt
     #0  tvb_free_chain (tvb=0xf000e000d000c) at ../epan/tvbuff.c:124
     #1  0x00007ffff430491e in epan_dissect_cleanup (edt=0x555558075b48) at ../epan/epan.c:648
     #2  0x00005555558fa5a6 in FrameInformation::~FrameInformation (this=0x555558075b20,
             __in_chrg=<optimized out>) at ../ui/qt/utils/frame_information.cpp:57
     #3  0x00005555558fa5e9 in FrameInformation::~FrameInformation (this=0x555558075b20,
             __in_chrg=<optimized out>) at ../ui/qt/utils/frame_information.cpp:55
     ...
     #12 0x00005555559a74f7 in PacketList::~PacketList (this=0x55555602e930,
             __in_chrg=<optimized out>) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qstring.h:1130
    
    Change-Id: I347dd4901b4e08c37008ff25ac1f20a67555d9fd
    Reviewed-on: https://code.wireshark.org/review/36825
    Reviewed-by: Martin Kaiser <wireshark@xxxxxxxxx>
    Petri-Dish: Martin Kaiser <wireshark@xxxxxxxxx>
    Tested-by: Petri Dish Buildbot
    Reviewed-by: Anders Broman <a.broman58@xxxxxxxxx>
    

Actions performed:

    from  040c31c   sshdump: Use Open dialog for SSH private key
     add  759fb11   FrameInformation: fix a crash in the destructor


Summary of changes:
 ui/qt/utils/frame_information.cpp | 26 ++++++++++++++++----------
 ui/qt/utils/frame_information.h   |  2 +-
 2 files changed, 17 insertions(+), 11 deletions(-)