Wireshark · Ethereal-dev: Re: [Ethereal-dev] Double-free tvb bug in HTTP dissector with gzipdecompression? - or in HTTP tap?

["Olivier Biot" <ethereal@xxxxxxxxxx>]

From: Olivier Biot

| From: Jerry Talkington
|
| When specifying tvb_new_subset() the subset is automatically linked
to
| the original tvbuffer's chain. Whenever the original chain will be
| freed, the subsets will be freed too. Freeing a subset before
freeing
| the original tvb may result in a "hole" of the original tvb where
| parts of the memory have been freed already.

I added a comment at the place where next_tvb is being defined as a
tvb_new_subset() so future developers will be warned.

| | I also commented out the tvb_set_free_cb(uncompr_tvb, g_free); in
| | tvbuff.c, since that seems to make the data sources in the byte
| | inspection pane disappear.  I've also marked that with XXX.
|
| That's strange. The free() callback function should only be called
| when the whole tvbuffer structure to which the other tvbuffers are
| linked (including the real data ones). Maybe there's still a
| tvb_free() call somewhere where it oughtn't be?
|
| Or should we need to increment the usage count by hand here? I'll
have
| a closer look once I have compiled the whole lot again :)

I have successfully compiled Ethereal with the aforementioned fix, and
I did not have to comment out the tvb_set_free_cb() calls for it to
work. I will double-check on a MSVC build, but I am confident that it
now works.

I also added the encoded entity into the protocol tree, so it is
possible for end-users to select the compressed bytes and only export
those (formerly you could only export the uncompressed data).

Regards,

Olivier