Wireshark-bugs: [Wireshark-bugs] [Bug 11573] Heap-use-after-free in Flow Graph after a capture f
Comment # 6
on bug 11573
from Guy Harris
(In reply to Pascal Quantin from comment #5)
> This would work fine as long as the capture file is not closed. But after
> looking at the code, it looks like the functions calling set_fd_time() are
> used when the capture file is opened, except for the
> sequence_analysis_dump_to_file() function. But this one cannot be called
> when the file is closed.
Yes, at least some of the cases in set_fd_time() work only if the file is still
open. If set_fd_time() calls frame_delta_abs_time(), frame_delta_abs_time ()
then calls epan_get_frame_ts(), and that calls the epan_t's get_frame_ts
routine, which is ws_get_frame_ts() for Wireshark (Qt or GTK+), and *that*
assumes there's a valid capture_file * and that its cf->frames table of
frame_data structures is valid.
So, no, you can't get the time stamp column text corresponding to a given frame
number if the capture is closed. For example, it might be "delta since
previous frame", in which case you'd need the time stamp of the previous frame,
which you don't have if you've closed the file and thrown out all the
frame_data structures.
So this is one of those dialogs you *can't* keep open even after you close a
capture file, unless, instead, we save the actual text for the time stamp
column.
BTW set_fd_time() is a *HORRIBLE* name for the function - what it should be
called is "get_frame_time_stamp_column_text() or something such as that, as
what it does is get, for the given epan_t and frame_data structure, the string
that would be used in the time column for the frame corresponding to that
frame_data structure.
You are receiving this mail because:
- You are watching all bug changes.