Wireshark-bugs: [Wireshark-bugs] [Bug 12437] Crash (use-after-free) when sorting a column in the
Michael Mann
changed
bug 12437
| What |
Removed |
Added |
| CC |
|
mmann78@netscape.net
|
Comment # 1
on bug 12437
from Michael Mann
I can duplicate this on 2.0.4, but not master, so I started to bisect. The Qt
GUI (SimpleStatsDialog/TapParameterDialog) has no substantial changes between
2.0 and master that I believe would cause this.
So I started looking at packet-sip.c. There are a good amount of
refactoring/renaming changes since 2.0, but if you ignore those, you end up
with something like this (just moving where export_sip_pdu is called):
diff --git a/epan/dissectors/packet-sip.c b/epan/dissectors/packet-sip.c
index 97a82fd..011f16c 100644
--- a/epan/dissectors/packet-sip.c
+++ b/epan/dissectors/packet-sip.c
@@ -2717,6 +2717,10 @@ dissect_sip_common(tvbuff_t *tvb, int offset, int
remaining_length, packet_info
col_set_str(pinfo->cinfo, COL_PROTOCOL, "SIP");
+ if (!pinfo->flags.in_error_pkt && have_tap_listener(exported_pdu_tap)) {
+ export_sip_pdu(pinfo,tvb);
+ }
+
DPRINT2(("------------------------------ dissect_sip_common
------------------------------"));
switch (line_type) {
@@ -3836,9 +3840,6 @@ dissect_sip_common(tvbuff_t *tvb, int offset, int
remaining_length, packet_info
if (!pinfo->flags.in_error_pkt)
{
tap_queue_packet(sip_tap, pinfo, stat_info);
- if(have_tap_listener(exported_pdu_tap)){
- export_sip_pdu(pinfo,tvb);
- }
}
if (datalen > 0) {
It appears to have fixed it, but I had a little trouble consistently
reproducing the crash (on 32-bit Windows) when going back/forth between
branches that had/removed this change (all on based on 2.0). But I could never
reproduce the crash with the change applied.
You are receiving this mail because:
- You are watching all bug changes.
