Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 12523] New: ASAN heap-use-after free in Conversations/Endpoints dialog after a

[bugzilla-daemon@xxxxxxxxxxxxx]

Bug ID	12523
Summary	ASAN heap-use-after free in Conversations/Endpoints dialog after applying a filter
Product	Wireshark
Version	Git
Hardware	All
OS	All
Status	UNCONFIRMED
Severity	Major
Priority	Low
Component	Qt UI
Assignee	bugzilla-admin@wireshark.org
Reporter	peter@lekensteyn.nl

Created attachment 14648 [details]
wireshark v2.1.1rc0-81-gda50994 ASAN trace

Build Information:
Wireshark 2.1.1-git (v2.1.1rc0-81-gda50994 from master)

Copyright 1998-2016 Gerald Combs <gerald@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.6.1, with libpcap, with POSIX capabilities (Linux),
with libnl 3, with GLib 2.48.1, with zlib 1.2.8, without SMI, with c-ares
1.11.0, with Lua 5.2, with GnuTLS 3.4.13, with Gcrypt 1.7.0, with MIT Kerberos,
with GeoIP, with QtMultimedia, without AirPcap.

Running on Linux 4.6.2-1-ARCH, with locale C, with libpcap version 1.7.4, with
GnuTLS 3.4.13, with Gcrypt 1.7.0, with zlib 1.2.8.
Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz (with SSE4.2)

Built using gcc 6.1.1 20160602.

--
Steps to reproduce:

 1. Open a large capture file (e.g.
sharkfest16_packetchallenge/sf2016-e.pcapng)
 2. Open Conversations or Endpoints statistics dialog
 3. Wait for the dialog to fully load.
 4. Right-click one address and use "Apply as Filter" to create a new filter.
 5. Close the dialog while Wireshark is redissecting.

Expected result:
no crash.

Actual result:
use-after-free.

Other info:
the UAF does not occur when changing the display filter in the main dialog.

---

      You are receiving this mail because:

• You are watching all bug changes.