osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

dmp: fix memleaks 

dmp_long_id_hash_table is wmem_map autoreset on file scope.
Don't put there g_strdup() data.

Valgrind log:
==15134== 8 bytes in 2 blocks are definitely lost in loss record 3,988 of 49,961
==15134==    at 0x4C29C4F: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==15134==    by 0xA94E405: g_malloc (gmem.c:97)
==15134==    by 0xA966C4E: g_strdup (gstrfuncs.c:356)
==15134==    by 0x6CFC301: dissect_mts_identifier (packet-dmp.c:2684)
==15134==    by 0x6D01A8F: dissect_dmp_envelope (packet-dmp.c:2935)
==15134==    by 0x6D01A8F: dissect_dmp (packet-dmp.c:3909)

Found by oss-fuzz.

Change-Id: I7c3896a9b64c25035fbe8b4ef6130cd693a515db
Reviewed-on: https://code.wireshark.org/review/25575
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
This commit is contained in:
Jakub Zawadzki 2018-02-03 13:31:58 +01:00 committed by Martin Kaiser
parent 2d8606b584
commit 2fecc96868
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
epan/dissectors/packet-dmp.c
View File

@ -2681,7 +2681,7 @@ static gint dissect_mts_identifier (tvbuff_t *tvb, packet_info *pinfo, proto_tre
ti = proto_tree_add_string (tree, hf_envelope_mts_id, tvb, offset, dmp.mts_id_length, mts_id);
hidden_item = proto_tree_add_string (tree, hf_mts_id, tvb, offset, dmp.mts_id_length, mts_id);
/* Insert into hash, for analysis */
wmem_map_insert (dmp_long_id_hash_table, g_strdup (mts_id), GUINT_TO_POINTER ((guint)dmp.msg_id));
wmem_map_insert (dmp_long_id_hash_table, wmem_strdup (wmem_file_scope(), mts_id), GUINT_TO_POINTER ((guint)dmp.msg_id));
}
PROTO_ITEM_SET_HIDDEN (hidden_item);
offset += dmp.mts_id_length;
@ -2737,7 +2737,7 @@ static gint dissect_ipm_identifier (tvbuff_t *tvb, packet_info *pinfo, proto_tre
ti = proto_tree_add_string (tree, hf_envelope_ipm_id, tvb, offset, ipm_id_length, ipm_id);
hidden_item = proto_tree_add_string (tree, hf_ipm_id, tvb, offset, ipm_id_length, ipm_id);
/* Insert into hash, for analysis */
wmem_map_insert (dmp_long_id_hash_table, g_strdup (ipm_id), GUINT_TO_POINTER ((guint)dmp.msg_id));
wmem_map_insert (dmp_long_id_hash_table, wmem_strdup (wmem_file_scope(), ipm_id), GUINT_TO_POINTER ((guint)dmp.msg_id));
}
PROTO_ITEM_SET_HIDDEN (hidden_item);
offset += ipm_id_length;