epan: Free pointers to deallocated memory

When redissecting packets we call epan_free() which deallocates wmem_file_scope memory. Such memory may be used in proto_data for the currently selected packet (cf->edt) and leaves pointers to deallocated memory (cf->edt->pi.fd->pfd). Free them after epan_free() to avoid unintended usage in packet_list_clear(). Bug: 11740 Change-Id: Ia3bc54f3f34e644a98b8a7eb1addd19b8aeeaab9 Reviewed-on: https://code.wireshark.org/review/11996 Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2015-11-20 19:39:55 +01:00 · 2015-11-20 19:39:55 +01:00 · 391f11a7ec
parent e36f987c51
commit 391f11a7ec
1 changed files with 6 additions and 0 deletions
--- a/file.c
+++ b/file.c
@ -1624,6 +1624,12 @@ rescan_packets(capture_file *cf, const char *action, const char *action_item, gb

    /* 'reset' dissection session */
    epan_free(cf->epan);
+    if (cf->edt && cf->edt->pi.fd) {
+      /* All pointers in "per frame proto data" for the currently selected
+         packet are allocated in wmem_file_scope() and deallocated in epan_free().
+         Free them here to avoid unintended usage in packet_list_clear(). */
+      frame_data_destroy(cf->edt->pi.fd);
+    }
    cf->epan = ws_epan_new(cf);
    cf->cinfo.epan = cf->epan;