From 6ece1c896d7b5b20aa03402e76464dec0fc2e293 Mon Sep 17 00:00:00 2001
From: Gerald Combs <gerald@wireshark.org>
Date: Mon, 9 Nov 2020 23:14:18 +0000
Subject: [PATCH] RTPS: Fixup our coherent set map.

coherent_set_tracking.coherent_set_registry_map uses a struct as a key,
but the hash and comparison routines treat keys as a sequence of bytes.
Make sure every key byte is initialized. Fixes #16994.

Call wmem_strong_hash on our key in coherent_set_key_hash_by_key instead
of creating and leaking a GBytes struct.


(cherry picked from commit 33e63d19e5496c151bad69f65cdbc7cba2b4c211)
---
 epan/dissectors/packet-rtps.c | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/epan/dissectors/packet-rtps.c b/epan/dissectors/packet-rtps.c
index 77412d7200..5c2d1c15fc 100644
--- a/epan/dissectors/packet-rtps.c
+++ b/epan/dissectors/packet-rtps.c
@@ -1893,6 +1893,8 @@ static void rtps_util_add_coherent_set_general_cases_case(
       register_entry);
   }
 
+  // The hash and compare functions treat the key as a sequence of bytes.
+  memset(&coherent_set_info_key, 0, sizeof(coherent_set_info_key));
   coherent_set_info_key.guid = coherent_set_entity_info_object->guid;
   coherent_set_info_key.coherent_set_seq_number = coherent_seq_number;
   coherent_set_info_entry = (coherent_set_info*)wmem_map_lookup(coherent_set_tracking.coherent_set_registry_map,
@@ -1972,6 +1974,8 @@ static void rtps_util_detect_coherent_set_end_empty_data_case(
     coherent_set_info *coherent_set_info_entry;
     coherent_set_key key;
 
+    // The hash and compare functions treat the key as a sequence of bytes.
+    memset(&key, 0, sizeof(key));
     key.guid = coherent_set_entity_info_object->guid;
     key.coherent_set_seq_number = coherent_set_entry->coherent_set_seq_number;
 
@@ -4540,9 +4544,7 @@ static guint hash_by_guid(gconstpointer key) {
   return g_int_hash(&(guid->app_id));
 }
 
-static gboolean compare_by_guid(gconstpointer a, gconstpointer b) {
-  const endpoint_guid * guid_a = (const endpoint_guid *) a;
-  const endpoint_guid * guid_b = (const endpoint_guid *) b;
+static gboolean compare_by_guid(gconstpointer guid_a, gconstpointer guid_b) {
   return memcmp(guid_a, guid_b, sizeof(endpoint_guid)) == 0;
 }
 
@@ -4552,15 +4554,11 @@ static guint get_domain_id_from_tcp_discovered_participants(wmem_map_t *map, end
 }
 
 static guint coherent_set_key_hash_by_key(gconstpointer key) {
-  GBytes * coherent_set_object_key_bytes = NULL;
-  coherent_set_object_key_bytes = g_bytes_new(key, sizeof(coherent_set_key));
-  return g_bytes_hash(coherent_set_object_key_bytes);
+  return wmem_strong_hash((const guint8 *)key, sizeof(coherent_set_key));
 }
 
-static gboolean compare_by_coherent_set_key(gconstpointer a, gconstpointer b) {
-  const coherent_set_key * guid_a = (const coherent_set_key *)a;
-  const coherent_set_key * guid_b = (const coherent_set_key *)b;
-  return memcmp(guid_a, guid_b, sizeof(coherent_set_key)) == 0;
+static gboolean compare_by_coherent_set_key(gconstpointer key_a, gconstpointer key_b) {
+  return memcmp(key_a, key_b, sizeof(coherent_set_key)) == 0;
 }
 
 static type_mapping * rtps_util_get_topic_info(endpoint_guid * guid) {