forked from osmocom/wireshark
2f35a811a3
When using a filter such as "ncp.alloc_reply_lvl2 == FALSE", a memory
leak would occur as follows:
1. dfilter_fvalue_from_unparsed is called and
2. ends up calling _uint64_from_unparsed
3. which fails with error message "\"FALSE\" is not a valid number.".
4. Next, mk_fvalue_from_val_string is called which maps "FALSE" to 0
5. and the filter is successfully compiled.
6. dfwork_free deliberately does not free the error message (since
there should be none at this point) and we have a memleak (from 3).
Fix this memleak by clearing the error message when a successful
value_string mapping is found.
Change-Id: I78d59a4336342b09dc5448ea994b2e1d199d7f3f
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1302
Reviewed-on: https://code.wireshark.org/review/21497
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
||
|---|---|---|
| .. | ||
| .editorconfig | ||
| CMakeLists.txt | ||
| dfilter-int.h | ||
| dfilter-macro.c | ||
| dfilter-macro.h | ||
| dfilter.c | ||
| dfilter.h | ||
| dfunctions.c | ||
| dfunctions.h | ||
| dfvm.c | ||
| dfvm.h | ||
| drange.c | ||
| drange.h | ||
| gencode.c | ||
| gencode.h | ||
| grammar.lemon | ||
| Makefile.am | ||
| scanner.l | ||
| semcheck.c | ||
| semcheck.h | ||
| sttype-function.c | ||
| sttype-function.h | ||
| sttype-integer.c | ||
| sttype-pointer.c | ||
| sttype-range.c | ||
| sttype-range.h | ||
| sttype-set.c | ||
| sttype-set.h | ||
| sttype-string.c | ||
| sttype-test.c | ||
| sttype-test.h | ||
| syntax-tree.c | ||
| syntax-tree.h | ||