dfilter: fix memleak when using value_string values
When using a filter such as "ncp.alloc_reply_lvl2 == FALSE", a memory leak would occur as follows: 1. dfilter_fvalue_from_unparsed is called and 2. ends up calling _uint64_from_unparsed 3. which fails with error message "\"FALSE\" is not a valid number.". 4. Next, mk_fvalue_from_val_string is called which maps "FALSE" to 0 5. and the filter is successfully compiled. 6. dfwork_free deliberately does not free the error message (since there should be none at this point) and we have a memleak (from 3). Fix this memleak by clearing the error message when a successful value_string mapping is found. Change-Id: I78d59a4336342b09dc5448ea994b2e1d199d7f3f Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1302 Reviewed-on: https://code.wireshark.org/review/21497 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This commit is contained in:
parent
98d87038a7
commit
2f35a811a3
|
@ -717,6 +717,15 @@ check_relation_LHS_FIELD(dfwork_t *dfw, const char *relation_string,
|
|||
if (!fvalue && type2 != STTYPE_CHARCONST) {
|
||||
/* check value_string */
|
||||
fvalue = mk_fvalue_from_val_string(dfw, hfinfo1, s);
|
||||
|
||||
/*
|
||||
* Ignore previous errors if this can be mapped
|
||||
* to an item from value_string.
|
||||
*/
|
||||
if (fvalue && dfw->error_message) {
|
||||
g_free(dfw->error_message);
|
||||
dfw->error_message = NULL;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue