diff options
author | Peter Wu <peter@lekensteyn.nl> | 2014-11-29 19:29:26 +0100 |
---|---|---|
committer | Gerald Combs <gerald@wireshark.org> | 2014-12-01 00:56:26 +0000 |
commit | 18f01099694ed5c2758105f893ba37589f552717 (patch) | |
tree | 78464c882944cf12058ed99ac9829ab03c69cde8 /ui/qt/endpoint_dialog.cpp | |
parent | 846bb5394812c39359dfdbbf7e8755a7e3cf5326 (diff) | |
download | wireshark-18f01099694ed5c2758105f893ba37589f552717.tar.gz |
qt: fix use-after-free pattern
qstring.toUtf8() returns a QByteArray object and .constData() returns
a pointer inside that object. It is not safe to store this pointer as
it will become invalid after the statement. Store a const reference
instead. (Due to scoping differences, some are copy-assigned though.)
In the UAT dialog, strlen(bytes.constData()) has also been replaced by
bytes.size() as an optimization.
Caught by ASAN.
Change-Id: Ie09f999a32d0ef1abaa1e658b9403b74bedffc37
Reviewed-on: https://code.wireshark.org/review/5528
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Diffstat (limited to 'ui/qt/endpoint_dialog.cpp')
-rw-r--r-- | ui/qt/endpoint_dialog.cpp | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/ui/qt/endpoint_dialog.cpp b/ui/qt/endpoint_dialog.cpp index ff8cd5bbea..d0450bff71 100644 --- a/ui/qt/endpoint_dialog.cpp +++ b/ui/qt/endpoint_dialog.cpp @@ -146,11 +146,13 @@ bool EndpointDialog::addTrafficTable(register_ct_t *table) endp_tree, SLOT(setNameResolutionEnabled(bool))); // XXX Move to ConversationTreeWidget ctor? + QByteArray filter_utf8; const char *filter = NULL; if (displayFilterCheckBox()->isChecked()) { filter = cap_file_->dfilter; } else if (!filter_.isEmpty()) { - filter = filter_.toUtf8().constData(); + filter_utf8 = filter_.toUtf8(); + filter = filter_utf8.constData(); } endp_tree->trafficTreeHash()->user_data = endp_tree; |