diff options
author | Stig Bjørlykke <stig@bjorlykke.org> | 2015-09-05 19:39:51 +0200 |
---|---|---|
committer | Stig Bjørlykke <stig@bjorlykke.org> | 2015-09-08 06:30:02 +0000 |
commit | 91d863cc1612453d4ed1c7629738d3057ea61373 (patch) | |
tree | df83452cbec2148c970f814a935ca46ec288b4fd /ui/qt/main_window.cpp | |
parent | f25b8c6784e7dab61e0754159dd3202bda584da9 (diff) | |
download | wireshark-91d863cc1612453d4ed1c7629738d3057ea61373.tar.gz |
Qt: Fix use-after-free pattern
This fixes crashes due to use of deallocated memory in:
- Export Packet Dissections
- Merge Capture Files
- Edit Packet Comment
Change-Id: I3dab8c0735eb5e642d6a4580d20bc3c81cf1345b
Reviewed-on: https://code.wireshark.org/review/10392
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Diffstat (limited to 'ui/qt/main_window.cpp')
-rw-r--r-- | ui/qt/main_window.cpp | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/ui/qt/main_window.cpp b/ui/qt/main_window.cpp index 620f75d4c8..a1b25ee61a 100644 --- a/ui/qt/main_window.cpp +++ b/ui/qt/main_window.cpp @@ -911,21 +911,24 @@ void MainWindow::mergeCaptureFile() tmpname = NULL; if (merge_dlg.mergeType() == 0) { /* chronological order */ - in_filenames[0] = capture_file_.capFile()->filename; - in_filenames[1] = file_name.toUtf8().data(); + in_filenames[0] = g_strdup(capture_file_.capFile()->filename); + in_filenames[1] = qstring_strdup(file_name); merge_status = cf_merge_files(&tmpname, 2, in_filenames, file_type, FALSE); } else if (merge_dlg.mergeType() <= 0) { /* prepend file */ - in_filenames[0] = file_name.toUtf8().data(); - in_filenames[1] = capture_file_.capFile()->filename; + in_filenames[0] = qstring_strdup(file_name); + in_filenames[1] = g_strdup(capture_file_.capFile()->filename); merge_status = cf_merge_files(&tmpname, 2, in_filenames, file_type, TRUE); } else { /* append file */ - in_filenames[0] = capture_file_.capFile()->filename; - in_filenames[1] = file_name.toUtf8().data(); + in_filenames[0] = g_strdup(capture_file_.capFile()->filename); + in_filenames[1] = qstring_strdup(file_name); merge_status = cf_merge_files(&tmpname, 2, in_filenames, file_type, TRUE); } + g_free(in_filenames[0]); + g_free(in_filenames[1]); + if (merge_status != CF_OK) { if (rfcode != NULL) dfilter_free(rfcode); |