From 9d5bf53346d3ac8b9d3c37726928b41dc50400e0 Mon Sep 17 00:00:00 2001
From: Evan Huus <eapache@gmail.com>
Date: Tue, 8 Jul 2014 00:04:21 -0400
Subject: udvm: free the buffer *before* throwing the exception

Freeing it after the exception doesn't do much, for obvious reasons. Also move
the allocation a bit later, and add modelines.

This fixes one major memory leak, although on inspection this code still isn't
safe since there are exception-throwing functions called all over the place with
glib memory active. Outside the scope of this fix though.

Bug: 10265
Change-Id: I1fe272e92b92cac6b99abb84866b8ae9b582e24c
Reviewed-on: https://code.wireshark.org/review/2931
Reviewed-by: Anders Broman <a.broman58@gmail.com>
---
 epan/sigcomp-udvm.c | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/epan/sigcomp-udvm.c b/epan/sigcomp-udvm.c
index 2f5d101764..1e2373018b 100644
--- a/epan/sigcomp-udvm.c
+++ b/epan/sigcomp-udvm.c
@@ -319,8 +319,6 @@ decompress_sigcomp_message(tvbuff_t *bytecode_tvb, tvbuff_t *message_tvb, packet
 		offset++;
 
 	}
-	/* Largest allowed size for a message is UDVM_MEMORY_SIZE = 65536  */
-	out_buff = (guint8 *)g_malloc(UDVM_MEMORY_SIZE);
 	/* Start executing code */
 	current_address = udvm_start_ip;
 	input_address = 0;
@@ -328,6 +326,9 @@ decompress_sigcomp_message(tvbuff_t *bytecode_tvb, tvbuff_t *message_tvb, packet
 	proto_tree_add_text(udvm_tree, bytecode_tvb, offset, 1,"UDVM EXECUTION STARTED at Address: %u Message size %u",
 		current_address, msg_end);
 
+	/* Largest allowed size for a message is UDVM_MEMORY_SIZE = 65536  */
+	out_buff = (guint8 *)g_malloc(UDVM_MEMORY_SIZE);
+
 execute_next_instruction:
 
 	if ( used_udvm_cycles > maximum_UDVM_cycles ){
@@ -2741,8 +2742,8 @@ decompression_failure:
 
 		proto_tree_add_text(udvm_tree, bytecode_tvb, 0, -1,"DECOMPRESSION FAILURE: %s",
 				    val_to_str(result_code, result_code_vals,"Unknown (%u)"));
-		THROW(ReportedBoundsError);
 		g_free(out_buff);
+		THROW(ReportedBoundsError);
 		return NULL;
 
 }
@@ -3210,3 +3211,15 @@ decomp_dispatch_get_bits(
 
 /* end udvm */
 
+/*
+ * Editor modelines  -  http://www.wireshark.org/tools/modelines.html
+ *
+ * Local variables:
+ * c-basic-offset: 8
+ * tab-width: 8
+ * indent-tabs-mode: t
+ * End:
+ *
+ * vi: set shiftwidth=8 tabstop=8 noexpandtab:
+ * :indentSize=8:tabSize=8:noTabs=false:
+ */
-- 
cgit v1.2.1