From 0272b9c435db6b8665504d402ce1a23325f5b409 Mon Sep 17 00:00:00 2001 From: Peter Wu Date: Tue, 29 Jul 2014 00:04:00 +0200 Subject: Fix heap-use-after-free via setlocale setlocale returns a statically-allocated memory which can be modified by subsequent calls of setlocale. This triggers a heap-use-after free in ASAN when the setlocale function is called again with the previous pointer. This was found when trying to use the "Show All Streams" option via the Telephony -> RTP menu. While at it, add some modelines Change-Id: Ide47e877ce828734fd8c5c1b064d9c505ba2b37a Reviewed-on: https://code.wireshark.org/review/3234 Reviewed-by: Peter Wu Reviewed-by: Evan Huus --- ui/gtk/rtp_stream_dlg.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) (limited to 'ui/gtk/rtp_stream_dlg.c') diff --git a/ui/gtk/rtp_stream_dlg.c b/ui/gtk/rtp_stream_dlg.c index ba707a5d76..ae89d5f10c 100644 --- a/ui/gtk/rtp_stream_dlg.c +++ b/ui/gtk/rtp_stream_dlg.c @@ -681,7 +681,7 @@ add_to_list_store(rtp_stream_info_t* strinfo) char *savelocale; /* save the current locale */ - savelocale = setlocale(LC_NUMERIC, NULL); + savelocale = g_strdup(setlocale(LC_NUMERIC, NULL)); /* switch to "C" locale to avoid problems with localized decimal separators in g_snprintf("%f") functions */ setlocale(LC_NUMERIC, "C"); @@ -718,6 +718,7 @@ add_to_list_store(rtp_stream_info_t* strinfo) /* restore previous locale setting */ setlocale(LC_NUMERIC, savelocale); + g_free(savelocale); /* Acquire an iterator */ gtk_list_store_append(list_store, &list_iter); @@ -1136,3 +1137,15 @@ register_tap_listener_rtp_stream_dlg(void) { } +/* + * Editor modelines - http://www.wireshark.org/tools/modelines.html + * + * Local variables: + * c-basic-offset: 4 + * tab-width: 8 + * indent-tabs-mode: t + * End: + * + * vi: set shiftwidth=4 tabstop=8 noexpandtab: + * :indentSize=4:tabSize=8:noTabs=false: + */ -- cgit v1.2.1