https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16487
--- Comment #12 from Peter Wu <pe...@lekensteyn.nl> ---
While this is a bug, the problem does not seem to be very severe. It will only
crash when built with ASAN. It is a correctness issue.
Prior to the use-after-free, the file was already closed, so no data loss
should occur. The worst thing that can happen when ASAN crashes is that the
temporary file is not deleted in cf_close (which calls wtap_close first).
void
wtap_close(wtap *wth)
{
wtap_sequential_close(wth);
if (wth->subtype_close != NULL)
(*wth->subtype_close)(wth);
if (wth->random_fh != NULL)
file_close(wth->random_fh);
// at this point the file is closed and no data loss should occur.
g_free(wth->priv);
if (wth->fast_seek != NULL) {
g_ptr_array_foreach(wth->fast_seek, g_fast_seek_item_free, NULL);
g_ptr_array_free(wth->fast_seek, TRUE);
}
// use-after-free in the next line
wtap_block_array_free(wth->shb_hdrs);
wtap_block_array_free(wth->nrb_hdrs);
wtap_block_array_free(wth->interface_data);
wtap_block_array_free(wth->dsbs);
g_free(wth);
}
--
You are receiving this mail because:
You are watching all bug changes.___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
