Fix bug #5477: fuzz-test failure found by using G_SLICE=debug-blocks.

Essentially: doing g_slice_free with the wrong 'type' for the data to be freed.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5477

svn path=/trunk/; revision=35175

diff --git a/epan/reassemble.c b/epan/reassemble.c
index 37c10f687803e5385933aaaaa1742af69bffffc8..962d825175b0f54096bb3b75dc67f3397ad238fa 100644 (file)
--- a/epan/reassemble.c
+++ b/epan/reassemble.c
@@ -312,7 +312,7 @@ fragment_free_key(void *ptr)
        fragment_key *key = (fragment_key *)ptr;
 
        if(key){
-/*
+               /*
                 * Free up the copies of the addresses from the old key.
                 */
                g_free((gpointer)key->src.data);
@@ -321,6 +321,22 @@ fragment_free_key(void *ptr)
                g_slice_free(fragment_key, key);
        }
 }
+
+static void
+dcerpc_fragment_free_key(void *ptr)
+{
+       dcerpc_fragment_key *key = (dcerpc_fragment_key *)ptr;
+
+       if(key){
+               /*
+                * Free up the copies of the addresses from the old key.
+                */
+               g_free((gpointer)key->src.data);
+               g_free((gpointer)key->dst.data);
+
+               g_slice_free(dcerpc_fragment_key, key);
+       }
+}
 #endif
 /*
  * Initialize a fragment table.
@@ -373,7 +389,7 @@ dcerpc_fragment_table_init(GHashTable **fragment_table)
 #if GLIB_CHECK_VERSION(2,10,0)
                   /* The fragment table does not exist. Create it */
                *fragment_table = g_hash_table_new_full(dcerpc_fragment_hash,
-                                                       dcerpc_fragment_equal, fragment_free_key, NULL);
+                                                       dcerpc_fragment_equal, dcerpc_fragment_free_key, NULL);
 #else
                /* The fragment table does not exist. Create it */
                   *fragment_table = g_hash_table_new(dcerpc_fragment_hash,