capchild: fix uninitialized data pointer on failure
authorPeter Wu <peter@lekensteyn.nl>
Mon, 29 Jun 2015 15:09:18 +0000 (17:09 +0200)
committerPeter Wu <peter@lekensteyn.nl>
Mon, 29 Jun 2015 22:48:33 +0000 (22:48 +0000)
Fixes a crash / heisenbug in wireshark-qt on startup:

    ==26808==ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed: 0x7fff8cf3bf70 in thread T0
        #0 0x7f42ce3b66da in __interceptor_free /build/gcc-multilib/src/gcc-5-20150519/libsanitizer/asan/asan_malloc_linux.cc:28
        #1 0x842847 in WirelessFrame::setChannel() ui/qt/wireless_frame.cpp:257
        #2 0x842bf5 in WirelessFrame::on_channelComboBox_activated(int) ui/qt/wireless_frame.cpp:282
        #3 0x84407d in WirelessFrame::timerEvent(QTimerEvent*) ui/qt/wireless_frame.cpp:134
        #4 0x7f42ba94ea92 in QObject::event(QEvent*) (/usr/lib/libQt5Core.so.5+0x2b0a92)
        #5 0x7f42bb6218ea in QWidget::event(QEvent*) (/usr/lib/libQt5Widgets.so.5+0x1948ea)
        #6 0x7f42bb71c16d in QFrame::event(QEvent*) (/usr/lib/libQt5Widgets.so.5+0x28f16d)
        #7 0x7f42bb5df62b in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/usr/lib/libQt5Widgets.so.5+0x15262b)
        #8 0x7f42bb5e4d0f in QApplication::notify(QObject*, QEvent*) (/usr/lib/libQt5Widgets.so.5+0x157d0f)
        #9 0x7f42ba91d57a in QCoreApplication::notifyInternal(QObject*, QEvent*) (/usr/lib/libQt5Core.so.5+0x27f57a)
        #10 0x7f42ba973b1c in QTimerInfoList::activateTimers() (/usr/lib/libQt5Core.so.5+0x2d5b1c)
        #11 0x7f42ba974020  (/usr/lib/libQt5Core.so.5+0x2d6020)
        #12 0x7f42cdde7a16 in g_main_context_dispatch (/usr/lib/libglib-2.0.so.0+0x49a16)
        #13 0x7f42cdde7c6f  (/usr/lib/libglib-2.0.so.0+0x49c6f)
        #14 0x7f42cdde7d1b in g_main_context_iteration (/usr/lib/libglib-2.0.so.0+0x49d1b)
        #15 0x7f42ba974cfe in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib/libQt5Core.so.5+0x2d6cfe)
        #16 0x56c8ba in main_window_update wireshark-qt.cpp:128
        #17 0xe4b612 in sync_pipe_open_command capchild/capture_sync.c:972
        #18 0xe4b823 in sync_pipe_run_command_actual capchild/capture_sync.c:1034
        #19 0xe4c590 in sync_pipe_run_command capchild/capture_sync.c:1211
        #20 0xe4e9a5 in sync_if_capabilities_open capchild/capture_sync.c:1356
        #21 0xe48b7a in capture_get_if_capabilities capchild/capture_ifinfo.c:249
        #22 0xdf539a in scan_local_interfaces ui/iface_lists.c:186
        #23 0xdf6a65 in fill_in_local_interfaces ui/iface_lists.c:405
        #24 0x56e49d in main wireshark-qt.cpp:1154
        #25 0x7f42b81c178f in __libc_start_main (/usr/lib/libc.so.6+0x2078f)
        #26 0x56ba58 in _start (wireshark+0x56ba58)

    AddressSanitizer can not describe address in more detail (wild memory access suspected).
    SUMMARY: AddressSanitizer: bad-free /build/gcc-multilib/src/gcc-5-20150519/libsanitizer/asan/asan_malloc_linux.cc:28 __interceptor_free

Change-Id: I63744261096b3cfd0eddcf75bcf85103a3f0788d
Reviewed-on: https://code.wireshark.org/review/9220
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
capchild/capture_sync.c

index 3a7d12f697bea60e2584d9a68da503d03eff90b7..29274d6647a77f88cb196268674a08dee1607038 100644 (file)
@@ -1079,6 +1079,7 @@ sync_pipe_run_command_actual(char** argv, gchar **data, gchar **primary_msg,
             }
         }
         *secondary_msg = NULL;
+        *data = NULL;
 
         return -1;
     }