Fix memory leaks involving tvb_get_string[z]().
authorcmaynard <cmaynard@f5534014-38df-0310-8fa8-9805f1628bb7>
Wed, 28 Dec 2011 16:36:57 +0000 (16:36 +0000)
committercmaynard <cmaynard@f5534014-38df-0310-8fa8-9805f1628bb7>
Wed, 28 Dec 2011 16:36:57 +0000 (16:36 +0000)
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@40312 f5534014-38df-0310-8fa8-9805f1628bb7

epan/dissectors/packet-bt-dht.c
epan/dissectors/packet-gopher.c
epan/dissectors/packet-gsm_ipa.c
epan/dissectors/packet-meta.c
epan/dissectors/packet-mux27010.c
epan/dissectors/packet-nfs.c
epan/dissectors/packet-rdp.c
epan/dissectors/packet-sametime.c
epan/dissectors/packet-ua.c
epan/dissectors/packet-xtp.c
plugins/unistim/packet-unistim.c

index 2ddd097da8be31947a8ac29400a7b11a42342940..ed242b3f92b28b8f7a3e34d1700fdb10d3f09b7b 100644 (file)
@@ -103,7 +103,7 @@ static int dissect_bencoded_string(tvbuff_t *tvb, packet_info _U_*pinfo, proto_t
   while( tvb_get_guint8(tvb,offset) != ':' )
     offset ++;
 
-  string_len = atoi( tvb_get_string(tvb,string_len_start,offset-string_len_start) );
+  string_len = atoi( tvb_get_ephemeral_string(tvb,string_len_start,offset-string_len_start) );
   /* skip the ':' */
   offset++;
 
@@ -111,7 +111,7 @@ static int dissect_bencoded_string(tvbuff_t *tvb, packet_info _U_*pinfo, proto_t
   if( tohex )
     *result = tvb_bytes_to_str(tvb, offset, string_len );
   else
-    *result = tvb_get_string( tvb, offset, string_len );
+    *result = tvb_get_ephemeral_string( tvb, offset, string_len );
 
   proto_tree_add_string_format( tree, hf_bencoded_string, tvb, offset, string_len, *result, "%s: %s", label, *result );
   offset += string_len;
@@ -134,7 +134,7 @@ static int dissect_bencoded_int(tvbuff_t *tvb, packet_info _U_*pinfo, proto_tree
   while( tvb_get_guint8(tvb,offset)!='e' )
     offset ++;
 
-  *result = tvb_get_string( tvb, offset, offset-start_offset-1 );
+  *result = tvb_get_ephemeral_string( tvb, offset, offset-start_offset-1 );
   proto_tree_add_string_format( tree, hf_bencoded_int, tvb, offset, offset-start_offset-1, *result,
     "%s: %s", label, *result );
 
@@ -240,7 +240,7 @@ static int dissect_bt_dht_values(tvbuff_t *tvb, packet_info *pinfo, proto_tree *
     while( tvb_get_guint8(tvb,offset) != ':' )
       offset ++;
 
-    string_len = atoi( tvb_get_string(tvb,string_len_start,offset-string_len_start) );
+    string_len = atoi( tvb_get_ephemeral_string(tvb,string_len_start,offset-string_len_start) );
     /* skip the ':' */
     offset++;
     /* 4 bytes ip, 2 bytes port */
@@ -293,7 +293,7 @@ static int dissect_bt_dht_nodes(tvbuff_t *tvb, packet_info *pinfo, proto_tree *t
   while( tvb_get_guint8(tvb,offset) != ':' )
     offset ++;
 
-  string_len = atoi( tvb_get_string(tvb,string_len_start,offset-string_len_start) );
+  string_len = atoi( tvb_get_ephemeral_string(tvb,string_len_start,offset-string_len_start) );
   /* skip the ':' */
   offset++;
 
index c9719e6fddff8f73e393adc02257fe857f128241..24e2a0fc9ab1b1f5c9a80e88a6e0d32769f389fc 100644 (file)
@@ -179,6 +179,7 @@ dissect_gopher(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
                 name = tvb_get_string(tvb, offset + 1, sel_start - offset - 2);
                 ti = proto_tree_add_string(gopher_tree, hf_gopher_dir_item, tvb,
                                 offset, line_len + 1, name);
+                g_free(name);
                 dir_tree = proto_item_add_subtree(ti, ett_dir_item);
                 proto_tree_add_item(dir_tree, hf_gopher_di_type, tvb, offset, 1, ENC_BIG_ENDIAN);
                 proto_tree_add_item(dir_tree, hf_gopher_di_name, tvb, offset + 1,
index 6601bc3d873f0bda535545db44b13a89c27e20ec..ba012a96f4b5a5de4f38371aa1bd49ebdd574910 100644 (file)
@@ -326,7 +326,7 @@ dissect_ipa(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
                        }
                        if (global_ipa_in_info == TRUE)
                                col_append_fstr(pinfo->cinfo, COL_INFO, "%s ",
-                                               tvb_get_stringz(next_tvb, 0, NULL));
+                                               tvb_get_ephemeral_stringz(next_tvb, 0, NULL));
                        break;
                default:
                        if (msg_type < ABISIP_RSL_MAX) {
index 27517ec58f0d977e12abb21297d3cc2e9f2a475d..fff99ba4987402e3d0dd10a35d5eb78ac4afc5d7 100644 (file)
@@ -292,6 +292,7 @@ static guint16 evaluate_meta_item_dxt(proto_tree *meta_tree, tvbuff_t *tvb, pack
             apn = tvb_get_string(tvb, offs, len);
             proto_tree_add_string(meta_tree, hf_meta_item_apn, tvb,
                 offs, len, apn);
+            g_free(apn);
             break;
         case META_ID_RAT:
             rat = tvb_get_guint8(tvb, offs);
@@ -369,11 +370,13 @@ static guint16 evaluate_meta_item_dxt(proto_tree *meta_tree, tvbuff_t *tvb, pack
             calling = tvb_get_string(tvb, offs, len);
             proto_tree_add_string(meta_tree, hf_meta_item_calling, tvb,
                 offs, len, calling);
+            g_free(calling);
             break;
         case META_ID_CALLED:
             called = tvb_get_string(tvb, offs, len);
             proto_tree_add_string(meta_tree, hf_meta_item_called, tvb,
                 offs, len, called);
+            g_free(called);
             break;
         default:
             subti = proto_tree_add_item(meta_tree, hf_meta_item, tvb, offs - 4,
index d364ea469050fbc60d6ede81bb33ac7ff475f538..131aa0b752cee1d643ce9c347683013c0c44574e 100644 (file)
@@ -248,8 +248,6 @@ static char colDestText[256];
 static char colSourceText[256];
 static char frameTypeText[64];
 
-static char information_field_content[256];
-static char *information_field;
 static char dlci_char[3];
 
 static guint8 i = 0;
@@ -741,7 +739,7 @@ getControlChannelValues(tvbuff_t *tvb, proto_tree *field_tree_ctr){
         if (controlchannel_iei == MUX27010_VALUE_CONTROLCHANNEL_TEST_IEI_MS){
             proto_tree_add_uint_format(field_tree_ctr, hf_mux27010_controlchannelvalue, tvb, offset, 1, controlchannel_value, "IEI coding: MSMUX_VERSION");
         }
-        proto_tree_add_uint_format(field_tree_ctr, hf_mux27010_controlchannelvalue, tvb, offset+1, controlchannel_length_value-1, controlchannel_value, "Value (ASCII): %s", tvb_get_string(tvb, offset+1,controlchannel_length_value-1));
+        proto_tree_add_uint_format(field_tree_ctr, hf_mux27010_controlchannelvalue, tvb, offset+1, controlchannel_length_value-1, controlchannel_value, "Value (ASCII): %s", tvb_get_ephemeral_string(tvb, offset+1,controlchannel_length_value-1));
     }
 
     /*Command pattern for Power saving control (C/R is set to 1)*/
@@ -798,14 +796,17 @@ getControlChannelValues(tvbuff_t *tvb, proto_tree *field_tree_ctr){
 /*Get values information field*/
 static void
 getFrameInformation(tvbuff_t *tvb, proto_tree *field_tree){
+    char information_field_content[52];
+    char *information_field, *save_information_field_ptr;
 
     /*Get the data from information field as string*/
     information_field = tvb_get_string(tvb,offset,length_info);
+    save_information_field_ptr = information_field;
     tmp = 0;
 
     /*Copy data from buffer to local array information_field_content*/
     /*and delete unneeded signs out of info field -> for info column: CR (0x0d) and LF (0x0a)*/
-    for (i = 0; i<length_info && i<=50; i++) {
+    for (i = 0; i<length_info && i<(sizeof(information_field_content)-1); i++) {
         /*Check every sign in information field for CR and LF*/
         if (*information_field != 0x0a && *information_field != 0x0d){
             /*Copy char to array*/
@@ -826,10 +827,11 @@ getFrameInformation(tvbuff_t *tvb, proto_tree *field_tree){
     g_snprintf(colInfoText,sizeof(colInfoText),"%s %s", colInfoText, information_field_content);
 
     /*Get pointer to begin of buffer again*/
-    information_field = tvb_get_string(tvb,offset,length_info);
+    information_field = save_information_field_ptr;
 
     /*Add info to subtree*/
     proto_tree_add_uint_format(field_tree, hf_mux27010_information, tvb, offset, length_info, controlchannel_type_command, "Information: %s",information_field);
+    g_free(information_field);
 
     /*Increment offset by the length of chars in info field*/
     offset +=length_info;
index fabdeef9362565449734b8cb5d0b7f486318e59c..48044d7a19c02bebe1f6784f298f61830a0e7323 100644 (file)
@@ -2353,6 +2353,7 @@ dissect_fhandle_data(tvbuff_t *tvb, int offset, packet_info *pinfo,
 
                fh_array = tvb_get_string(tvb, offset, fhlen);
                fhhash = crc32_ccitt(fh_array, fhlen);
+               g_free(fh_array);
 
                if(hidden){
                        fh_item=proto_tree_add_uint(tree, hf_nfs_fh_hash, NULL, 0,
@@ -8288,6 +8289,7 @@ dissect_nfs_stateid4(tvbuff_t *tvb, int offset,
 
        sidh_array = tvb_get_string(tvb, offset, 16);
        sid_hash = crc16_ccitt(sidh_array, 16);
+       g_free(sidh_array);
 
        sh_item=proto_tree_add_uint(newftree, hf_nfs_stateid4_hash, tvb, offset,
                                                                        +               16, sid_hash);
@@ -9357,6 +9359,7 @@ dissect_nfs_argop4(tvbuff_t *tvb, int offset, packet_info *pinfo,
                case NFS4_OP_RENEW:
                        clientid_array = tvb_get_string(tvb, offset, 8);
                        clientid_hash = crc16_ccitt(clientid_array, 8);
+                       g_free(clientid_array);
                        offset = dissect_rpc_uint64(tvb, newftree, hf_nfs_clientid4, offset);
                        g_string_append_printf (op_summary[ops_counter].optext, " CID: 0x%04x", clientid_hash);
 
index c628a6cdf5ac390e28b976f3b63d6ad20c033cf0..d0e71e7e02f0e1a2714c8e8dc1e9c2e8265d230e 100644 (file)
@@ -940,21 +940,21 @@ dissect_rdp_clientNetworkData(tvbuff_t *tvb, int offset, packet_info *pinfo, pro
     next_tree = proto_item_add_subtree(pi, ett_rdp_channelDefArray);
 
     if(rdp_info)
-      rdp_info->maxChannels = channelCount;
+      rdp_info->maxChannels = min(channelCount, MAX_CHANNELS);
 
-    for(i = 0; i < channelCount; i++) {
+    for(i = 0; i < min(channelCount, MAX_CHANNELS); i++) {
       if(rdp_info) {
-       rdp_info->channels[i].strptr = tvb_get_string(tvb, offset, 8);
-       rdp_info->channels[i].value = -1; /* unset */
+        rdp_info->channels[i].value = -1; /* unset */
+        rdp_info->channels[i].strptr = tvb_get_ephemeral_string(tvb, offset, 8);
       }
       offset = dissect_rdp_fields(tvb, offset, pinfo, next_tree, def_fields);
     }
 
     if(rdp_info) {
+      /* value_strings are normally terminated with a {0, NULL} entry */
+      rdp_info->channels[i].value = 0;
       rdp_info->channels[i].strptr = NULL;
-      rdp_info->channels[i].value = -1;
     }
-
   }
 
   return offset;
index 7cef0821ec3ae1e94270333f07087641e04375bb..7e91435e99af967d5f6f4828074b9a812ecec11d 100644 (file)
@@ -236,7 +236,7 @@ add_text_item(tvbuff_t *tvb, proto_tree *tree, int offset, int hf)
                        proto_tree_add_item(tree, hf_sametime_field_length, tvb, offset, 2, ENC_BIG_ENDIAN);
 
                /* add string */
-               proto_tree_add_string(tree, hf, tvb, offset + 2, length, tvb_get_string(tvb, offset + 2, length));
+               proto_tree_add_string(tree, hf, tvb, offset + 2, length, tvb_get_ephemeral_string(tvb, offset + 2, length));
        }
 
        return 2 + length;
index 132abb80e5fd095df4592dc57625add5f02a5f68..5a4d65084593c96825e16c037741d5bbed36fd07 100644 (file)
@@ -647,18 +647,18 @@ static void DissectTLV_data(tvbuff_t *pTvb, proto_tree *pTlv, guint8 u8Property)
     case 55: /*Label*/
     case 138: /*Label_138*/
         {
-            proto_item_append_text(pTlv, "'%s'", tvb_get_string(pTvb, 0, tvb_length(pTvb)));
+            proto_item_append_text(pTlv, "'%s'", tvb_get_ephemeral_string(pTvb, 0, tvb_length(pTvb)));
             proto_tree_add_item(pTlv, hf_tlv_label, pTvb, 0, -1, ENC_ASCII|ENC_NA);
 
             /* append text on NOE level */
             pNoeItem = proto_item_get_parent(pTlv);
-            proto_item_append_text(pNoeItem, ", Label='%s'", tvb_get_string(pTvb, 0, tvb_length(pTvb)));
+            proto_item_append_text(pNoeItem, ", Label='%s'", tvb_get_ephemeral_string(pTvb, 0, tvb_length(pTvb)));
             break;
         }
 
     case 143: /*Phone number*/
         {
-            proto_item_append_text(pTlv, "%s", tvb_get_string(pTvb, 0, tvb_length(pTvb)));
+            proto_item_append_text(pTlv, "%s", tvb_get_ephemeral_string(pTvb, 0, tvb_length(pTvb)));
             proto_tree_add_item(pTlv, hf_tlv_number, pTvb, 0, -1, ENC_NA);
             break;
         }
@@ -666,7 +666,7 @@ static void DissectTLV_data(tvbuff_t *pTvb, proto_tree *pTlv, guint8 u8Property)
     case 147: /*Today*/
     case 148: /*Tomorrow*/
         {
-            proto_item_append_text(pTlv, "'%s'", tvb_get_string(pTvb, 0, tvb_length(pTvb)));
+            proto_item_append_text(pTlv, "'%s'", tvb_get_ephemeral_string(pTvb, 0, tvb_length(pTvb)));
             proto_tree_add_item(pTlv, hf_tlv_data, pTvb, 0, -1, ENC_NA);
             break;
         }
index 9fc0553e9bb5ca4e5a71cec788b8f3c1400eb6bc..2b38846c9106d1f0a13d52d59c0c5ee39e9de5fb 100644 (file)
@@ -905,6 +905,7 @@ dissect_xtp_diag(tvbuff_t *tvb, proto_tree *tree, guint32 offset) {
        /* message(4) */
        proto_tree_add_string(xtp_subtree, hf_xtp_diag_msg,
                        tvb, offset, msg_len, diag->msg);
+       g_free(diag->msg);
 
        return;
 }
index 9840d137ce18a22c408ad689a8ee8ebec50eacb5..49d2acf6892dec0240e2a7c64261e2dbae72d93c 100644 (file)
@@ -1052,7 +1052,7 @@ dissect_display_switch(proto_tree *msg_tree,
          }
          if(msg_len>0){
             /* I'm guessing this will work flakily at best */
-            uinfo->string_data = tvb_get_string(tvb,offset,msg_len);
+            uinfo->string_data = tvb_get_ephemeral_string(tvb,offset,msg_len);
             set_ascii_item(msg_tree,tvb,offset,msg_len);
          }