Wireshark · Wireshark-dev: [Wireshark-dev] Crash in epan/geoip

Wireshark-dev: [Wireshark-dev] Crash in epan/geoip_db.c

From: Gisle Vanem <gisle.vanem@xxxxxxxxx>

Date: Tue, 21 Feb 2017 22:09:15 +0100

Hi list.

I got a crash in epan/geoip_db.c and MSVCRT:free().
Due to the use of g_free() at line 379:

            case GEOIP_ASNUM_EDITION:
                raw_val = GeoIP_name_by_ipnum(gi, addr);
                if (raw_val) {
                    ret = db_val_to_utf_8(raw_val, gi);
                    g_free((char*)raw_val);  << line 379
                }

In my case, the 'raw_val' was not allocated by Glib, but
by MSVC's CRT directly. So shouldn't these 'g_free()' really be
'free()'? Or is the "official" GeoIP-1.6.6-win32ws.zip built using
Glib now?

This works for me:

--- a/epan/geoip_db.c 2017-02-21 20:23:21
+++ b/epan/geoip_db.c 2017-02-21 21:58:27
@@ -376,7 +376,7 @@
                 raw_val = GeoIP_name_by_ipnum(gi, addr);
                 if (raw_val) {
                     ret = db_val_to_utf_8(raw_val, gi);
-                    g_free((char*)raw_val);
+                    free((char*)raw_val);
                 }
                 break;

@@ -507,7 +507,7 @@
                 raw_val = GeoIP_name_by_ipnum_v6(gi, gaddr);
                 if (raw_val) {
                     ret = db_val_to_utf_8(raw_val, gi);
-                    g_free((char*)raw_val);
+                    free((char*)raw_val);
                 }
                 break;

-- 
--gv

Follow-Ups:
- Re: [Wireshark-dev] Crash in epan/geoip_db.c
  - From: João Valverde

Prev by Date: [Wireshark-dev] Communication between dumpcap and wireshark partially broken when using rpcap
Next by Date: Re: [Wireshark-dev] Crash in epan/geoip_db.c
Previous by thread: [Wireshark-dev] Communication between dumpcap and wireshark partially broken when using rpcap
Next by thread: Re: [Wireshark-dev] Crash in epan/geoip_db.c
Index(es):
- Date
- Thread