[Wireshark-dev] CaptureEvent is leaking for every event

Hi Roland and others, Since v2.5.0rc0-2085-gd5d815189d, there is a memory leak for every capture event. One of the many events (as reported by LeakSanitizer): Indirect leak of 112 byte(s) in 1 object(s) allocated from: #0 0x55641541d1a1 in operator new(unsigned long)

Re: [Wireshark-dev] allocator->in_scope

On Mar 25, 2018, at 11:35 AM, Paul Offord wrote: > I have real dissector code that builds a protocol tree and so I guess this > falls under libwireshark. Yes. > However, I also have two block read functions that are registered like this: > >

Re: [Wireshark-dev] allocator->in_scope

Thanks for the advice (and note from Evan). I haven't even begun to consider things like capinfos, mergecap, tshark, etc. I guess now is the time to think about these things. So just to clarify things here: I have real dissector code that builds a protocol tree and so I guess this falls

Re: [Wireshark-dev] allocator->in_scope

On Mar 25, 2018, at 10:39 AM, Paul Offord wrote: > Even bigger aha. Although I only have one new block in the pcapng file, when > I open the file via the file explorer dialogue, my block reader is called > twice; once to allow WS to enrich the dialogue box (I think)

Re: [Wireshark-dev] allocator->in_scope

Even bigger aha. Although I only have one new block in the pcapng file, when I open the file via the file explorer dialogue, my block reader is called twice; once to allow WS to enrich the dialogue box (I think) and a second time to read the block before dissection. I never noticed this

Re: [Wireshark-dev] allocator->in_scope

Hi Paul, that’s an interesting case you’ve found. The file scope was definitely intended for file-scoped dissection memory (which is why it is enabled in init_dissection() and not earlier in the file lifecycle) but I can definitely see the use for it in writing a block reader too. I think it is

Re: [Wireshark-dev] allocator->in_scope

Aha - whilst what I've written below is true, it doesn't accurately reflect the issue. If I start Wireshark and double click on a file in the recently opened list, part of the processing is this: cf_open() calls ws_epan_new() calls epan_new() calls init_dissection() calls

[Wireshark-dev] allocator->in_scope

Hi, Still working on my new block reader. To recap, I've defined a new pcapng block type and written a dissector. The first thing I have to do is read the new block type, and Wireshark provides a framework to do this. In the new block reader I define some space like this: