[Wireshark-bugs] [Bug 16063] Deleting a column produces a crash

Tue, 07 Apr 2020 06:05:26 -0700 

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16063

Peter Wu <pe...@lekensteyn.nl> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |pe...@lekensteyn.nl
            Summary|deleting a colum produces a |Deleting a column produces
                   |crash                       |a crash

--- Comment #11 from Peter Wu <pe...@lekensteyn.nl> ---
Note: The above fix (merged in v3.3.0rc0-765-g1d20a875e4, backported as
v3.2.3rc0-36-g54b9f87d47) causes a regression. The right-most column (typically
Info) no longer stretches to the right.

To reproduce:

1. wireshark -r test/captures/dhcp.pcap
2. Resize the window on the right

Expected behavior:
The Info column stretches on the right.

Actual behavior:
The Info column stops somewhere and there is a blank space with no background
color from a certain point on.

Environment:
Arch Linux with Qt 5.14.1-2 with KDE Plasma on a laptop with a 1920x1080
display. 

As for the original issue, when I revert the patch on master
(v3.3.0rc0-962-g15dc2f6bd4) and fiddle a bit with it, it triggered an ASAN
error:

ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6210003138b0 at pc
0x55e2c3d63418 bp 0x7fffbf537d80 sp 0x7fffbf537d78
READ of size 4 at 0x6210003138b0 thread T0
    #0 0x55e2c3d63417 in resolve_column ui/packet_list_utils.c:85:36
    #1 0x55e2c3421a77 in PacketListHeader::contextMenuEvent(QContextMenuEvent*)
ui/qt/widgets/packet_list_header.cpp:199:23
    #2 0x7f48def504dd in QWidget::event(QEvent*)
(/usr/lib/libQt5Widgets.so.5+0x19f4dd)
    #3 0x7f48df001f3e in QFrame::event(QEvent*)
(/usr/lib/libQt5Widgets.so.5+0x250f3e)
    #4 0x7f48df18cadf in QAbstractItemView::viewportEvent(QEvent*)
(/usr/lib/libQt5Widgets.so.5+0x3dbadf)
    #5 0x7f48df19e05c in QHeaderView::viewportEvent(QEvent*)
(/usr/lib/libQt5Widgets.so.5+0x3ed05c)
...
0x6210003138b0 is located 80 bytes to the left of 4240-byte region
[0x621000313900,0x621000314990)
allocated by thread T0 here:
    #0 0x55e2c1eac559 in malloc (run/wireshark+0x1981559)
    #1 0x7f48ddfb2929 in g_malloc
/usr/src/debug/build/../glib/glib/gmem.c:99:13
    #2 0x7f48f1119750 in build_column_format_array epan/column.c:887:3
    #3 0x55e2c2c9b6f9 in PacketList::columnsChanged()
ui/qt/packet_list.cpp:1048:5

I do not have precise reproduction steps for this. In any case, with and
without the patch, toggling visibility of columns or removing them acts quite
quirky. This needs more investigation.

-- 
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via:    Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
             mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

Reply via email to