I'm a bit confused - wouldn't the new instance of QByteArray simply be leaked in the example code, as opposed to destructed? C++ doesn't have automatic garbage collection...
Evan On Fri, Nov 28, 2014 at 2:13 PM, Peter Wu <[email protected]> wrote: > Hi all, > > I mostly use Wireshark GTK, but just tried the Qt UI again. A recurring > problem was an ASAN crash on shutdown. It turns out that there are many > users of this pattern: > > recent_add_cfilter(NULL, currentText().toUtf8().constData()); > > This is unsafe as currentText().toUtf8() returns a new instance of > QByteArray and constData() returns a pointer to data inside that object. > After returning, the data is destructed and a use-after-free condition > occurs. > > The more correct way to do this is to use another variable to ensure > that a reference is held to that QByteArray: > > QByteArray text_utf8 = currentText().toUtf8(); > recent_add_cfilter(NULL, text_utf8.constData()); > > See also the commit message at https://code.wireshark.org/review/5528/ > Please avoid this pattern in the future, and watch it during reviews. > -- > Kind regards, > Peter > https://lekensteyn.nl > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected]?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
