Re: g_mem-chunk_destroy does not free memory for GLib > 2.8

[Bill Meier <wmeier () newsguy com>]

Jeff Morriss wrote:
> Bill Meier wrote:
> > Jeff Morriss wrote:
> > > Bill Meier wrote:
> > > >    I've found at least one case wherein se_alloc'd memory
> > > >    is referenced after it's been freed. (I think this case just happens
> > > >    to work because the memory wasn't yet reassigned).
> > > I was contemplating adding an optional memory-scrubber to ensure that 
> > > we're not doing that: just writing 0xdeadbeef to the ep_ and se_ alloc'd 
> > > memory when we free it.
> > I was thinking the same thing ....
>
> I fixed a few cases of this and I'm not getting any more failures with 
> the sample captures I have.  Is the case you found fixed?

Unfortunately I don't quite remember the case I found.

Was it the "dangling pointer to se'alloc'd memory" I mentioned in bug 
#4141 ?  (If so I originally mis-interpreted the code in that there's no 
actual reference to the already freed se_alloc'd buffer).

       "Also note that currently for free_all_reassembled_fragments()
       that the 'key_arg' points to se_alloc'd memory which has already
       been freed."

> If so, should we turn on memory scrubbing while fuzz testing?

Seems like a reasonable idea to me. We'd need to watch to see how much 
time is added to the fuzz-testing. Maybe only turn on scrubbing for one 
pass ?


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe