diff mbox series

[06/34] kernelshark: Fix used after free of QByteArray raw data

Message ID 20240114171723.14092-7-dev@benjarobin.fr (mailing list archive)
State Accepted
Commit 5714179d3185df979896b95deb85aca332de4d65
Headers show
Series Fix kernelshark issues introduced by the migration to Qt6 | expand

Commit Message

Benjamin ROBIN Jan. 14, 2024, 5:16 p.m. UTC 
In KsAdvFilteringDialog::_applyPress(), QByteArray raw data, obtained
from _filterEdit, is accessed after being freed.
Also prevent any unnecessary copy.

Signed-off-by: Benjamin ROBIN <dev@benjarobin.fr>
---
 src/KsAdvFilteringDialog.cpp | 14 +++-----------
 1 file changed, 3 insertions(+), 11 deletions(-)
diff mbox series

Patch

diff --git a/src/KsAdvFilteringDialog.cpp b/src/KsAdvFilteringDialog.cpp
index 247f912..c0d6d48 100644
--- a/src/KsAdvFilteringDialog.cpp
+++ b/src/KsAdvFilteringDialog.cpp
@@ -443,8 +443,6 @@  void KsAdvFilteringDialog::_applyPress()
 	QMapIterator<int, QString> f(_filters);
 	kshark_context *kshark_ctx(NULL);
 	kshark_data_stream *stream;
-	const char *text;
-	char *filter;
 	int i(0);
 
 	if (!kshark_instance(&kshark_ctx))
@@ -476,18 +474,12 @@  void KsAdvFilteringDialog::_applyPress()
 		emit dataReload();
 	};
 
-	text = _filterEdit.text().toLocal8Bit().data();
-	if (strlen(text) == 0) {
+	QByteArray filter = _filterEdit.text().toLocal8Bit();
+	if (filter.isEmpty()) {
 		job_done();
 		return;
 	}
 
-	filter = (char*) malloc(strlen(text) + 1);
-	strcpy(filter, text);
-
-	kshark_tep_add_filter_str(stream, filter);
-
-	free(filter);
-
+	kshark_tep_add_filter_str(stream, filter.constData());
 	job_done();
 }