=================================================================
==22411==ERROR: AddressSanitizer: heap-use-after-free on address 0x6030000e6ce8 at pc 0x7f88bb4de4da bp 0x7ffc0e6bf1f0 sp 0x7ffc0e6bf1e0
READ of size 4 at 0x6030000e6ce8 thread T0
    #0 0x7f88bb4de4d9 in check_follow_fragments epan/dissectors/packet-tcp.c:836
    #1 0x7f88bb4dfc39 in follow_tcp_tap_listener epan/dissectors/packet-tcp.c:981
    #2 0x7f88bc1f9a6c in tap_push_tapped_queue epan/tap.c:374
    #3 0x7f88bc14a24e in epan_dissect_run_with_taps epan/epan.c:384
    #4 0x55a37d8236cc in add_packet_to_packet_list file.c:1120
    #5 0x55a37d82650b in rescan_packets file.c:1771
    #6 0x55a37d8251a0 in cf_filter_packets file.c:1479
    #7 0x55a37d8f3ad7 in MainWindow::filterPackets(QString, bool) ui/qt/main_window_slots.cpp:278
    #8 0x55a37db0b4b8 in MainWindow::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) ui/qt/moc_main_window.cpp:1407
    #9 0x7f88b28ef658 in QMetaObject::activate(QObject*, int, int, void**) (/usr/lib/libQt5Core.so.5+0x2b2658)
    #10 0x55a37de4aab0 in FollowStreamDialog::updateFilter(QString, bool) ui/qt/moc_follow_stream_dialog.cpp:229
    #11 0x55a37dc22ace in FollowStreamDialog::follow(QString, bool, int) ui/qt/follow_stream_dialog.cpp:901
    #12 0x55a37dc1d8a8 in FollowStreamDialog::on_streamNumberSpinBox_valueChanged(int) ui/qt/follow_stream_dialog.cpp:372
    #13 0x55a37de4a5d5 in FollowStreamDialog::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) ui/qt/moc_follow_stream_dialog.cpp:165
    #14 0x55a37de4a948 in FollowStreamDialog::qt_metacall(QMetaObject::Call, int, void**) ui/qt/moc_follow_stream_dialog.cpp:215
    #15 0x7f88b28ef7f3 in QMetaObject::activate(QObject*, int, int, void**) (/usr/lib/libQt5Core.so.5+0x2b27f3)
    #16 0x7f88b372a8dd in QSpinBox::valueChanged(int) (/usr/lib/libQt5Widgets.so.5+0x2da8dd)
    #17 0x7f88b372ac32  (/usr/lib/libQt5Widgets.so.5+0x2dac32)
    #18 0x7f88b3692969  (/usr/lib/libQt5Widgets.so.5+0x242969)
    #19 0x7f88b36945e3  (/usr/lib/libQt5Widgets.so.5+0x2445e3)
    #20 0x7f88b3694943 in QAbstractSpinBox::keyPressEvent(QKeyEvent*) (/usr/lib/libQt5Widgets.so.5+0x244943)
    #21 0x7f88b35eb646 in QWidget::event(QEvent*) (/usr/lib/libQt5Widgets.so.5+0x19b646)
    #22 0x7f88b36951da in QAbstractSpinBox::event(QEvent*) (/usr/lib/libQt5Widgets.so.5+0x2451da)
    #23 0x7f88b35a3e0b in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/usr/lib/libQt5Widgets.so.5+0x153e0b)
    #24 0x7f88b35acf55 in QApplication::notify(QObject*, QEvent*) (/usr/lib/libQt5Widgets.so.5+0x15cf55)
    #25 0x7f88b28c3ddf in QCoreApplication::notifyInternal2(QObject*, QEvent*) (/usr/lib/libQt5Core.so.5+0x286ddf)
    #26 0x7f88b360775a  (/usr/lib/libQt5Widgets.so.5+0x1b775a)
    #27 0x7f88b35a3e0b in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/usr/lib/libQt5Widgets.so.5+0x153e0b)
    #28 0x7f88b35ab580 in QApplication::notify(QObject*, QEvent*) (/usr/lib/libQt5Widgets.so.5+0x15b580)
    #29 0x7f88b28c3ddf in QCoreApplication::notifyInternal2(QObject*, QEvent*) (/usr/lib/libQt5Core.so.5+0x286ddf)
    #30 0x7f88b2e0e887 in QGuiApplicationPrivate::processKeyEvent(QWindowSystemInterfacePrivate::KeyEvent*) (/usr/lib/libQt5Gui.so.5+0xfa887)
    #31 0x7f88b2e13e64 in QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) (/usr/lib/libQt5Gui.so.5+0xffe64)
    #32 0x7f88b2df1caa in QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib/libQt5Gui.so.5+0xddcaa)
    #33 0x7f88a1f222ef  (/usr/lib/libQt5XcbQpa.so.5+0x702ef)
    #34 0x7f88c569e586 in g_main_context_dispatch (/usr/lib/libglib-2.0.so.0+0x4a586)
    #35 0x7f88c569e7ef  (/usr/lib/libglib-2.0.so.0+0x4a7ef)
    #36 0x7f88c569e89b in g_main_context_iteration (/usr/lib/libglib-2.0.so.0+0x4a89b)
    #37 0x7f88b291870e in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib/libQt5Core.so.5+0x2db70e)
    #38 0x7f88b28c2239 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib/libQt5Core.so.5+0x285239)
    #39 0x7f88b28ca73b in QCoreApplication::exec() (/usr/lib/libQt5Core.so.5+0x28d73b)
    #40 0x55a37d8165d6 in main wireshark-qt.cpp:859
    #41 0x7f88b13e8290 in __libc_start_main (/usr/lib/libc.so.6+0x20290)
    #42 0x55a37d814019 in _start (/tmp/ws-review/build/run/wireshark+0x362019)

0x6030000e6ce8 is located 8 bytes inside of 24-byte region [0x6030000e6ce0,0x6030000e6cf8)
freed by thread T0 here:
    #0 0x7f88c5fa9b00 in __interceptor_free /build/gcc-multilib/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:45
    #1 0x55a37dc1de51 in FollowStreamDialog::resetStream() ui/qt/follow_stream_dialog.cpp:415
    #2 0x55a37dc21985 in FollowStreamDialog::follow(QString, bool, int) ui/qt/follow_stream_dialog.cpp:803
    #3 0x55a37dc1d8a8 in FollowStreamDialog::on_streamNumberSpinBox_valueChanged(int) ui/qt/follow_stream_dialog.cpp:372
    #4 0x55a37de4a5d5 in FollowStreamDialog::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) ui/qt/moc_follow_stream_dialog.cpp:165
    #5 0x55a37de4a948 in FollowStreamDialog::qt_metacall(QMetaObject::Call, int, void**) ui/qt/moc_follow_stream_dialog.cpp:215
    #6 0x7f88b28ef7f3 in QMetaObject::activate(QObject*, int, int, void**) (/usr/lib/libQt5Core.so.5+0x2b27f3)
    #7 0x7f88b372a8dd in QSpinBox::valueChanged(int) (/usr/lib/libQt5Widgets.so.5+0x2da8dd)
    #8 0x617000000001  (<unknown module>)

previously allocated by thread T0 here:
    #0 0x7f88c5faa020 in __interceptor_calloc /build/gcc-multilib/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:70
    #1 0x7f88c56a3bf0 in g_malloc0 (/usr/lib/libglib-2.0.so.0+0x4fbf0)
    #2 0x7f88bc1f9a6c in tap_push_tapped_queue epan/tap.c:374
    #3 0x7f88bc14a24e in epan_dissect_run_with_taps epan/epan.c:384
    #4 0x55a37d8236cc in add_packet_to_packet_list file.c:1120
    #5 0x55a37d82650b in rescan_packets file.c:1771
    #6 0x55a37d8251a0 in cf_filter_packets file.c:1479
    #7 0x55a37d8f3ad7 in MainWindow::filterPackets(QString, bool) ui/qt/main_window_slots.cpp:278
    #8 0x55a37db0b4b8 in MainWindow::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) ui/qt/moc_main_window.cpp:1407
    #9 0x7f88b28ef658 in QMetaObject::activate(QObject*, int, int, void**) (/usr/lib/libQt5Core.so.5+0x2b2658)
    #10 0x55a37de4aab0 in FollowStreamDialog::updateFilter(QString, bool) ui/qt/moc_follow_stream_dialog.cpp:229
    #11 0x55a37dc22ace in FollowStreamDialog::follow(QString, bool, int) ui/qt/follow_stream_dialog.cpp:901
    #12 0x55a37d9097e7 in MainWindow::openFollowStreamDialog(follow_type_t) ui/qt/main_window_slots.cpp:2743
    #13 0x55a37d90984c in MainWindow::on_actionAnalyzeFollowTCPStream_triggered() ui/qt/main_window_slots.cpp:2748
    #14 0x55a37db0d55b in MainWindow::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) ui/qt/moc_main_window.cpp:1596
    #15 0x55a37db0f74c in MainWindow::qt_metacall(QMetaObject::Call, int, void**) ui/qt/moc_main_window.cpp:1844
    #16 0x7f88b28ef7f3 in QMetaObject::activate(QObject*, int, int, void**) (/usr/lib/libQt5Core.so.5+0x2b27f3)
    #17 0x7f88b359d441 in QAction::triggered(bool) (/usr/lib/libQt5Widgets.so.5+0x14d441)

SUMMARY: AddressSanitizer: heap-use-after-free epan/dissectors/packet-tcp.c:836 in check_follow_fragments
Shadow bytes around the buggy address:
  0x0c0680014d40: fa fa fd fd fd fd fa fa fd fd fd fa fa fa fd fd
  0x0c0680014d50: fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa
  0x0c0680014d60: fd fd fd fa fa fa fd fd fd fa fa fa fd fd fd fa
  0x0c0680014d70: fa fa fd fd fd fa fa fa fd fd fd fd fa fa 00 00
  0x0c0680014d80: 00 00 fa fa 00 00 00 00 fa fa fd fd fd fd fa fa
=>0x0c0680014d90: fd fd fd fa fa fa 00 00 00 fa fa fa fd[fd]fd fa
  0x0c0680014da0: fa fa 00 00 00 fa fa fa fd fd fd fa fa fa fd fd
  0x0c0680014db0: fd fd fa fa fd fd fd fa fa fa fd fd fd fa fa fa
  0x0c0680014dc0: fd fd fd fd fa fa fd fd fd fa fa fa fd fd fd fa
  0x0c0680014dd0: fa fa fd fd fd fd fa fa fd fd fd fd fa fa fd fd
  0x0c0680014de0: fd fa fa fa fd fd fd fa fa fa fd fd fd fd fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==22411==ABORTING