[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-devel] [bug #24032] pbuf realloc wander over the end of a linked l

From: Jonathan Larmour
Subject: [lwip-devel] [bug #24032] pbuf realloc wander over the end of a linked list
Date: Tue, 19 Aug 2008 02:18:01 +0000
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.13) Gecko/20060513 Fedora/1.0.8-1.1.fc3.1.legacy Firefox/1.0.8

Update of bug #24032 (project lwip):

                  Status:                    None => Need Info              
             Assigned to:                    None => jifl                   


Follow-up Comment #1:

I don't think this patch seems right.

For the first chunk of the patch, this could only help if the pbuf chain was
already corrupted. In other words, the real problem is elsewhere. If q is
NULL, that can only mean either:
a) pbuf_realloc was called with a NULL pbuf; or
b) the sum of the 'len' fields for all the pbufs in the pbuf chain did not
match p->tot_len.

For the second chunk, this is converting an error which should be caught at
development time, to a soft error which returns more cleanly and is included
in all code. But this sort of problem should be caught by developers as it
implies the caller of pbuf_header() has done something incorrect - you should
never be trying to take more bytes from the pbuf than could be there. Maybe,
again, the reason you saw this is because your pbuf chains were already

Unfortunately I think all you've done is mask some corruption.

I'll wait for your reply and give you the benefit of the doubt, rather than
closing straight away, so let me know your view.



Reply to this item at:


  Message sent via/by Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]