[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lwip-devel] [patch #9294] memp: Fix memp_overflow_check_element_underfl
From: |
Axel Lin |
Subject: |
[lwip-devel] [patch #9294] memp: Fix memp_overflow_check_element_underflow/overflow assertion |
Date: |
Thu, 23 Mar 2017 11:39:50 -0400 (EDT) |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 |
Follow-up Comment #4, patch #9294 (project lwip):
Hi Simon,
Thanks a lot for your review.
I try below test:
p = LWIP_ALIGNMENT_CAST(struct memp*, ((u8_t*)p + MEMP_SIZE +
memp_pools[i]->size + MEMP_SANITY_REGION_AFTER_ALIGNED));
p1 = LWIP_ALIGNMENT_CAST(struct memp*, (size_t)((u8_t*)p + MEMP_SIZE +
memp_pools[i]->size + MEMP_SANITY_REGION_AFTER_ALIGNED));
p2 = LWIP_ALIGNMENT_CAST(struct memp*, ((u8_t*)p + MEMP_SIZE +
memp_pools[i]->size + MEMP_SANITY_REGION_AFTER_ALIGNED));
p3 = LWIP_ALIGNMENT_CAST(struct memp*, (size_t)((u8_t*)p + MEMP_SIZE +
memp_pools[i]->size + MEMP_SANITY_REGION_AFTER_ALIGNED));
p4 = LWIP_ALIGNMENT_CAST(struct memp*, ((u8_t*)p + MEMP_SIZE +
memp_pools[i]->size + MEMP_SANITY_REGION_AFTER_ALIGNED));
p5 = LWIP_ALIGNMENT_CAST(struct memp*, (size_t)((u8_t*)p + MEMP_SIZE +
memp_pools[i]->size + MEMP_SANITY_REGION_AFTER_ALIGNED));
if (p != p1) {
LWIP_PLATFORM_DIAG(("p=%p p1=%p p2=%p p3=%p p4=%p p5=%p\n", p, p1, p2,
p3, p4, p5));
Then I reset the device 5 times and got below result.
[23:23:19:097] p=0x20002d14 p1=0x20002d5c p2=0x20002d5c p3=0x20002d5c
p4=0x20002d5c p5=0x20002d5c
[23:23:21:797] p=0x20002d14 p1=0x20002d5c p2=0x20002d5c p3=0x20002d5c
p4=0x20002d5c p5=0x20002d5c
[23:23:23:172] p=0x20002d14 p1=0x20002d5c p2=0x20002d5c p3=0x20002d5c
p4=0x20002d5c p5=0x20002d5c
[23:23:28:094] p=0x20002d14 p1=0x20002d5c p2=0x20002d5c p3=0x20002d5c
p4=0x20002d5c p5=0x20002d5c
[23:23:29:272] p=0x20002d14 p1=0x20002d5c p2=0x20002d5c p3=0x20002d5c
p4=0x20002d5c p5=0x20002d5c
Above memp_overflow_check_all() call is the one called in memp_init().
I still don't figure out why this could happen.
But I found if I change the order to assign p1 first, I no longer hit this
issue.
i.e. In below code p1 always equal to p.
p1 = LWIP_ALIGNMENT_CAST(struct memp*, (size_t)((u8_t*)p + MEMP_SIZE +
memp_pools[i]->size + MEMP_SANITY_REGION_AFTER_ALIGNED));
p = LWIP_ALIGNMENT_CAST(struct memp*, ((u8_t*)p + MEMP_SIZE +
memp_pools[i]->size + MEMP_SANITY_REGION_AFTER_ALIGNED));
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/patch/?9294>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/