[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [lwip-users] mem_malloc bug
|
From: |
Kieran Mansley |
|
Subject: |
Re: [lwip-users] mem_malloc bug |
|
Date: |
Wed, 04 Oct 2006 15:10:09 +0100 |
On Wed, 2006-10-04 at 09:57 -0400, Tom Hennen wrote:
> Well, from what I can tell this bug has existed for the entire history
> of mem.c in CVS.
>
> The bug seems to be a result of line 256, where the size of the 'mem'
> struct is counted twice. Instead of:
>
> mem->next - (ptr + SIZEOF_STRUCT_MEM) >= size + SIZEOF_STRUCT_MEM)
That does rather look like a bug, and one that should be fixed, but I
can see how it survived for so long - the only side effect is that you
can't use the last little bit of your memory, and so few people are
likely to hit this, or notice if they do as it doesn't affect stability.
> It should read:
>
> mem->next - ptr >= size + SIZEOF_STRUCT_MEM)
>
> That isn't the only fix required however. The code that updates mem2
> assumes that mem2 is in some region of memory that isn't currently
> allocated. However, with the fix above (and the test case I provided
> earlier) mem2 will point to a valid, already existing 'mem' struct and
> so it shouldn't be updated.
Does it matter if a new one is made rather than updating the one in
place? It's not clear from the above what happens as a result, or if
it's just a bit inefficient the way it's currently written.
Would you like to provide a patch for these changes?
Thanks
Kieran