[lwip-users] mem.c heap problem in 1.2.0

[Erik Ekman]

Hi again

I removed some double free()s from my raw api code and everything
works a lot better. Now I have located an error in the heap that
causes an overwrite of my struct. To get this error I have to start 10
new tcp connections every second in a low memory environment.

The lines below starting with a pointer is from mem.c mem_malloc/free
and the other ones are from my raw tcp sender application, printing
the tcp_arg argument.

0x805d3c0 alloced size 12
ss alloced 805D3C0
0x805d354 alloced size 72
0x805d354 freed
0x805d3a4 alloced size 76
0x805d3a4 freed
ss connect 805D3C0

First I get 12 bytes for my little struct and call tcp_new, tcp_bind
and tcp_connect.
When I get the callback (the last row above) my 12 bytes have gone bad.

The allocation of 76 bytes at 0x805d3a4 ends at 0x805d3f0, and my
struct at 0x805d3c0 is in that range. I looked at the fixed bugs and
the changelog for mem.c since the release, but I dont see anything
that surely covers this.

I guess a update to HEAD is the way to go, but I would be glad if
there is just some small fix for me to apply.

Thanks in advance,

/Erik