[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [lwip-users] [LwIP 1.4.1] Ping length of 92 bytes via PPP crashes Lw
From: |
Marco Jakobs |
Subject: |
Re: [lwip-users] [LwIP 1.4.1] Ping length of 92 bytes via PPP crashes LwIP core/pbuf.c |
Date: |
Mon, 15 May 2017 14:51:42 +0200 |
Hi Simon,
I think I have found the issue but I don't deeply understand why this does not
crash the Ethernet version as this seems to be a bug in pbuf_copy ... but as
this is in a common used routine I want have your opinion on my fix.
I saw that the issue only happens when a pbuf is filled right up to its end.
Let's have a look on pbuf.c, line 879-883:
if (offset_from >= p_from->len) {
/* on to next p_from (if any) */
offset_from = 0;
p_from = p_from->next;
}
So if the number of bytes copied is >= the pbuf length of the "from" chain, it
resets the offset to 0 and references to the next pbuf in the chain. Looks good
for me.
But now the same for the target pbuf chain:
if (offset_to == p_to->len) {
/* on to next p_to (if any) */
offset_to = 0;
p_to = p_to->next;
LWIP_ERROR("p_to != NULL", (p_to != NULL) || (p_from == NULL) , return
ERR_ARG;);
}
First, it only references to offset *equals* the pbuf len (I'd change that to
>= also), but the bug is in the LWIP_ERROR line:
The error kicks in when there is no next p_from pbuf (which is fine) or when
there *is* a next p_to pbuf. In my opinion the error should kick in if there is
either no active "p_from" or no active "p_to" at this place.
I've fix it to this and it's working:
if (offset_to >= p_to->len) {
/* on to next p_to (if any) */
offset_to = 0;
p_to = p_to->next;
LWIP_ERROR("p_to == NULL", (p_to == NULL) || (p_from == NULL) , return
ERR_ARG;);
}
Any comments? Otherwise I'd recommend to push that into 1.4.1 and check if
2.0.x still has this issue also.
Marco
- [lwip-users] [LwIP 1.4.1] Ping length of 92 bytes via PPP crashes LwIP core/pbuf.c, Marco Jakobs, 2017/05/15
- Re: [lwip-users] [LwIP 1.4.1] Ping length of 92 bytes via PPP crashes LwIP core/pbuf.c, Simon Goldschmidt, 2017/05/15
- Re: [lwip-users] [LwIP 1.4.1] Ping length of 92 bytes via PPP crashes LwIP core/pbuf.c, Marco Jakobs, 2017/05/15
- Re: [lwip-users] [LwIP 1.4.1] Ping length of 92 bytes via PPP crashes LwIP core/pbuf.c, Marco Jakobs, 2017/05/15
- Re: [lwip-users] [LwIP 1.4.1] Ping length of 92 bytes via PPP crashes LwIP core/pbuf.c,
Marco Jakobs <=
- Re: [lwip-users] [LwIP 1.4.1] Ping length of 92 bytes via PPP crashes LwIP core/pbuf.c, Simon Goldschmidt, 2017/05/15
- Re: [lwip-users] [LwIP 1.4.1] Ping length of 92 bytes via PPP crashes LwIP core/pbuf.c, Marco Jakobs, 2017/05/15
- Re: [lwip-users] [LwIP 1.4.1] Ping length of 92 bytes via PPP crashes LwIP core/pbuf.c, Simon Goldschmidt, 2017/05/16
- Re: [lwip-users] [LwIP 1.4.1] Ping length of 92 bytes via PPP crashes LwIP core/pbuf.c, Sylvain Rochet, 2017/05/16
- Re: [lwip-users] [LwIP 1.4.1] Ping length of 92 bytes via PPP crashes LwIP core/pbuf.c, address@hidden, 2017/05/16
- Re: [lwip-users] [LwIP 1.4.1] Ping length of 92 bytes via PPP crashes LwIP core/pbuf.c, Marco Jakobs, 2017/05/16
- Re: [lwip-users] [LwIP 1.4.1] Ping length of 92 bytes via PPP crashes LwIP core/pbuf.c, address@hidden, 2017/05/17
- Re: [lwip-users] [LwIP 1.4.1] Ping length of 92 bytes via PPP crashes LwIP core/pbuf.c, Marco Jakobs, 2017/05/18
- Re: [lwip-users] [LwIP 1.4.1] Ping length of 92 bytes via PPP crashes LwIP core/pbuf.c, Simon Goldschmidt, 2017/05/18
- Re: [lwip-users] [LwIP 1.4.1] Ping length of 92 bytes via PPP crashes LwIP core/pbuf.c, Sylvain Rochet, 2017/05/16