[lwip-devel] problem in do_close_internal function of api

lwip-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-devel] problem in do_close_internal function of api_misg.c (lwip 1

From:	marc walrave
Subject:	[lwip-devel] problem in do_close_internal function of api_misg.c (lwip 1.3.0)
Date:	Mon, 14 Jul 2008 18:44:05 +0200

Hello all,

I have some problems closing a listening tcp socket in some test code
(using lwip 1.3.0)
I traced the problem to the do_close_internal function  (from api_msg.c)

do_close_internal internally :-) calls tcp_close
Depending on the pcb state tcp_close potentially frees the pcb of the
netconn struct (via memp_free) for which do_close_internal was called
(tcp_close then returns ERR_OK).
Now after the tcp_close function returns dl_close_internal still
references the pcb pointer as if it was NOT freed?

The problem triggered memory corruption on my target beacuse the
listening socket is equipped with a smaller pcb (via
tcp_listen_with_backlog)
And the do_close_internal function incorrectly calls the tcp_poll
function on this tiny pcb leading to problems which are fortunately
detected by the MEMP_OVERFLOW_CHECK code.

Is this a "genuine" bug or am I missing something "really" subtle here?

Greetings
Marc Walrave

[Prev in Thread]

Current Thread

[Next in Thread]

[lwip-devel] problem in do_close_internal function of api_misg.c (lwip 1.3.0), marc walrave <=
- Re: [lwip-devel] problem in do_close_internal function of api_misg.c (lwip 1.3.0), Jonathan Larmour, 2008/07/14
  - Re: [lwip-devel] problem in do_close_internal function of api_misg.c (lwip 1.3.0), address@hidden, 2008/07/14

Prev by Date: [lwip-devel] [bug #23559] lwip_recvfrom problem with tcp
Next by Date: Re: [lwip-devel] problem in do_close_internal function of api_misg.c (lwip 1.3.0)
Previous by thread: [lwip-devel] [bug #23559] lwip_recvfrom problem with tcp
Next by thread: Re: [lwip-devel] problem in do_close_internal function of api_misg.c (lwip 1.3.0)
Index(es):
- Date
- Thread