[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-devel] [bug #43437] Memory corruption beyound memory pool

From: Piotr
Subject: [lwip-devel] [bug #43437] Memory corruption beyound memory pool
Date: Sat, 18 Oct 2014 19:12:25 +0000
User-agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:33.0) Gecko/20100101 Firefox/33.0


                 Summary: Memory corruption beyound memory pool
                 Project: lwIP - A Lightweight TCP/IP stack
            Submitted by: michcior
            Submitted on: Sat 18 Oct 2014 07:12:23 PM GMT
                Category: pbufs
                Severity: 3 - Normal
              Item Group: Crash Error
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
         Planned Release: 
            lwIP version: 1.4.1



In the mem_init (mem.c) The code assigns to "ram_end" the top of the pool.
Then, if the pool was declared without spare bytes, the following instructions
corrupt memory, which is located just after memory pool.

  ram_end = (struct mem *)(void *)&ram[MEM_SIZE_ALIGNED];
  ram_end->used = 1;
  ram_end->next = MEM_SIZE_ALIGNED;
  ram_end->prev = MEM_SIZE_ALIGNED;


Reply to this item at:


  Message sent via/by Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]