[lwip-users] Bug in snd_buf calculation

lwip-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-users] Bug in snd_buf calculation

From:	Curt McDowell
Subject:	[lwip-users] Bug in snd_buf calculation
Date:	Fri, 3 Feb 2006 17:00:42 -0800

Hi,

A code change was made in two files almost exactly 1 year ago:

        tcp_out.c revision 1.43
        tcp_in.c revision 1.54
        Applied fix patch for bug #2679.
        http://savannah.nongnu.org/bugs/?func=detailitem&item_id=2679

I think the idea was to fix a checksum alignment problem.  However, the fix is 
not correct and should be removed (now that the
checksum alignment problem has been addressed in the checksum routine).  In 
tcp_out.c, the change was:

        <<<<<
          pcb->snd_buf -= len;
        =====
          /* FIX: Data split over odd boundaries */
          pcb->snd_buf -= ((len+1) & ~0x1); /* Even the send buffer */
        >>>>>

If snd_buf becomes an odd number (which is possible elsewhere in lwip), and the 
application uses tcp_write() on that entire odd
amount, pcb->snd_buf underflows to 65535, crashing the application.

Regards,
Curt McDowell
Broadcom Corp.

[Prev in Thread]

Current Thread

[Next in Thread]

[lwip-users] Bug in snd_buf calculation, Curt McDowell <=
- RE: [lwip-users] Bug in snd_buf calculation, Jan Ulvesten, 2006/02/06
  - Re: [lwip-users] Bug in snd_buf calculation, Leon Woestenberg, 2006/02/17
    - [lwip-users] lwip with AVR mega128 with 32KBytes sram, Paulo da Silva, 2006/02/22
- RE: [lwip-users] Bug in snd_buf calculation, Curt McDowell, 2006/02/24
- RE: [lwip-users] Bug in snd_buf calculation, Jan Ulvesten, 2006/02/27

Prev by Date: [lwip-users] Minor bug in sockets API
Next by Date: [lwip-users] Problem receiving large packets
Previous by thread: [lwip-users] Minor bug in sockets API
Next by thread: RE: [lwip-users] Bug in snd_buf calculation
Index(es):
- Date
- Thread