[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lwip-devel] [bug #17645] pbuf_header() corrupts pbuf chain if header_si
From: |
Simon Goldschmidt |
Subject: |
[lwip-devel] [bug #17645] pbuf_header() corrupts pbuf chain if header_size_increment is out of payload range |
Date: |
Mon, 12 Mar 2007 10:29:51 +0000 |
User-agent: |
Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.1.2) Gecko/20070219 Firefox/2.0.0.2 |
Update of bug #17645 (project lwip):
Status: Fixed => In Progress
Open/Closed: Closed => Open
_______________________________________________________
Follow-up Comment #3:
Kieran,
I've reopened this bug because the fix does not work.
e.g. udp_send() checks the return value of pbuf_header(). If it's != 0, it
allocates a new pbuf and chains it in front of the old one. If you now
udp_send() a PBUF_REF, your fix asserts, although the original behaviour is
ok.
The right solution would be to check and return 1 if impossible. This implies
that all functions calling pbuf_header() MUST check the return value!
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?17645>
_______________________________________________
Nachricht geschickt von/durch Savannah
http://savannah.nongnu.org/
- [lwip-devel] [bug #17645] pbuf_header() corrupts pbuf chain if header_size_increment is out of payload range,
Simon Goldschmidt <=