|
From: | Jonathan D |
Subject: | [lwip-devel] [bug #59831] tcp_output : Null dereferencing |
Date: | Wed, 6 Jan 2021 05:22:45 -0500 (EST) |
User-agent: | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0 |
URL: <https://savannah.nongnu.org/bugs/?59831> Summary: tcp_output : Null dereferencing Project: lwIP - A Lightweight TCP/IP stack Submitted by: jona Submitted on: Wed 06 Jan 2021 10:22:43 AM UTC Category: TCP Severity: 3 - Normal Item Group: Crash Error Status: None Privacy: Public Assigned to: None Open/Closed: Open Discussion Lock: Any Planned Release: None lwIP version: git head _______________________________________________________ Details: We are developing a device with LwIP and FreeRTOS. We tested freemodbus and run an endurance test with a polling to modbus every second. After some hours (we were able to reproduce the issue), the device crashed with a Null dereferencing for `useg` at this line : https://git.savannah.nongnu.org/cgit/lwip.git/tree/src/core/tcp_out.c#n1390 Our assumption is that `pcb->unacked` was null at the moment it was copied to `useg`. Another tasks was executed between this line 1328 and line 1382. This other task filled `pcb->unacked` and this lead to the crash described above. The attached patch has been tested successfully so far. _______________________________________________________ File Attachments: ------------------------------------------------------- Date: Wed 06 Jan 2021 10:22:43 AM UTC Name: LwIP_null_dereferencing_crash.diff Size: 2KiB By: jona <http://savannah.nongnu.org/bugs/download.php?file_id=50666> _______________________________________________________ Reply to this item at: <https://savannah.nongnu.org/bugs/?59831> _______________________________________________ Message sent via Savannah https://savannah.nongnu.org/
[Prev in Thread] | Current Thread | [Next in Thread] |