|
| From: | Jonathan D |
| Subject: | [lwip-devel] [bug #59831] tcp_output : Null dereferencing |
| Date: | Wed, 6 Jan 2021 05:22:45 -0500 (EST) |
| User-agent: | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0 |
URL:
<https://savannah.nongnu.org/bugs/?59831>
Summary: tcp_output : Null dereferencing
Project: lwIP - A Lightweight TCP/IP stack
Submitted by: jona
Submitted on: Wed 06 Jan 2021 10:22:43 AM UTC
Category: TCP
Severity: 3 - Normal
Item Group: Crash Error
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Planned Release: None
lwIP version: git head
_______________________________________________________
Details:
We are developing a device with LwIP and FreeRTOS.
We tested freemodbus and run an endurance test with a polling to modbus every
second.
After some hours (we were able to reproduce the issue), the device crashed
with a Null dereferencing for `useg` at this line :
https://git.savannah.nongnu.org/cgit/lwip.git/tree/src/core/tcp_out.c#n1390
Our assumption is that `pcb->unacked` was null at the moment it was copied to
`useg`. Another tasks was executed between this line 1328 and line 1382. This
other task filled `pcb->unacked` and this lead to the crash described above.
The attached patch has been tested successfully so far.
_______________________________________________________
File Attachments:
-------------------------------------------------------
Date: Wed 06 Jan 2021 10:22:43 AM UTC Name:
LwIP_null_dereferencing_crash.diff Size: 2KiB By: jona
<http://savannah.nongnu.org/bugs/download.php?file_id=50666>
_______________________________________________________
Reply to this item at:
<https://savannah.nongnu.org/bugs/?59831>
_______________________________________________
Message sent via Savannah
https://savannah.nongnu.org/
| [Prev in Thread] | Current Thread | [Next in Thread] |