[lwip-users] [lwip] bug in tcp.c

lwip-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-users] [lwip] bug in tcp.c

From:	Recker, John
Subject:	[lwip-users] [lwip] bug in tcp.c
Date:	Wed, 08 Jan 2003 23:43:17 -0000

the following sequence causes a assertion
failure in the 5.0 release. I haven't tried
it in the latest source tree, but I don't see
any changes in any of the relevant code sections
either...



netconn_timeout()
 ... connection times out
netconn_delete()



The problem:

Connect receives no reply, causing timeout in tcp_slowtmr().
This routine removes the pcb from tcp_active_pcbs list.
potentially leaving the list empty. 

        /* If the PCB should be removed, do it. */
        if(pcb_remove) {   (tcp.c ~line 460)

        ...

           tcp_active_pcbs = pcb->next;

it then generates a fault back to the app that the connection
failed.

        pcb->connected(pcb->callback_arg, pcb, ERR_ABRT);


App receives fault, closes connection, which results in 
netconn_delete() being called, which evtually calls
tcp_close(), which if state == SYN_SENT, then 
calls 

        tcp_pcb_remove(&tcp_active_pcbs, pcb); (tcp.c, line 98) 

which will assertion fault if tcp_active_pcbs is empty.




Solution?

Either tcp_pcb_remove() should test for tcp_active_pcbs == 0
rather than asserting, or tcp_close() should test prior to 
calling tcp_pcb_remove()


jr
[This message was sent through the lwip discussion list.]

[Prev in Thread]

Current Thread

[Next in Thread]

[lwip-users] [lwip] bug in tcp.c, Recker, John <=

Prev by Date: [lwip-users] Re: [lwip] Word mode transfers in an ethernet driver
Next by Date: [lwip-users] Re: [lwip] what speed?
Previous by thread: [lwip-users] Re: [lwip] To Adam Dunkels
Next by thread: [lwip-users] [lwip] another SOS..
Index(es):
- Date
- Thread