lwip-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [lwip-users] Alignment problem i pbuf_alloc()

From: James Yates
Subject: RE: [lwip-users] Alignment problem i pbuf_alloc()
Date: Mon, 24 May 2004 09:35:54 +0100 
I believe I had similar problems with memory alignment as have lots of
people. The number of previous posts on memory alignment issues is very
large. I am using LWIP successfully on a custom SH2 based board running
with RTEMS. With some help from a few of the guys posts, many thanks to
them :-), I got LWIP up and running on a multi-threaded system. Using a
gcc compiler for Cygwin and a custom debug stub based on gdb-stubs I can
successfully run the code.
   In order to solve the memory alignment issues, I simply changed
mem_malloc to use the REAL malloc rather than using storeage in a static
BYTE buffer. Since malloc is guaranteed to take into account memory
alignment and boundary issues, this works fine. I had now end of grief
with the static byte buffer implementation, mainly due to the board I am
using and the way code is used upon this board. This probably isn't the
best solution and I am sure that many people would not be happy to use
this approach, but since I am running under an RTOS that provides all
the memory handling/cleaning/housekeeping functionality, I used this
method and it works fine.
   Since I rely on malloc and free, I simply changed the 2 defines as
shown:

#define MEM_ALIGN(size) (size)
#define MEM_ALIGN_SIZE(addr) (addr)

   Give it a try and see if it works for you. Hope this helps.

                        James Yates


-----Original Message-----
From: address@hidden
[mailto:address@hidden On Behalf Of
Lars Thorup
Sent: 24 May 2004 07:41
To: 'address@hidden'
Subject: [lwip-users] Alignment problem i pbuf_alloc()

Hello,

We are trying to get lwip to run on our Arm-7 board; however we are
experiencing occasional memory overwrites, and we think that we have
tracked the problem down to a bug in pbuf_alloc(). We use 4 byte
alignment (so MEM_ALIGNMENT is 4).

In pbuf_alloc() we find the following code fragment:

> p = mem_malloc(MEM_ALIGN_SIZE(sizeof(struct pbuf) + length + offset));

> ...
> p->payload = MEM_ALIGN((void *)((u8_t *)p + sizeof(struct pbuf) +
offset));

"sizeof(struct pbuf)" is 16, and offset in this case is 20+20+6 = 46

When "length" is 21, "sizeof(struct pbuf) + length + offset" becomes 83
which gets (correctly) rounded up by MEM_ALIGN_SIZE to 84.

Then "p + sizeof(struct pbuf) + offset" becomes p+62, and since p is
already allocated on an alignment boundary this gets (correctly) rounded
up by MEM_ALIGN to p+64.

However now "p->payload" points at the 64'th byte in a 84 byte buffer,
and that does not leave room enough for the 21 bytes of payload (length)
that we asked for. A short time later in the code we will get a memory
overwrite.

Are we correct in seeing this as bug?

Best regards
Lars Thorup


_______________________________________________
lwip-users mailing list
address@hidden
http://mail.gnu.org/mailman/listinfo/lwip-users
reply via email to
[Prev in Thread] Current Thread [Next in Thread]