[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lwip-devel] [bug #35291] NULL pointer in pbuf_copy
|
From: |
Ivan Delamer |
|
Subject: |
[lwip-devel] [bug #35291] NULL pointer in pbuf_copy |
|
Date: |
Wed, 11 Jan 2012 19:28:57 +0000 |
|
User-agent: |
Mozilla/5.0 (Windows NT 6.1; rv:8.0.1) Gecko/20100101 Firefox/8.0.1 |
URL:
<http://savannah.nongnu.org/bugs/?35291>
Summary: NULL pointer in pbuf_copy
Project: lwIP - A Lightweight TCP/IP stack
Submitted by: idelamer
Submitted on: Wed 11 Jan 2012 12:28:56 PM MST
Category: pbufs
Severity: 3 - Normal
Item Group: Crash Error
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Planned Release:
lwIP version: CVS Head
_______________________________________________________
Details:
I'm still investigating this,but I've come across some cases where we try to
MEMCPY to a NULL pbuf in pbuf_copy.
Looks like p_to is advanced to p_to->next, which is NULL, but somehow p_from
is not yet NULL and we try to copy data.
At the moment, there is just a p_to != NULL ASSERTion. I suggest either
changing the assert to a LWIP_ERROR, or change the loop condition to while
(p_from && p_to)
In my analysis, the call is coming from etharp_query queing a packet. Must be
some kind of malformed pbuf p_from to cause this error, and I can't find the
source yet. But it seems like this change to pbuf_copy could be a good idea.
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?35291>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
- [lwip-devel] [bug #35291] NULL pointer in pbuf_copy,
Ivan Delamer <=