lwip-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-devel] [bug #36369] pbuf_copy() with zero length pbuf

From: David Empson
Subject: [lwip-devel] [bug #36369] pbuf_copy() with zero length pbuf
Date: Wed, 02 May 2012 22:48:09 +0000
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.55.3 (KHTML, like Gecko) Version/5.1.5 Safari/534.55.3 
Follow-up Comment #1, bug #36369 (project lwip):

Whether or not pbuf_copy() has a bug, this particular problem can be avoided
with a one line change in ppp.c.

There is existing code to deal with the case where the two-byte PPP checksum
straddles a pbuf boundary, by using pbuf_realloc() to reduce the length of the
pbuf chain. That code can also be used to deal with the case where the PPP
checksum are the only bytes in the final pbuf.

Here is a patch in unified diff format.

--- ppp.c       2012-05-03 10:36:01.000000000 +1200
+++ ppp.c       2012-05-03 10:35:44.000000000 +1200
@@ -1821,7 +1821,7 @@
         } else {
           struct pbuf *inp;
           /* Trim off the checksum. */
-          if(pcrx->inTail->len >= 2) {
+          if(pcrx->inTail->len > 2) {
             pcrx->inTail->len -= 2;
 
             pcrx->inTail->tot_len = pcrx->inTail->len;


    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?36369>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.nongnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]