[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lwip-users] pbuf_alloc - is this a bug ?
From: |
Jan Ulvesten |
Subject: |
[lwip-users] pbuf_alloc - is this a bug ? |
Date: |
Thu, 19 May 2005 16:31:08 +0200 |
Hi
Got a mem-write error destroying a pbuf. The pbuf before the one that
is destroyed is "filled" up".
Check this:
switch (flag) {
case PBUF_POOL:
p = pbuf_pool_alloc();
..
p->payload = MEM_ALIGN((void *)((u8_t *)p + (sizeof(struct pbuf) +
offset)));
...
p->len = length > PBUF_POOL_BUFSIZE - offset? PBUF_POOL_BUFSIZE -
offset: length;
Assuming that offset=0 (PBUF_RAW):
p->payload will be p+ 0x10 -> sizeof(struct pbuf)
The max. length allowed in first pbuf in this case isn't:
BUF_POOL_BUFSIZE - offset
but PBUF_POOL_BUFSIZE - offset - sizeof(struct pbuf)
Jan Ulvesten
- [lwip-users] pbuf_alloc - is this a bug ?,
Jan Ulvesten <=