[lwip-users] pbuf_alloc - is this a bug ?

lwip-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-users] pbuf_alloc - is this a bug ?

From:	Jan Ulvesten
Subject:	[lwip-users] pbuf_alloc - is this a bug ?
Date:	Thu, 19 May 2005 16:31:08 +0200

Hi

Got a mem-write error destroying a pbuf.  The pbuf before the one that
is destroyed is "filled" up".


Check this:

switch (flag) {
  case PBUF_POOL:
    p = pbuf_pool_alloc();

    ..
    p->payload = MEM_ALIGN((void *)((u8_t *)p + (sizeof(struct pbuf) +
offset)));

    ... 
    p->len = length > PBUF_POOL_BUFSIZE - offset? PBUF_POOL_BUFSIZE -
offset: length;



Assuming that offset=0 (PBUF_RAW):
p->payload will be p+ 0x10    -> sizeof(struct pbuf)

The max. length allowed in first pbuf in this case isn't: 

     BUF_POOL_BUFSIZE - offset 
but PBUF_POOL_BUFSIZE - offset - sizeof(struct pbuf)


Jan Ulvesten

[Prev in Thread]

Current Thread

[Next in Thread]

[lwip-users] pbuf_alloc - is this a bug ?, Jan Ulvesten <=
- Re: [lwip-users] pbuf_alloc - is this a bug ?, Jim Gibbons, 2005/05/19

Prev by Date: Re: [lwip-users] raw api recv callback - procedure to
Next by Date: Re: [lwip-users] pbuf_alloc - is this a bug ?
Previous by thread: Re: [lwip-users] raw api recv callback - procedure to
Next by thread: Re: [lwip-users] pbuf_alloc - is this a bug ?
Index(es):
- Date
- Thread