I think the length computation should be OK as it stands. There are
two places to check for this. The first is the allocation of
pbuf_pool_memory, where I believe that sizeof (struct pbuf) is added to
PBUF_POOL_BUFSIZE before the multiplication by PBUF_POOL_SIZE. The
next is in pbuf_init, where a similar addition is used during the
construction of the pbuf_pool linked list.
Jan Ulvesten wrote:
Hi
Got a mem-write error destroying a pbuf. The pbuf before the one that
is destroyed is "filled" up".
Check this:
switch (flag) {
case PBUF_POOL:
p = pbuf_pool_alloc();
..
p->payload = MEM_ALIGN((void *)((u8_t *)p + (sizeof(struct pbuf) +
offset)));
...
p->len = length > PBUF_POOL_BUFSIZE - offset? PBUF_POOL_BUFSIZE -
offset: length;
Assuming that offset=0 (PBUF_RAW):
p->payload will be p+ 0x10 -> sizeof(struct pbuf)
The max. length allowed in first pbuf in this case isn't:
BUF_POOL_BUFSIZE - offset
but PBUF_POOL_BUFSIZE - offset - sizeof(struct pbuf)
Jan Ulvesten
_______________________________________________
lwip-users mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/lwip-users
--
Jim Gibbons
|
address@hidden
|
Gibbons and Associates, Inc.
|
TEL: (408) 984-1441
|
900 Lafayette, Suite 704, Santa Clara, CA
|
FAX: (408) 247-6395
|
|