|
| From: | Lars Ole Pontoppidan |
| Subject: | [lwip-users] Crashes and memory corruption in etharp.c under heavy ARP load |
| Date: | Thu, 12 Feb 2015 10:30:24 +0100 |
| User-agent: | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 |
Dear all,We are using lwIP 1.4.1 with a multitasking RTOS (FreeRTOS) and suffered from unstability and crashes under heavy load, particularly when sending lots of UDP packets to nonexisting IP's. The crashes seem to happen at this location in etharp.c function etharp_query():
r = arp_table[i].q;
while (r->next != NULL) { // <-- access violation reading
from r->next (bus fault)
r = r->next;
}
r->next = new_entry; // <-- memory corruption may
happen here
The cause of the particular crash I was analyzing, was that the queue in arp_table[].q had been freed at the same time as the while was following the next pointers, leading to access violation.
It seems etharp.c is not written in a thread safe manner, while at the same time being accessed by both the tcpip task in lwIP and the application using lwIP. How can this ever be safe?
Is this due to an oversight in our implementation of lwIP or a bug in lwIP? Best regards, Lars
| [Prev in Thread] | Current Thread | [Next in Thread] |