On 2014-02-26 23:30, Fabian Koch wrote:
Hey all,
I have a bug report where someone
reports
that the following section in tcp_out.c has led to an endless
loop:
In 1.3.2, line 550, in 1.4.1,
line 934:
/*
useg should point to last segment on unacked queue */
useg = pcb->unacked;
if
(useg != NULL) {
for
(; useg->next != NULL; useg = useg->next);
}
is it possible that useg->next
loops
back to useg?
It certainly isn't supposed to. The unsent and unacked queues are
singly linked lists, with the last entry having a NULL for the next
pointer. All code I spotted which deals with segment lists expects
that structure.
Echoing Simon's usual answer: the most likely explanation is a
violation of LWIP's threading rules, i.e. two threads (or mainline
and interrupt code) were active inside the LWIP core at once, which
resulted in this data structure being corrupted.
|