[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lwip-users] Alignment problem i pbuf_alloc()
From: |
Lars Thorup |
Subject: |
[lwip-users] Alignment problem i pbuf_alloc() |
Date: |
Mon, 24 May 2004 08:41:17 +0200 |
Hello,
We are trying to get lwip to run on our Arm-7 board; however we are
experiencing occasional memory overwrites, and we think that we have tracked
the problem down to a bug in pbuf_alloc(). We use 4 byte alignment (so
MEM_ALIGNMENT is 4).
In pbuf_alloc() we find the following code fragment:
> p = mem_malloc(MEM_ALIGN_SIZE(sizeof(struct pbuf) + length + offset));
> ...
> p->payload = MEM_ALIGN((void *)((u8_t *)p + sizeof(struct pbuf) +
offset));
"sizeof(struct pbuf)" is 16, and offset in this case is 20+20+6 = 46
When "length" is 21, "sizeof(struct pbuf) + length + offset" becomes 83
which gets (correctly) rounded up by MEM_ALIGN_SIZE to 84.
Then "p + sizeof(struct pbuf) + offset" becomes p+62, and since p is already
allocated on an alignment boundary this gets (correctly) rounded up by
MEM_ALIGN to p+64.
However now "p->payload" points at the 64'th byte in a 84 byte buffer, and
that does not leave room enough for the 21 bytes of payload (length) that we
asked for. A short time later in the code we will get a memory overwrite.
Are we correct in seeing this as bug?
Best regards
Lars Thorup
- [lwip-users] Alignment problem i pbuf_alloc(),
Lars Thorup <=