[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-users] Bug in mem_realloc (patch included)

From: Per-Henrik Lundblom
Subject: [lwip-users] Bug in mem_realloc (patch included)
Date: Mon, 8 Oct 2007 16:46:07 +0200
User-agent: Mutt/1.5.13 (2006-08-11)


Just spent a couple of hours figuring out what the heck my system was
doing. Turned out there's a bug in the mem_realloc(). The bug appears at
least in the CVS head version and seems to be have been introduced when
the plug_holes() call was removed from me_realloc().

Problem appers if you realloc the last used mem block in the heap.
Todays code just creates a new struct mem for the empty unused block
that represents the unused heap. The problem is that the lfree variable
that should point to the last unused block (in this case the block we
move) isn't updated. As a result lfree points to an invalid mem block.


diff -ru lwip/src/core/mem.c lwip-patched/src/core/mem.c
--- lwip/src/core/mem.c 2007-09-15 13:34:06.000000000 +0200
+++ lwip-patched/src/core/mem.c 2007-10-08 16:41:25.008750000 +0200
@@ -341,6 +341,9 @@
     next = mem2->next;
     /* create new struct mem which is moved directly after the shrinked
 * mem */
     ptr2 = ptr + SIZEOF_STRUCT_MEM + newsize;
+    if (lfree == mem2) {
+      lfree = (struct mem *)&ram[ptr2];
+    }
     mem2 = (struct mem *)&ram[ptr2];
     mem2->used = 0;
     /* restore the next pointer */

Should I submit a bug report too?


Per-Henrik Lundblom           epost: address@hidden
telefon: 0733-20 71 26        hemsida: www.whatever.nu

Attachment: mem_realloc.patch
Description: Text Data

reply via email to

[Prev in Thread] Current Thread [Next in Thread]