From 6374766a55116ed15a314e971238e88b10cd262a Mon Sep 17 00:00:00 2001
From: goldsimon <goldsimon>
Date: Tue, 26 Aug 2008 19:34:18 +0000
Subject: [PATCH] Added 2 asserts in pbuf_realloc to prevent dereferencing a
 null pointer in invalid pbuf queues

---
 src/core/pbuf.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/core/pbuf.c b/src/core/pbuf.c
index 87400573..933107dd 100644
--- a/src/core/pbuf.c
+++ b/src/core/pbuf.c
@@ -272,6 +272,7 @@ pbuf_realloc(struct pbuf *p, u16_t new_len)
   u16_t rem_len; /* remaining length */
   s32_t grow;
 
+  LWIP_ASSERT("pbuf_realloc: p != NULL", p != NULL);
   LWIP_ASSERT("pbuf_realloc: sane p->type", p->type == PBUF_POOL ||
               p->type == PBUF_ROM ||
               p->type == PBUF_RAM ||
@@ -299,6 +300,7 @@ pbuf_realloc(struct pbuf *p, u16_t new_len)
     q->tot_len += (u16_t)grow;
     /* proceed to next pbuf in chain */
     q = q->next;
+    LWIP_ASSERT("pbuf_realloc: q != NULL", q != NULL);
   }
   /* we have now reached the new last pbuf (in q) */
   /* rem_len == desired length for pbuf q */