mirror of
https://github.com/lwip-tcpip/lwip.git
synced 2024-10-04 05:39:53 +00:00
Dangling inseg.p pointer fix by Pedro Alves.
This commit is contained in:
parent
ef0575a26d
commit
6cb19d7e34
@ -3,10 +3,10 @@
|
|||||||
*
|
*
|
||||||
* Transmission Control Protocol, incoming traffic
|
* Transmission Control Protocol, incoming traffic
|
||||||
*
|
*
|
||||||
* The input processing functions of TCP.
|
* The input processing functions of the TCP layer.
|
||||||
*
|
*
|
||||||
* These functions are generally called in the order (ip_input() ->) tcp_input() ->
|
* These functions are generally called in the order (ip_input() ->)
|
||||||
* tcp_process() -> tcp_receive() (-> application).
|
* tcp_input() -> * tcp_process() -> tcp_receive() (-> application).
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
|
|
||||||
@ -80,7 +80,6 @@ static void tcp_parseopt(struct tcp_pcb *pcb);
|
|||||||
static err_t tcp_listen_input(struct tcp_pcb_listen *pcb);
|
static err_t tcp_listen_input(struct tcp_pcb_listen *pcb);
|
||||||
static err_t tcp_timewait_input(struct tcp_pcb *pcb);
|
static err_t tcp_timewait_input(struct tcp_pcb *pcb);
|
||||||
|
|
||||||
|
|
||||||
/* tcp_input:
|
/* tcp_input:
|
||||||
*
|
*
|
||||||
* The initial input processing of TCP. It verifies the TCP header, demultiplexes
|
* The initial input processing of TCP. It verifies the TCP header, demultiplexes
|
||||||
@ -191,7 +190,6 @@ tcp_input(struct pbuf *p, struct netif *inp)
|
|||||||
if (pcb == NULL) {
|
if (pcb == NULL) {
|
||||||
/* If it did not go to an active connection, we check the connections
|
/* If it did not go to an active connection, we check the connections
|
||||||
in the TIME-WAIT state. */
|
in the TIME-WAIT state. */
|
||||||
|
|
||||||
for(pcb = tcp_tw_pcbs; pcb != NULL; pcb = pcb->next) {
|
for(pcb = tcp_tw_pcbs; pcb != NULL; pcb = pcb->next) {
|
||||||
LWIP_ASSERT("tcp_input: TIME-WAIT pcb->state == TIME-WAIT", pcb->state == TIME_WAIT);
|
LWIP_ASSERT("tcp_input: TIME-WAIT pcb->state == TIME-WAIT", pcb->state == TIME_WAIT);
|
||||||
if (pcb->remote_port == tcphdr->src &&
|
if (pcb->remote_port == tcphdr->src &&
|
||||||
@ -306,12 +304,12 @@ tcp_input(struct pbuf *p, struct netif *inp)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* We deallocate the incoming pbuf. If it was buffered by the
|
/* give up our reference to inseg.p */
|
||||||
application, the application should have called pbuf_ref() to
|
if (inseg.p != NULL)
|
||||||
increase the reference counter in the pbuf. If so, the buffer
|
{
|
||||||
isn't actually deallocated by the call to pbuf_free(), only the
|
pbuf_free(inseg.p);
|
||||||
reference count is decreased. */
|
inseg.p = NULL;
|
||||||
if (inseg.p != NULL) pbuf_free(inseg.p);
|
}
|
||||||
#if TCP_INPUT_DEBUG
|
#if TCP_INPUT_DEBUG
|
||||||
#if TCP_DEBUG
|
#if TCP_DEBUG
|
||||||
tcp_debug_print_state(pcb->state);
|
tcp_debug_print_state(pcb->state);
|
||||||
|
Loading…
Reference in New Issue
Block a user