etharp.c: Ensure etharp_query() allocates adequate pbuf if copying/consolidating.

etharp_query() queues packets, instead of sending, if a relevant arp-request is
pending.

Code walks the packet (a pbuf chain) to determine whether any pbufs are marked
'volatile': If so, we cannot simply enqueue the packet, and instead allocate a
new pbuf from RAM, copying the original packet, and enqueueing this new pbuf.

The bug here is that the allocation refers to the tot_len field of a temp pbuf*,
'p', instead of the head, 'q'.

In the case where the first pbuf of the chain is non-volatile but the second pbuf
*is* volatile, then we'll request an allocation that uses the tot_len field of
the second pbuf. If the first pbuf is non-zero length, the allocated pbuf (chain)
will be too small to allow the copy.

Signed-off-by: goldsimon <goldsimon@gmx.de>

src/core/ipv4/etharp.c

@@ -1009,7 +1009,7 @@ etharp_query(struct netif *netif, const ip4_addr_t *ipaddr, struct pbuf *q)
     }
     if (copy_needed) {
       /* copy the whole packet into new pbufs */
-      p = pbuf_alloc(PBUF_LINK, p->tot_len, PBUF_RAM);
+      p = pbuf_alloc(PBUF_LINK, q->tot_len, PBUF_RAM);
       if (p != NULL) {
         if (pbuf_copy(p, q) != ERR_OK) {
           pbuf_free(p);