mirror/lwip
1
0
Fork 0
mirror of https://github.com/lwip-tcpip/lwip.git synced 2024-10-01 04:12:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

pbuf_alloc(PBUF_POOL): Added asserts to make sure payload+len is still in bound of the pbuf (also to make sure bug #15659 is fixed).

Browse Source
This commit is contained in:
goldsimon 2007-05-16 10:45:28 +00:00
parent 4e71ec4480
commit 887077b5a4
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/core/pbuf.c
View File

@ -165,6 +165,9 @@ pbuf_alloc(pbuf_layer l, u16_t length, pbuf_flag flag)
p->tot_len = length;
/* set the length of the first pbuf in the chain */
p->len = length > PBUF_POOL_BUFSIZE - MEM_ALIGN_SIZE(offset)? PBUF_POOL_BUFSIZE - MEM_ALIGN_SIZE(offset): length;
LWIP_ASSERT("check p->payload + p->len does not overflow pbuf",
((u8_t*)p->payload + p->len <
(u8_t*)p + SIZEOF_STRUCT_PBUF + PBUF_POOL_BUFSIZE));
/* set reference count (needed here in case we fail) */
p->ref = 1;
@ -195,6 +198,9 @@ pbuf_alloc(pbuf_layer l, u16_t length, pbuf_flag flag)
q->payload = (void *)((u8_t *)q + SIZEOF_STRUCT_PBUF);
LWIP_ASSERT("pbuf_alloc: pbuf q->payload properly aligned",
((mem_ptr_t)q->payload % MEM_ALIGNMENT) == 0);
LWIP_ASSERT("check p->payload + p->len does not overflow pbuf",
((u8_t*)p->payload + p->len <
(u8_t*)p + SIZEOF_STRUCT_PBUF + PBUF_POOL_BUFSIZE));
q->ref = 1;
/* calculate remaining length to be allocated */
rem_len -= q->len;