mirror of
https://github.com/lwip-tcpip/lwip.git
synced 2024-11-18 20:10:53 +00:00
pbuf_alloc(PBUF_POOL): Added asserts to make sure payload+len is still in bound of the pbuf (also to make sure bug #15659 is fixed).
This commit is contained in:
parent
4e71ec4480
commit
887077b5a4
@ -165,6 +165,9 @@ pbuf_alloc(pbuf_layer l, u16_t length, pbuf_flag flag)
|
||||
p->tot_len = length;
|
||||
/* set the length of the first pbuf in the chain */
|
||||
p->len = length > PBUF_POOL_BUFSIZE - MEM_ALIGN_SIZE(offset)? PBUF_POOL_BUFSIZE - MEM_ALIGN_SIZE(offset): length;
|
||||
LWIP_ASSERT("check p->payload + p->len does not overflow pbuf",
|
||||
((u8_t*)p->payload + p->len <
|
||||
(u8_t*)p + SIZEOF_STRUCT_PBUF + PBUF_POOL_BUFSIZE));
|
||||
/* set reference count (needed here in case we fail) */
|
||||
p->ref = 1;
|
||||
|
||||
@ -195,6 +198,9 @@ pbuf_alloc(pbuf_layer l, u16_t length, pbuf_flag flag)
|
||||
q->payload = (void *)((u8_t *)q + SIZEOF_STRUCT_PBUF);
|
||||
LWIP_ASSERT("pbuf_alloc: pbuf q->payload properly aligned",
|
||||
((mem_ptr_t)q->payload % MEM_ALIGNMENT) == 0);
|
||||
LWIP_ASSERT("check p->payload + p->len does not overflow pbuf",
|
||||
((u8_t*)p->payload + p->len <
|
||||
(u8_t*)p + SIZEOF_STRUCT_PBUF + PBUF_POOL_BUFSIZE));
|
||||
q->ref = 1;
|
||||
/* calculate remaining length to be allocated */
|
||||
rem_len -= q->len;
|
||||
|
Loading…
Reference in New Issue
Block a user