From 8e83e206f4e19566e88d5aec6f58dd4736ae43f8 Mon Sep 17 00:00:00 2001
From: Tim Cussins <tim.cussins@linn.co.uk>
Date: Tue, 18 Apr 2017 15:36:14 +0100
Subject: [PATCH] sockets.c: Make sock_inc_used overflow check robust.

Before this patch, it was possible that the overflow check might
miss an overflow event.

e.g. Consider 2 threads, both executing this method. u8_t fd_used is on 255...

Thread A -> atomically increment fd_used (which is now 0)
Thread B -> atomically increment fd_used (which is now 1)
Thread A -> check overflow... sees everything ok
Thread B -> check overflow... sees everything ok

And the overflow is missed :(

Signed-off-by: goldsimon <goldsimon@gmx.de>
---
 src/api/sockets.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/api/sockets.c b/src/api/sockets.c
index f83fdac8..b60a9a59 100644
--- a/src/api/sockets.c
+++ b/src/api/sockets.c
@@ -374,9 +374,14 @@ lwip_socket_thread_cleanup(void)
 static void
 sock_inc_used(struct lwip_sock *sock)
 {
+  SYS_ARCH_DECL_PROTECT(lev);
+
   LWIP_ASSERT("sock != NULL", sock != NULL);
-  SYS_ARCH_INC(sock->fd_used, 1);
+
+  SYS_ARCH_PROTECT(lev);
+  ++sock->fd_used;
   LWIP_ASSERT("sock->fd_used != 0", sock->fd_used != 0);
+  SYS_ARCH_UNPROTECT(lev);
 }
 
 /* In full-duplex mode,sock->fd_used != 0 prevents a socket descriptor from being