fixed bug #41499 netconn::recv_avail can overflow

CHANGELOG

@@ -96,6 +96,9 @@ HISTORY
 
  ++ Bugfixes:
 
+  2014-02-20: Simon Goldschmidt
+  * api.h, sockets.c: fixed bug #41499 netconn::recv_avail can overflow
+
   2014-01-08: Stathis Voukelatos
   * memp_std.h: patch #7928 Fixed size calculation in MALLOC memory pool
     creation macro

src/api/sockets.c

@@ -2521,7 +2521,7 @@ lwip_ioctl(int s, long cmd, void *argp)
   u8_t val;
 #if LWIP_SO_RCVBUF
   u16_t buflen = 0;
-  s16_t recv_avail;
+  int recv_avail;
 #endif /* LWIP_SO_RCVBUF */
 
   if (!sock) {
@@ -2565,7 +2565,7 @@ lwip_ioctl(int s, long cmd, void *argp)
     if (recv_avail < 0) {
       recv_avail = 0;
     }
-    *((u16_t*)argp) = (u16_t)recv_avail;
+    *((int*)argp) = recv_avail;
 
     /* Check if there is data left from the last recv operation. /maq 041215 */
     if (sock->lastdata) {

src/include/lwip/api.h

@@ -203,7 +203,7 @@ struct netconn {
   /** number of bytes currently in recvmbox to be received,
       tested against recv_bufsize to limit bytes on recvmbox
       for UDP and RAW, used for FIONREAD */
-  s16_t recv_avail;
+  int recv_avail;
 #endif /* LWIP_SO_RCVBUF */
   /** flags holding more netconn-internal state, see NETCONN_FLAG_* defines */
   u8_t flags;