From a2d6a50dff4ff7a2ffe634b4f78912c92d4cd9df Mon Sep 17 00:00:00 2001 From: Simon Goldschmidt Date: Thu, 20 Feb 2014 21:55:11 +0100 Subject: [PATCH] fixed bug #41499 netconn::recv_avail can overflow --- CHANGELOG | 3 +++ src/api/sockets.c | 4 ++-- src/include/lwip/api.h | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 8f7b50df..af7a5bf4 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -96,6 +96,9 @@ HISTORY ++ Bugfixes: + 2014-02-20: Simon Goldschmidt + * api.h, sockets.c: fixed bug #41499 netconn::recv_avail can overflow + 2014-01-08: Stathis Voukelatos * memp_std.h: patch #7928 Fixed size calculation in MALLOC memory pool creation macro diff --git a/src/api/sockets.c b/src/api/sockets.c index 9f6b5277..2fd8847d 100644 --- a/src/api/sockets.c +++ b/src/api/sockets.c @@ -2521,7 +2521,7 @@ lwip_ioctl(int s, long cmd, void *argp) u8_t val; #if LWIP_SO_RCVBUF u16_t buflen = 0; - s16_t recv_avail; + int recv_avail; #endif /* LWIP_SO_RCVBUF */ if (!sock) { @@ -2565,7 +2565,7 @@ lwip_ioctl(int s, long cmd, void *argp) if (recv_avail < 0) { recv_avail = 0; } - *((u16_t*)argp) = (u16_t)recv_avail; + *((int*)argp) = recv_avail; /* Check if there is data left from the last recv operation. /maq 041215 */ if (sock->lastdata) { diff --git a/src/include/lwip/api.h b/src/include/lwip/api.h index ac58eebb..78bf0c52 100644 --- a/src/include/lwip/api.h +++ b/src/include/lwip/api.h @@ -203,7 +203,7 @@ struct netconn { /** number of bytes currently in recvmbox to be received, tested against recv_bufsize to limit bytes on recvmbox for UDP and RAW, used for FIONREAD */ - s16_t recv_avail; + int recv_avail; #endif /* LWIP_SO_RCVBUF */ /** flags holding more netconn-internal state, see NETCONN_FLAG_* defines */ u8_t flags;