[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lwip-devel] [bug #25705] Memory Leak in HTTPD.C
From: |
Dave Wilson |
Subject: |
[lwip-devel] [bug #25705] Memory Leak in HTTPD.C |
Date: |
Wed, 25 Feb 2009 17:20:18 +0000 |
User-agent: |
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6 |
Follow-up Comment #1, bug #25705 (project lwip):
There's actually a different bug here which caught me out last week and was
causing connections to be improperly terminated. I've reworked the function as
follows.
if ((hs == NULL) && (pcb->state == ESTABLISHED)) {
/* printf("Null, closen");*/
tcp_abort(pcb);
return ERR_ABRT;
} else {
++hs->retries;
if (hs->retries == 4) {
tcp_abort(pcb);
return ERR_ABRT;
}
The case where hs == NULL can occur during termination of a connection and a
race condition means that if http_poll is called at this point, the connection
will be aborted when it is actually closing down cleanly already. This causes
confusion to some browsers, notably Safari on MacOS. The fix I propose above
only aborts the connection if the PCB is supposed to be in ESTABLISHED state,
thus allowing normal termination even if http_poll is called during the window
where the connection is closing.
I agree that there is still a possible memory leak here but arg/hs should
never be NULL while the session is established so you should never hit this
case unless something else has gone really badly wrong first (memory
corruption?). If hs is NULL, you've lost track of where the http_state
structure is anyway so freeing it is rather tricky.
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?25705>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/