lwip-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-devel] [bug #27791] null pointer dereference (pcb->unacked == 0) i

From: Guillaume du PONTAVICE
Subject: [lwip-devel] [bug #27791] null pointer dereference (pcb->unacked == 0) in tcp_in.c:tcp_process
Date: Fri, 23 Oct 2009 15:53:37 +0000
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729) 
Follow-up Comment #2, bug #27791 (project lwip):

Hi,

the TCP SYN packet is sent in

tcp_output_segment(seg, pcb); (line 588)


588:    tcp_output_segment(seg, pcb);
589:    snd_nxt = ntohl(seg->tcphdr->seqno) + TCP_TCPLEN(seg);
590:    if (TCP_SEQ_LT(pcb->snd_nxt, snd_nxt)) {
591:      pcb->snd_nxt = snd_nxt;
592:    }
593:    /* put segment on unacknowledged list if length > 0 */
594:    if (TCP_TCPLEN(seg) > 0) {
595:      seg->next = NULL;
596:      /* unacked list is empty? */
597:      if (pcb->unacked == NULL) {
598:        pcb->unacked = seg;
599:        useg = seg;



see stack trace below:
# 0 tcp_output_segment
# 1 ip_output
# 2 ip_output_if
# 3 netif->output


if you look at my stack trace, I have reached line 589 (the packet is sent),

the pb comes from the fact that pcb->unacked is set line 598.

=> if the TCP SYN ACK comes back before I reach line 598, then I have a pb.

 


    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?27791>

_______________________________________________
  Message posté via/par Savannah
  http://savannah.nongnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]