[lwip-devel] [bug #37166] memp_sanity check loops itself

lwip-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-devel] [bug #37166] memp_sanity check loops itself

From:	Artem Pisarenko
Subject:	[lwip-devel] [bug #37166] memp_sanity check loops itself
Date:	Wed, 22 Aug 2012 09:36:18 +0000
User-agent:	Opera/9.80 (Windows NT 6.1; WOW64; U; ru) Presto/2.10.289 Version/12.01

URL:
  <http://savannah.nongnu.org/bugs/?37166>

                 Summary: memp_sanity check loops itself
                 Project: lwIP - A Lightweight TCP/IP stack
            Submitted by: jblackarty
            Submitted on: Wed 22 Aug 2012 04:36:17 PM OMSST
                Category: None
                Severity: 3 - Normal
              Item Group: Faulty Behaviour
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
         Planned Release: 
            lwIP version: 1.4.0

    _______________________________________________________

Details:

Did you check this check ? ;) I fall into this error and was going to report
two bugs: primary (which caused memp-lists to form a circle) and memp_sanity
internal which was detected thanks to first one. But I'm not able to reproduce
primary bug unfortunately (although I can describe conditions which fired it
if anybody get interested). So I report only second one at now.

memp_sanity() algorithm is wrong:

/**
 * Check that memp-lists don't form a circle
 */
static int
memp_sanity(void)
{
  s16_t i, c;
  struct memp *m, *n;

  for (i = 0; i < MEMP_MAX; i++) {
    for (m = memp_tab[i]; m != NULL; m = m->next) {
      c = 1;
      for (n = memp_tab[i]; n != NULL; n = n->next) { // <--- endless loop in
this cycle
        if (n == m && --c < 0) { // <--- this condition is always false
          return 0;
        }
      }
    }
  }
  return 1;
}


That code detects only case where looped item points to first item (that is
'm') and make '--c' operator to work thanks to passed (n == m) condition. But
this is not the only case. Author of this code caught in a trap of tricky and
cruel '&&' short-circuit operator ;)

My "circle" was as follows: n->next->next = n.





    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?37166>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.nongnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[lwip-devel] [bug #37166] memp_sanity check loops itself, Artem Pisarenko <=
- [lwip-devel] [bug #37166] memp_sanity check loops itself, Simon Goldschmidt, 2012/08/22
  - [lwip-devel] [bug #37166] memp_sanity check loops itself, Artem Pisarenko, 2012/08/22
    - [lwip-devel] [bug #37166] memp_sanity check loops itself, Simon Goldschmidt, 2012/08/22
    - Re: [lwip-devel] [bug #37166] memp_sanity check loops itself, Philipp Tölke, 2012/08/22
    - [lwip-devel] [bug #37166] memp_sanity check loops itself, Simon Goldschmidt, 2012/08/22

Prev by Date: [lwip-devel] [bug #37158] MEM_USE_POOLS==1: LWIP_ASSERT (rmem == LWIP_MEM_ALIGN(rmem)) fails
Next by Date: Re: [lwip-devel] [ppp-new] ppp_delet
Previous by thread: [lwip-devel] [ppp-new] ppp_delet
Next by thread: [lwip-devel] [bug #37166] memp_sanity check loops itself
Index(es):
- Date
- Thread