[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [lwip-devel] Corrupt pppos_pcb in pppos_create function
|
From: |
Sylvain Rochet |
|
Subject: |
Re: [lwip-devel] Corrupt pppos_pcb in pppos_create function |
|
Date: |
Wed, 20 Jan 2016 21:42:21 +0100 |
|
User-agent: |
Mutt/1.5.23 (2014-03-12) |
Hello Wayne,
On Wed, Jan 20, 2016 at 04:48:34PM +1000, Wayne Uroda wrote:
> Hi,
>
> This is my first post so I apologise if this is not the right mailing list.
It is, as long as you not only ask for help, -devel is perfectly fine :-)
> I am using the latest GIT version of the code cloned from here
> git://git.savannah.nongnu.org/lwip.git
>
> When I create a new PPP connection, I am seeing a hardfault (segfault)
> coming from pbuf_free.
>
> I traced the problem to an invalid in_head field of the pppos_pcb structure.
> The field is invalid because the memory is never cleared to zero after the
> pppos_pcb structure is created in pppos_create().
>
> I was able to fix the issue by adding a memset after the memp_malloc call.
Indeed, you are absolutely right, you found a real bug, good catch !
> I have attached a patch file showing this.
>
> Is this correct? Should memp_malloc instead return zero-initialised memory?
> I don't believe so from what I have read of the source code but can't find
> any explicit documentation on that point.
Yes, I missed that, if you check that's properly done in PPPoE and
PPPoL2TP, my bad.
I applied your patch with a minor ordering thing, thank you. Oh, by the
way, we love the "git format-patch" format instead of the plain old diff
format :-)
Sylvain
signature.asc
Description: Digital signature