[lwip-devel] [bug #48300] Private mempools allocate foreign memory

[chrysn]

URL:
  <http://savannah.nongnu.org/bugs/?48300>

                 Summary: Private mempools allocate foreign memory
                 Project: lwIP - A Lightweight TCP/IP stack
            Submitted by: chrysn
            Submitted on: Thu 23 Jun 2016 03:00:05 PM GMT
                Category: None
                Severity: 3 - Normal
              Item Group: Faulty Behaviour
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
         Planned Release: 
            lwIP version: git head

    _______________________________________________________

Details:

The memory access to pools declared using LWIP_MEMPOOL_DECLARE can be flawed
when MEM_ALIGNMENT is used. This was observed on an ARM Cortex device on which
MEM_ALIGNMENT was set to 8 for reasons outside the architecture. Two pools are
allocated in parallel, and memset'ing what was obtained from one of the pools
wiped the tab of the other.

I suppose this is because memp_memory_*_base itself is an unaligned u8_t
array, but in memp_init_pool, the address of desc->base gets aligned and thus
potentially increased; fully accessing the last element would then go to an
area not reserved to the respective _base.

I'll see whether I can submit a viable patch.




    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?48300>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.nongnu.org/