[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lwip-devel] [bug #59831] tcp_output : Null dereferencing
From: |
Evan Lojewski |
Subject: |
[lwip-devel] [bug #59831] tcp_output : Null dereferencing |
Date: |
Mon, 18 Jan 2021 16:37:29 -0500 (EST) |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36 |
Follow-up Comment #7, bug #59831 (project lwip):
[comment #5 comment #5:]
> Comment #2 makes me think a bit, but this at least seems to be a different
bug than what the OP saw?
It's possible that this is related, however what I'm seeing is also causing
this issue here.
If you take a look at the tcp_out.c file:
https://git.savannah.nongnu.org/cgit/lwip.git/tree/src/core/tcp_out.c#n1328
useg = pcb->unacked;
if (useg != NULL) {
useg is beign set to pcb->unacked. Following this, there is a check for null,
which implies that useg can be null.
On line 1382, we then check pcb->unacked for null, and not useg for null.
These *should* be the same, so long as pcb was not modified by another
thread.
https://git.savannah.nongnu.org/cgit/lwip.git/tree/src/core/tcp_out.c#n1390
So, the linters are only triggering this because two different variable names
are being used and checked for null. I think if the following line checked
useg instead, then the linter would be happy:
Note that this would also reduce the probability of the issue being triggered
by the OP, but would not necessarily fix their issue.
After that analysis, I would agree that these are two seperate issues
1) the way the code is written is causing confusion to both pclint and
clang-analyzer
2) The OP is running into an because multiple threads accessing tcp routines
that modify internals (presumable).
_______________________________________________________
Reply to this item at:
<https://savannah.nongnu.org/bugs/?59831>
_______________________________________________
Message sent via Savannah
https://savannah.nongnu.org/