This is an automated email from the ASF dual-hosted git repository.
janc pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mynewt-nimble.git
The following commit(s) were added to refs/heads/master by this push:
new 321dc0b99 porting: Fix buffer copy for mbuf in different pools
321dc0b99 is described below
commit 321dc0b999a1a8ba4ce19ada17056c1e2c534ea7
Author: Rahul <[email protected]>
AuthorDate: Thu Oct 9 19:52:03 2025 +0530
porting: Fix buffer copy for mbuf in different pools
Given a chain of at least 2 mbufs, of which the mbufs come from more
than one pool of different-sized buffers and the first mbuf is smaller
in size than at least one of the rest, the memcpy() in os_mbuf_dup()
will write beyond the limits of the allocated mbuf.
This is because os_mbuf_dup() assumes all mbufs in a chain come from
the same pool as the first mbuf in the chain. Fixed the same.
---
porting/nimble/src/os_mbuf.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/porting/nimble/src/os_mbuf.c b/porting/nimble/src/os_mbuf.c
index 829d79858..93126c62d 100644
--- a/porting/nimble/src/os_mbuf.c
+++ b/porting/nimble/src/os_mbuf.c
@@ -384,12 +384,13 @@ os_mbuf_dup(struct os_mbuf *om)
struct os_mbuf *head;
struct os_mbuf *copy;
- omp = om->om_omp;
-
head = NULL;
copy = NULL;
for (; om != NULL; om = SLIST_NEXT(om, om_next)) {
+
+ omp = om->om_omp;
+
if (head) {
SLIST_NEXT(copy, om_next) = os_mbuf_get(omp,
OS_MBUF_LEADINGSPACE(om));
