[lwip-users] pbuf_alloc - is this a bug ?

Jan Ulvesten Thu, 19 May 2005 07:47:36 -0700

Hi

Got a mem-write error destroying a pbuf.  The pbuf before the one that
is destroyed is "filled" up".



Check this:

switch (flag) {
  case PBUF_POOL:
    p = pbuf_pool_alloc();

    ..
    p->payload = MEM_ALIGN((void *)((u8_t *)p + (sizeof(struct pbuf) +
offset)));

    ... 
    p->len = length > PBUF_POOL_BUFSIZE - offset? PBUF_POOL_BUFSIZE -
offset: length;



Assuming that offset=0 (PBUF_RAW):
p->payload will be p+ 0x10    -> sizeof(struct pbuf)

The max. length allowed in first pbuf in this case isn't: 

     BUF_POOL_BUFSIZE - offset 
but PBUF_POOL_BUFSIZE - offset - sizeof(struct pbuf)


Jan Ulvesten




_______________________________________________
lwip-users mailing list
[email protected]
http://lists.nongnu.org/mailman/listinfo/lwip-users

[lwip-users] pbuf_alloc - is this a bug ?

Reply via email to