[En-Nut-Discussion] Malformed TCP packet and memory leak in low-memory situations
Harald Kipp
harald.kipp at egnite.de
Mon Mar 22 16:40:12 CET 2010
Hi Marti,
Marti Raudsepp wrote:
> Now, consider that when transmitting large packets, NutNetBufClone
> will fail; so a NULL pointer is passed into NutIpOutput, and then into
> NutNetBufAlloc
Agreed. Many thanks for reporting this.
> All of this can be avoided by adding an if(nb==NULL) return -1; check
> to the beginning of NutIpOutput, or into checking nb_clone in
> NutTcpOutput.
I prefer the latter. This applies to 4.8 and 4.9. Although, on 4.9 this
is less likely, because NutNetBufClone had been replaced by
NutNetBufClonePart, which creates a referencing NETBUF only.
nb_clone = NutNetBufClonePart(nb);
if (nb_clone == NULL) {
sock->so_last_error = ENOBUFS;
return -1;
}
I'll fix both, 4.8 and 4.9.
Harald
More information about the En-Nut-Discussion
mailing list