[ros-diffs] [cmihail] 52734: [lwIP] - Fix another race condition caused crash bug

cmihail at svn.reactos.org cmihail at svn.reactos.org
Wed Jul 20 11:11:43 UTC 2011


Author: cmihail
Date: Wed Jul 20 11:11:40 2011
New Revision: 52734

URL: http://svn.reactos.org/svn/reactos?rev=52734&view=rev
Log:
[lwIP]
- Fix another race condition caused crash bug

Modified:
    branches/GSoC_2011/TcpIpDriver/lib/drivers/lwip/src/rostcp.c

Modified: branches/GSoC_2011/TcpIpDriver/lib/drivers/lwip/src/rostcp.c
URL: http://svn.reactos.org/svn/reactos/branches/GSoC_2011/TcpIpDriver/lib/drivers/lwip/src/rostcp.c?rev=52734&r1=52733&r2=52734&view=diff
==============================================================================
--- branches/GSoC_2011/TcpIpDriver/lib/drivers/lwip/src/rostcp.c [iso-8859-1] (original)
+++ branches/GSoC_2011/TcpIpDriver/lib/drivers/lwip/src/rostcp.c [iso-8859-1] Wed Jul 20 11:11:40 2011
@@ -60,6 +60,8 @@
 {
     DbgPrint("[lwIP, InternalSendEventHandler] SendEvent (0x%x, 0x%x, %d)\n",
         arg, pcb, (unsigned int)space);
+
+    ASSERT(pcb->sent != 0);
     
     /* Make sure the socket didn't get closed */
     if (!arg) return ERR_OK;
@@ -79,6 +81,8 @@
 
     DbgPrint("[lwIP, InternalRecvEventHandler] RecvEvent (0x%x, pcb = 0x%x, pbuf = 0x%x, err = %d)\n",
         arg, pcb, p, (unsigned int)err);
+
+    ASSERT(pcb->recv != NULL);
     
     /* Make sure the socket didn't get closed */
     if (!arg)
@@ -588,7 +592,12 @@
 {
     struct shutdown_callback_msg *msg = arg;
 
-    if (msg->Pcb->state == ESTABLISHED || msg->Pcb->state == SYN_RCVD)
+    /*
+        We check here if the pcb is in state ESTABLISHED or SYN_RECV because otherwise
+        it means lwIP will take care of it anyway and if it does so before us it will
+        cause memory corruption.
+    */
+    if ((msg->Pcb->state == ESTABLISHED) || (msg->Pcb->state == SYN_RCVD))
     {
         msg->Error = tcp_shutdown(msg->Pcb, msg->shut_rx, msg->shut_tx);
     }
@@ -604,7 +613,7 @@
     struct shutdown_callback_msg *msg;
     err_t ret;
     
-    DbgPrint("[lwIP, LibTCPShutdown] Called on pcb = 0x%x with rx = %d, tx = %d\n", pcb, shut_rx, shut_tx);
+    DbgPrint("[lwIP, LibTCPShutdown] Called on pcb = 0x%x, rx = %d, tx = %d\n", pcb, shut_rx, shut_tx);
     
     if (!pcb)
     {
@@ -658,6 +667,12 @@
 {
     struct close_callback_msg *msg = arg;
     
+    if (msg->Pcb->state == CLOSED)
+    {
+        DbgPrint("[lwIP, LibTCPCloseCallback] Connection was closed on us\n");
+        msg->Error = ERR_OK;
+    }
+
     if (msg->Pcb->state == LISTEN)
     {
         DbgPrint("[lwIP, LibTCPCloseCallback] Closing a listener\n");




More information about the Ros-diffs mailing list