[jira] [Updated] (MYNEWT-656) os_mbuf_copyinto() memory overrun

Marko Kiiskila (JIRA) Tue, 07 Mar 2017 13:35:35 -0800

     [ 
https://issues.apache.org/jira/browse/MYNEWT-656?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Marko Kiiskila updated MYNEWT-656:
----------------------------------
    Fix Version/s: v1_0_0_rel

> os_mbuf_copyinto() memory overrun
> ---------------------------------
>
>                 Key: MYNEWT-656
>                 URL: https://issues.apache.org/jira/browse/MYNEWT-656
>             Project: Mynewt
>          Issue Type: Bug
>            Reporter: Marko Kiiskila
>            Assignee: Marko Kiiskila
>            Priority: Critical
>             Fix For: v1_0_0_rel
>
>
> os_mbuf_copyinto() corrupts memory, when copy spans over 2 or more target 
> mbufs.
> The problem is that cur_off is not reset after copying first part of the data.
> diff --git a/kernel/os/src/os_mbuf.c b/kernel/os/src/os_mbuf.c
> index 28dec0b..7888a86 100644
> --- a/kernel/os/src/os_mbuf.c
> +++ b/kernel/os/src/os_mbuf.c
> @@ -1086,6 +1086,7 @@ os_mbuf_copyinto(struct os_mbuf *om, int off, const 
> void *src, int len)
>          }
>  
>          cur = next;
> +        cur_off = 0;
>      }
>  
>      /* Append the remaining data to the end of the chain. */



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Updated] (MYNEWT-656) os_mbuf_copyinto() memory overrun

Reply via email to