From 98380cebdad56b07b027bfe1812e15ba2743f544 Mon Sep 17 00:00:00 2001 From: Emery Hemingway Date: Mon, 10 Sep 2018 13:57:52 +0200 Subject: [PATCH] VFS LwIP: do not free TCP PCBs on error The VFS LwIP plugin is page-faulting on connect error because the LwIP library frees a failed TCP protocol control block before calling the error callback, and then the VFS plugin dereferences the PCB to free it a second time. This problem was caused by a failure to follow documentation during a transition from a C callback to a C++ method. Fix #2972 --- repos/libports/include/lwip/arch/cc.h | 1 + repos/libports/src/lib/vfs/lwip/vfs.cc | 10 +++------- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/repos/libports/include/lwip/arch/cc.h b/repos/libports/include/lwip/arch/cc.h index c43cdca2fa..8b561c7d5a 100644 --- a/repos/libports/include/lwip/arch/cc.h +++ b/repos/libports/include/lwip/arch/cc.h @@ -61,6 +61,7 @@ typedef uintptr_t mem_ptr_t; #ifndef LWIP_NO_INTTYPES_H #define LWIP_NO_INTTYPES_H 1 /* Define (sn)printf formatters */ +#define X8_F "02x" #define U16_F "u" // we don't have hu #define S16_F "d" // we don't have hd #define X16_F "x" // we don't have hx diff --git a/repos/libports/src/lib/vfs/lwip/vfs.cc b/repos/libports/src/lib/vfs/lwip/vfs.cc index 4b0dda92e0..e4ebcd9731 100644 --- a/repos/libports/src/lib/vfs/lwip/vfs.cc +++ b/repos/libports/src/lib/vfs/lwip/vfs.cc @@ -1092,17 +1092,13 @@ class Lwip::Tcp_socket_dir final : * * Triggered by error callback, usually * just by an aborted connection. + * The corresponding pcb is already freed + * when this callback is called! */ void error() { state = CLOSED; - - /* the PCB is expired now */ - if (_pcb) { - tcp_arg(_pcb, NULL); - tcp_close(_pcb); - _pcb = NULL; - } + _pcb = NULL; /* churn the application */ handle_io(~0U);