发一个uip的讨论帖(关于uip_connect)
在研究UIP代码的时候遇到一个问题先把代码贴出来:
struct uip_conn *
uip_connect(uip_ipaddr_t *ripaddr, u16_t rport)
{
register struct uip_conn *conn, *cconn;
/* Find an unused local port. */
again:
++lastport;
if(lastport >= 32000) {
lastport = 4096;
}
/* Check if this port is already in use, and if so try to find
another one. */
for(c = 0; c < UIP_CONNS; ++c) {
conn = &uip_conns;
if(conn->tcpstateflags != UIP_CLOSED &&
conn->lport == htons(lastport)) {
goto again;
}
}
conn = 0;
for(c = 0; c < UIP_CONNS; ++c) {
cconn = &uip_conns;
if(cconn->tcpstateflags == UIP_CLOSED) {
conn = cconn;
break;
}
if(cconn->tcpstateflags == UIP_TIME_WAIT) {
if(conn == 0 ||
cconn->timer > conn->timer) { //这里的conn会引起系统内存越界
conn = cconn;
}
}
}
if(conn == 0) {
return 0;
}
conn->tcpstateflags = UIP_SYN_SENT;
conn->snd_nxt = iss;
conn->snd_nxt = iss;
conn->snd_nxt = iss;
conn->snd_nxt = iss;
conn->initialmss = conn->mss = UIP_TCP_MSS;
conn->len = 1; /* TCP length of the SYN is one. */
conn->nrtx = 0;
conn->timer = 1; /* Send the SYN next time around. */
conn->rto = UIP_RTO;
conn->sa = 0;
conn->sv = 16; /* Initial value of the RTT variance. */
conn->lport = htons(lastport);
conn->rport = rport;
uip_ipaddr_copy(&conn->ripaddr, ripaddr);
return conn;
}
cconn->timer > conn->timer) { //这里的conn会引起系统内存越界
这句,注释是我加的,有点看不明白,这样引用conn->time,本来conn就是0,这个指针等于指向了错误的地方,却还要调用它的time 是否会引起内存越界的问题呢,
引申来看,这里会否因此在某些特定的时候出现系统崩溃现象呢,各位有何见解和指教的
页:
[1]