Fix bug #49914: lwip_sendmsg uses PBUF_REF pbufs
Use PBUF_RAM and create private copy of the data
diff --git a/src/api/sockets.c b/src/api/sockets.c
index 24b3b5f..e415d08 100644
--- a/src/api/sockets.c
+++ b/src/api/sockets.c
@@ -181,7 +181,7 @@
#else
#define LWIP_SO_SNDRCVTIMEO_OPTTYPE struct timeval
#define LWIP_SO_SNDRCVTIMEO_SET(optval, val) do { \
- s32_t loc = (val); \
+ u32_t loc = (u32_t)(val); \
((struct timeval *)(optval))->tv_sec = (loc) / 1000U; \
((struct timeval *)(optval))->tv_usec = ((loc) % 1000U) * 1000U; }while(0)
#define LWIP_SO_SNDRCVTIMEO_GET_MS(optval) ((((const struct timeval *)(optval))->tv_sec * 1000U) + (((const struct timeval *)(optval))->tv_usec / 1000U))
@@ -1068,14 +1068,15 @@
/* create a chained netbuf from the IO vectors. NOTE: we assemble a pbuf chain
manually to avoid having to allocate, chain, and delete a netbuf for each iov */
for (i = 0; i < msg->msg_iovlen; i++) {
- struct pbuf *p = pbuf_alloc(PBUF_TRANSPORT, 0, PBUF_REF);
+ struct pbuf *p;
+
+ LWIP_ASSERT("iov_len < u16_t", msg->msg_iov[i].iov_len <= 0xFFFF);
+ p = pbuf_alloc(PBUF_TRANSPORT, msg->msg_iov[i].iov_len, PBUF_RAM);
if (p == NULL) {
err = ERR_MEM; /* let netbuf_delete() cleanup chain_buf */
break;
}
- p->payload = msg->msg_iov[i].iov_base;
- LWIP_ASSERT("iov_len < u16_t", msg->msg_iov[i].iov_len <= 0xFFFF);
- p->len = p->tot_len = (u16_t)msg->msg_iov[i].iov_len;
+ pbuf_take(p, msg->msg_iov[i].iov_base, (u16_t)msg->msg_iov[i].iov_len);
/* netbuf empty, add new pbuf */
if (chain_buf->p == NULL) {
chain_buf->p = chain_buf->ptr = p;
@@ -1467,7 +1468,7 @@
/* Wait forever */
msectimeout = 0;
} else {
- msectimeout = ((timeout->tv_sec * 1000) + ((timeout->tv_usec + 500)/1000));
+ msectimeout = (u32_t)((timeout->tv_sec * 1000) + ((timeout->tv_usec + 500)/1000));
if (msectimeout == 0) {
/* Wait 1ms at least (0 means wait forever) */
msectimeout = 1;
