There was a possible recursion that could eventually overflow the stack. The error occurred when closing the socket with inet_close() while a socket callback was still queued. When the socket callback was executed by devif_conn_event(), this resulted in a call to psock_send_eventhandler() with TCP_CLOSE flag set which then called tcp_lost_connection(). tcp_shutdown_monitor() then called tcp_callback() again, which again called psock_send_eventhandler(), and so on.... Noted by Pascal Speck. Solution is also similar to a solution proposed by Pascal Speck.

2026-05-29 04:19:37 +08:00 · 2017-10-19 11:55:51 -06:00
parent bc40403516
commit cf5cba953d
5 changed files with 13 additions and 8 deletions
@@ -195,7 +195,7 @@ static int usrsock_pollsetup(FAR struct socket *psock, FAR struct pollfd *fds)
  /* Allocate a usrsock callback structure */

  cb = devif_callback_alloc(NULL, &conn->list);
-  if (!cb)
+  if (cb == NULL)
    {
      ret = -EBUSY;
      kmm_free(info); /* fds->priv not set, so we need to free info here. */