ioLibrary_Driver
ioLibrary_Driver copied to clipboard
Wiznet
It occurs Global memory Buffer Overrun
in socket() function.
CHECK_SOCKNUM() Macro try to checks that socket number is no more 4 like a below.
#define CHECK_SOCKNUM() \
do{ \
if(sn > _WIZCHIP_SOCK_NUM_) return SOCKERR_SOCKNUM; \
}while(0); \
but sn > _WIZCHIP_SOCK_NUM_ means that socket number is not more than 4. it means that is effective 0, 1, 2, 3 and 4.
This code occurs global memory buffer overrun by sock_pack_info[sn] = 0;.
Because size of sock_pack_info is 4.
What happens memory access by sock_pack_info[4]?
If I correct, you should be like this.
#define CHECK_SOCKNUM() \
do{ \
if(sn >= _WIZCHIP_SOCK_NUM_) return SOCKERR_SOCKNUM; \
}while(0); \
