X-Authentication-Warning: delorie.com: mail set sender to djgpp-bounces using -f
X-Recipient: djgpp AT delorie DOT com
X-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.no; s=s2048; t=1436952721; bh=/8LyicEI2k9L7y6qdKr61a5A8p43rN7RYmiWvsZeQ7c=; h=Date:From:To:Subject:References:In-Reply-To:From:Subject; b=PCdXe11jCJSpYVEnYuODXdsh95UOG+6XF6UU5EXN7MlNopTP5kRSUX0+7tHVOBlM1eL6OGlRG64N8i3IxD1FxfvVeJt+yTOdLaI3rp1i2mYZLIZ81dNzzkpd/KmgwJC/TnCev/YFFkgencAQktF+ZqDBFEpY996NvLdA+Fvfj0M+pKId8bON4bJQMWyk848g9h4dvsjlilr0EqPkVIaHo3BErGyt7ej3c6MdZQhLISMGVKoqcJSXhPNUxs+zFib6BuT8rZ3+SUo9iEGDJ719J/epKSckPc8UKxurDRlp32Pcz687kBbhqfH/SWK9S8j6tVmsCwDW6551PHxcMz1CbA==
X-Yahoo-Newman-Id: 152314 DOT 25522 DOT bm AT smtp144 DOT mail DOT ir2 DOT yahoo DOT com
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: x8bhzu0VM1l0i6EXV_nnWH8qRk3.Pl5IZzB1BzU.vDc2Cij
 RiRSfF4WrMMDF7GsCVwBVQnQlO.Lp3OTMMNiKS2odddv2Gv5Lt9tzlV1KVYG
 i0161irtGA5wvEzxdcIaDCZqcdft.sSiDoGnSKA0aj3bO6QWpJ88Fm5JxqUW
 7LrWoprZccDqcCGcqPY6EehmBVAxgOMjTA1h8jusPr2S6z38FdkOvi6ucz2t
 T7lOTRLrkaCDQVlquRzchIIhsTbsczEu9biROkkT2rpD3uxD2Hnjy8oz8963
 IO9JD6IK3oEFhjwa35ibVvr2tApOcmPpnnfT3MpVYF7laGo7Qpeb7uiZPB4Y
 yCvUVuRlrXeGe46LKogmIQeuii8Kzp.2Mo0.1_N6wXLpEFMG7F4DccFOdreB
 GPAr6J5xKgfXc1HEGw_sq_nnSpPMWGooCVLL22xLD5eta5o4OMTqoFRWb90O
 2baWzYezcPs1SmgsPLPGYwiBrcaJGt4_AzOBdPySwLVRYDpGNCBUcP.4Af8o
 JhDVltFidaKHqMbjCMVjf7x6C.ps-
X-Yahoo-SMTP: 8zhYLGyswBB3AGU8c4pvFIFOfA--
Message-ID: <55A62895.1000308@yahoo.no>
Date: Wed, 15 Jul 2015 11:32:05 +0200
From: "Gisle Vanem (gvanem AT yahoo DOT no) [via djgpp AT delorie DOT com]" <djgpp AT delorie DOT com>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0 SeaMonkey/2.33.1
MIME-Version: 1.0
To: djgpp AT delorie DOT com
Subject: Re: wat3222br3.zip crashes when viewing some web page
References: <bd42a667-3d17-4978-b3de-b25a79d1c11f AT googlegroups DOT com>	<53bcd9ee-c834-4157-a904-49c75f4403e2 AT googlegroups DOT com> <CAA2C=vAPPOg03iQp=Wy1Cw6wmNoeognfcos0V9NgxCHE5X9unw AT mail DOT gmail DOT com>
In-Reply-To: <CAA2C=vAPPOg03iQp=Wy1Cw6wmNoeognfcos0V9NgxCHE5X9unw@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Reply-To: djgpp AT delorie DOT com

Ozkan Sezer [via djgpp AT delorie DOT com] wrote:

>> --- src/tcp_fsm.c_	2005-10-20 17:04:18.000000000 +0200
>> +++ src/tcp_fsm.c	2015-07-12 17:12:46.000000000 +0200
>> @@ -1060,7 +1060,7 @@
>>      * If it's before recv_next, we've seen it all before; if it's after
>>      * then the peer (or someone else) sent more than we said we could take.
>>      */
>> -  if ((unsigned)len - ldiff > s->adv_win)
>> +  if ((unsigned)len - ldiff > s->max_rx_data - s->rx_datalen)
>>     {
>>       TCP_TRACE (("tcp_ProcessData (%u): packet ends outside %lu/%lu\n",
>>                   __LINE__, s->recv_next, s->recv_next + s->adv_win));

> Gisle Vanem:  is the patch correct?

Seems so. I have briefly tested it and have seen no
ill effect. I assume it helped Mikulas in his test-case
(i.e. no more crashes).

I have added the 1st patch. The second is inside an
'#ifdef USE_NEW_TCP_REASM' section which is not active
yet. It should be, but I need to rethink all the TCP-
reassembly when and if SACK (Selective ACKnowledge [1])
gets implemented.

[1] https://tools.ietf.org/html/rfc2018

-- 
--gv