diff --git a/src/core/tcp_in.c b/src/core/tcp_in.c index 5f60b06f..11fb1519 100644 --- a/src/core/tcp_in.c +++ b/src/core/tcp_in.c @@ -1083,10 +1083,8 @@ tcp_receive(struct tcp_pcb *pcb) #if TCP_QUEUE_OOSEQ struct tcp_seg *prev, *cseg; #endif /* TCP_QUEUE_OOSEQ */ - s32_t off; s16_t m; u32_t right_wnd_edge; - u16_t new_tot_len; int found_dupack = 0; #if TCP_OOSEQ_MAX_BYTES || TCP_OOSEQ_MAX_PBUFS u32_t ooseq_blen; @@ -1381,32 +1379,23 @@ tcp_receive(struct tcp_pcb *pcb) length.*/ struct pbuf *p = inseg.p; - off = pcb->rcv_nxt - seqno; + u32_t off32 = pcb->rcv_nxt - seqno; + u16_t new_tot_len, off; LWIP_ASSERT("inseg.p != NULL", inseg.p); - LWIP_ASSERT("insane offset!", (off < 0x7fff)); - if (inseg.p->len < off) { - LWIP_ASSERT("pbuf too short!", (((s32_t)inseg.p->tot_len) >= off)); - new_tot_len = (u16_t)(inseg.p->tot_len - off); - while (p->len < off) { - off -= p->len; - /* KJM following line changed (with addition of new_tot_len var) - to fix bug #9076 - inseg.p->tot_len -= p->len; */ - p->tot_len = new_tot_len; - p->len = 0; - p = p->next; - } - if (pbuf_header(p, (s16_t)-off)) { - /* Do we need to cope with this failing? Assert for now */ - LWIP_ASSERT("pbuf_header failed", 0); - } - } else { - if (pbuf_header(inseg.p, (s16_t)-off)) { - /* Do we need to cope with this failing? Assert for now */ - LWIP_ASSERT("pbuf_header failed", 0); - } + LWIP_ASSERT("insane offset!", (off32 < 0xffff)); + off = (u16_t)off32; + LWIP_ASSERT("pbuf too short!", (((s32_t)inseg.p->tot_len) >= off)); + inseg.len -= off; + new_tot_len = (u16_t)(inseg.p->tot_len - off); + while (p->len < off) { + off -= p->len; + /* all pbufs up to and including this one have len==0, so tot_len is equal */ + p->tot_len = new_tot_len; + p->len = 0; + p = p->next; } - inseg.len -= (u16_t)(pcb->rcv_nxt - seqno); + /* cannot fail... */ + pbuf_remove_header(p, off); inseg.tcphdr->seqno = seqno = pcb->rcv_nxt; } else {