进一步跟踪,发现
err_t tftp_send_message(struct udp_pcb *upcb, struct ip_addr *to_ip, unsigned short to_port, char *buf, unsigned short buflen)
{
err_t err;
struct pbuf *pkt_buf; /* Chain of pbuf's to be sent */
/* PBUF_TRANSPORT - specifies the transport layer */
pkt_buf = pbuf_alloc(PBUF_TRANSPORT, buflen, PBUF_POOL);
if (!pkt_buf) /*if the packet pbuf == NULL exit and end transmission */
return ERR_MEM;
/* Copy the original data buffer over to the packet buffer's payload */
memcpy(pkt_buf->payload, buf, buflen);
/* Sending packet by UDP protocol */
err = udp_sendto(upcb, pkt_buf, to_ip, to_port);
/* free the buffer pbuf */
pbuf_free(pkt_buf);
return err;
}
执行memcpy(pkt_buf->payload, buf, buflen);的时候pkt_buf中next中的next指向地址从000000变为FFFFFF
进一步跟踪,发现
err_t tftp_send_message(struct udp_pcb *upcb, struct ip_addr *to_ip, unsigned short to_port, char *buf, unsigned short buflen)
{
err_t err;
struct pbuf *pkt_buf; /* Chain of pbuf's to be sent */
/* PBUF_TRANSPORT - specifies the transport layer */
pkt_buf = pbuf_alloc(PBUF_TRANSPORT, buflen, PBUF_POOL);
if (!pkt_buf) /*if the packet pbuf == NULL exit and end transmission */
return ERR_MEM;
/* Copy the original data buffer over to the packet buffer's payload */
memcpy(pkt_buf->payload, buf, buflen);
/* Sending packet by UDP protocol */
err = udp_sendto(upcb, pkt_buf, to_ip, to_port);
/* free the buffer pbuf */
pbuf_free(pkt_buf);
return err;
}
执行memcpy(pkt_buf->payload, buf, buflen);的时候pkt_buf中next中的next指向地址从000000变为FFFFFF
举报
