@@ -246,6 +246,11 @@ class UdpContext
246246 {
247247 _reserve (_tx_buf_offset + size);
248248 }
249+ if (!_tx_buf_head || _tx_buf_head->tot_len < _tx_buf_offset + size)
250+ {
251+ DEBUGV (" failed _reserve"
252+ return 0 ;
253+ }
249254
250255 size_t left_to_copy = size;
251256 while (left_to_copy)
@@ -271,17 +276,25 @@ class UdpContext
271276 {
272277 size_t data_size = _tx_buf_offset;
273278 pbuf* tx_copy = pbuf_alloc (PBUF_TRANSPORT, data_size, PBUF_RAM);
274- uint8_t * dst = reinterpret_cast <uint8_t *>(tx_copy->payload );
275- for (pbuf* p = _tx_buf_head; p; p = p->next ) {
276- size_t will_copy = (data_size < p->len ) ? data_size : p->len ;
277- memcpy (dst, p->payload , will_copy);
278- dst += will_copy;
279- data_size -= will_copy;
279+ if (!tx_copy){
280+ DEBUGV (" failed pbuf_alloc"
281+ }
282+ else {
283+ uint8_t * dst = reinterpret_cast <uint8_t *>(tx_copy->payload );
284+ for (pbuf* p = _tx_buf_head; p; p = p->next ) {
285+ size_t will_copy = (data_size < p->len ) ? data_size : p->len ;
286+ memcpy (dst, p->payload , will_copy);
287+ dst += will_copy;
288+ data_size -= will_copy;
289+ }
280290 }
281291 pbuf_free (_tx_buf_head);
282292 _tx_buf_head = 0 ;
283293 _tx_buf_cur = 0 ;
284294 _tx_buf_offset = 0 ;
295+ if (!tx_copy){
296+ return false ;
297+ }
285298
286299
287300 if (!addr) {
@@ -313,6 +326,10 @@ class UdpContext
313326 if (!_tx_buf_head)
314327 {
315328 _tx_buf_head = pbuf_alloc (PBUF_TRANSPORT, pbuf_unit_size, PBUF_RAM);
329+ if (!_tx_buf_head)
330+ {
331+ return ;
332+ }
316333 _tx_buf_cur = _tx_buf_head;
317334 _tx_buf_offset = 0 ;
318335 }
@@ -326,6 +343,10 @@ class UdpContext
326343 while (grow_size)
327344 {
328345 pbuf* pb = pbuf_alloc (PBUF_TRANSPORT, pbuf_unit_size, PBUF_RAM);
346+ if (!pb)
347+ {
348+ return ;
349+ }
329350 pbuf_cat (_tx_buf_head, pb);
330351 if (grow_size < pbuf_unit_size)
331352 return ;
0 commit comments