1 /*
2    bug3502965.c
3 */
4 
5 #include <testfwk.h>
6 
7 #if !defined(__SDCC_mcs51) && !defined(__SDCC_pdk14) && !defined(__SDCC_pdk15) // Lack of memory
8 #pragma disable_warning 85
9 
10 #define UCHAR	unsigned char
11 #define USHORT	unsigned short
12 #define PCHAR	unsigned char *
13 #define HW_ALEN					6
14 #define IP_ALEN					4
15 
16 typedef struct _PACKET_LIST PACKET_LIST;
17 struct _PACKET_LIST
18 {
19 	PACKET_LIST *	next;
20 	USHORT			sLen;
21 	USHORT			sAddr;
22 	UCHAR			pRecvIP[IP_ALEN];
23 };
24 
memcpy4(PCHAR dst)25 void memcpy4(PCHAR dst) {}
26 
27 #define EP_TYPE (HW_ALEN + HW_ALEN)
28 #define EP_DATA (EP_TYPE + 2)
29 #define IP_DATA     20
30 #define ETHERNET_MAX_SIZE				1514
31 #define IP_DATA_MAX_SIZE			(ETHERNET_MAX_SIZE - EP_DATA - IP_DATA)
32 UCHAR Adapter_pPacketBuf[ETHERNET_MAX_SIZE + 1 + IP_DATA_MAX_SIZE + 1];
33 #define Adapter_pReceivePacket	(PCHAR)(Adapter_pPacketBuf + ETHERNET_MAX_SIZE + 1)
34 
35 #define TCP_OFFSET	12
36 PCHAR _pReceive;
37 UCHAR _pReceiveIP[IP_ALEN];
38 USHORT _sReceiveDataLen;
39 
TcpRun(PACKET_LIST * p)40 void TcpRun(PACKET_LIST * p)
41 {
42 	UCHAR iHeadLen;
43 	USHORT sLen;
44 	PCHAR pRecvIP;
45 
46 	sLen = p->sLen;
47 
48 	_pReceive = Adapter_pReceivePacket;
49 
50 	memcpy4(_pReceiveIP);
51 
52 	// check if packet length is valid
53 	iHeadLen = (_pReceive[TCP_OFFSET] & 0xf0) >> 2;
54 	if (sLen < iHeadLen)
55 	{
56 		return;
57 	}
58 	_sReceiveDataLen = sLen - iHeadLen;
59 }
60 #endif
61 
testBug(void)62 void testBug(void)
63 {
64 #if !defined(__SDCC_mcs51) && !defined(__SDCC_pdk14) && !defined(__SDCC_pdk15) // Lack of memory
65   PACKET_LIST pl;
66   pl.sLen = 0xff;
67   (Adapter_pReceivePacket)[TCP_OFFSET] = 0x00;
68   _sReceiveDataLen = 0xaa55;
69   TcpRun(&pl);
70   ASSERT(_sReceiveDataLen == 0xff);
71 #endif
72 }
73 
74