recvfrom() doesn't check data_len received from W5100.read_data before using it
to read into *buf:
maybe indicates more basic problem in w5100 library?
-------------------
from socket.cpp:
data_len = head[6];
data_len = (data_len << 8) + head[7];
// here should be (data_len > len) test
W5100.read_data(s, (uint8_t *)ptr, buf, data_len); // data copy.
------------------
Original issue reported on code.google.com by Scorpios...@gmail.com on 22 Sep 2010 at 4:39
Original issue reported on code.google.com by
Scorpios...@gmail.comon 22 Sep 2010 at 4:39