ClientContext.h: Prevent double free for freeRTOS#3370
Open
functionpointer wants to merge 1 commit intoearlephilhower:masterfrom
Open
ClientContext.h: Prevent double free for freeRTOS#3370functionpointer wants to merge 1 commit intoearlephilhower:masterfrom
functionpointer wants to merge 1 commit intoearlephilhower:masterfrom
Conversation
Previous LWIPMutex solution only worked for core
functionpointer
added a commit
to functionpointer/arduino-pico
that referenced
this pull request
Feb 13, 2026
This work in progress commit adds NULL checks in lwip_wrap.cpp to prevent double frees in ClientContext.h See earlephilhower#3265 and earlephilhower#3368 It is alternative to earlephilhower#3370
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
As discussed in #3368 and #3265 there are several race conditions in ClientContext.h.
LWIP can close tcp connections whenever it feels like it, and it will free the associated struct pcb (Protocol Control Block) without warning. It does inform sketch code with a callback.
However,
ClientContext.hdoes not handle this correctly.abort()andclose()are especially problematic, as they remove the callback and then calltcp_abort()ortcp_close(). This frees the connection. In case LWIP frees the connection between removal of the callback andtcp_abort()we have a double free that locks up the system when the next tcp connection is allocated.Additionally, many other functions in
ClientContext.hcontain race conditions where_pcbis checked and then used. Since no mutex is held, LWIP can free_pcbbetween check and usage. The check is effectively useless.This PR fixes the issue by holding the mutex between check and usage. Naively, a simple
LWIPMutex m;as in #3368 would suffice. However, that won't work for freeRTOS. This PR works for both baremetal and freeRTOS. In addition to theLWIPMutex m;it also wraps all critical sections withlwip_callback(), which ends up executing it in LWIP task.The existing
lwip_callback()is quite cumbersome to use for this, as wrapped code needs local variables ofClientContext.hand generates return values. I have attempted to work around this by using lambda functions, which can capture local variables. To make this possible, a newlwip_callback()is required that accepts function objects.