This bug still exists in the latest version 2.1.2.
The function icmp6_send_response_with_addrs_and_netif() tries to parse an
ICMPv6 packet and send it out. Inside it, the function SMEMCPY() as shown in
line 408 of icmp6.c tries to copy a buffer pointed to by p->payload with
length (IP6_HLEN + LWIP_ICMP6_DATASIZE). However, this buffer may be smaller
than (IP6_HLEN + LWIP_ICMP6_DATASIZE). If this happens, it will cause a memory
leakage. To fix this, the length should be compared with p->len.