Buffer overrun with USBH_CDC_Receive #9
Labels
bug
Something isn't working
internal bug tracker
Issue confirmed and reported into a ticket in the internal bug tracking system.
mw
Middleware-related issue or pull-request.
usb
USB-related (host or device) issue or pull-request
Introduction
I'm working with a F4 family ST MCU and I'm using this middleware to communicate with a CDC USB device.
The code involved is somewhat like this:
(for the scope of this issue I've excluded many important parts like synchronization of the global state access and error handling)
The problem
That code works fine most of the times but sometimes it causes a buffer overrun when the
data
buffer is too small (or theat
index is too close to the end ofdata
).This becomes obvious when I call
recv_all(buffer, 0)
and see that data is still being received.Analysis
I want to state right away that I'm beginner and this could be all wrong as I haven't had the time to dig deeper into this problem.
The main cause of this problem I think resides in the implementation of
CDC_ProcessReception
file.We can see that
USBH_CDC_Receive
uses the parameter its given to set thepRxData
andRxDataLength
fields:In the
CDC_ProcessReception
, though, we can see this:The problem with that is that it's not even considering the
RxDataLength
field, which in turn means that if you callUSBH_CDC_Receive
with a buffer that is smaller thanCDC_Handle->DataItf.InEpSize
undefined behaviour will be generated.One important note is that
CDC_ProcessTransmission
handles this problem:Suggestion
If this is expected I feel like it should be explained better in the documentation as I couldn't find any warning about this, but if, instead, this is a problem then I would like to know if a patch could be available in the near future.
The text was updated successfully, but these errors were encountered: