-
Notifications
You must be signed in to change notification settings - Fork 424
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
prevent memory corruption #148
base: master
Are you sure you want to change the base?
prevent memory corruption #148
Conversation
An USB device that provides more endpoints then the defined maximum supported ones of the code base this will lead to a memory corruption. The code does not check if it runs over the maximum defined endpoints and write to the memory behind of it. For the number of interfaces the check if the maximum is already reached is present, for the endpoints it is missing. Signed-off-by: Markus Rathgeb <[email protected]>
Hello @maggu2810, Thank you for this fix proposal, however there is another more global proposal suggested via this pull request stm32_mw_usb_host#4 A fix will be implemented and made available in the frame of a future release. Thank you again for your proposal and thank you for your comprehension. With regards, |
Hm, but the fix your linked results into a different behaviour. Or is my reading not correct? The current code checks if all endpoints of an interface has been processed and if not all could be processed it refuses to use the device. /* Check if the required endpoint(s) data are parsed */
if (ep_ix < pif->bNumEndpoints)
{
return USBH_NOT_SUPPORTED;
} The fix you linked will just ignore all endpoints after And as another point: |
1069461
to
c031cf7
Compare
ST Internal Reference: 186156 |
Hi @maggu2810, Thank you for this proposal. Your solution indeed allows the Your solution has been forwarded to our development teams. Let's wait for their feedback. With regards, |
An USB device that provides more endpoints then the defined maximum supported ones of the code base this will lead to a memory corruption.
The code does not check if it runs over the maximum defined endpoints and write to the memory behind of it.
For the number of interfaces the check if the maximum is already reached is present, for the endpoints it is missing.