DFU upload causes memory corruption (patch)

Harald Welte laforge at openmoko.org
Tue Mar 13 09:41:13 CET 2007

On Tue, Mar 13, 2007 at 12:21:33AM -0300, Werner Almesberger wrote:

> The attached patch seems to fix this. Harald, can you please check if
> this agrees with the general logic of the USB stack ?

well, I've started to introduce this hack (assigning urb->buffer to some
random memory location rather than doing a proper copy) when I wrote the
usbdcore_s3c2410.c code for endpoint zero.

I _tried_ to make sure that urb->buffer gets properly re-intialized to
urb->buffer_data the next time we ues it.

The fundamental issue is that the u-boot usbdcore code allocates one urb
(including an included data buffer at the end of it) and reuses that urb
all over the place, rather than freeing or allocating new ones.  

The fundamental question was: Why doesn't the current code work?
Because urb->buffer is too small for remain?  Then I suggest we restrict
the length of a transfer to the size of urb->buffer_data

If we stay with the current hack, an audit whether urb->buffer really is
properly reset for every control point request would be good.

- Harald Welte <laforge at openmoko.org>          	        http://openmoko.org/
Software for the world's first truly open Free Software mobile phone

More information about the openmoko-uboot mailing list