Bug reporting: USB CDC: Using non-initialized dynamic memory

zoromgerg · ‎2018-02-24

Posted on February 25, 2018 at 00:06

DUT:

Device: STM32F407VGT

Board: STM32F4-DISCOVERY

PC part:

OS: Windows 10

Driver: USB Serial Device, Microsoft, 6/21/2006, v10.0.16299.15

Initialization code is generated using the STM32CubeMX Version 4.24.0 with STM32Cube_FW_F4_V1.19.0.

Attached are already pre-built initially generated project with CubeMX (initial.7z) and fixed project (fixed.7z). The .ioc files are included to the projects.

When running initial.7z it acts normally until the port opening trial. Port opening fails.

The fixed.7z has no such behavior and is running good so far.

The key line which is different for two projects:

USBD_memset(pdev->pClassData, 0x00, sizeof (USBD_CDC_HandleTypeDef));

Up to you to decide whether the problem is caused by non-initialized memory usage or by dynamic memory usage in principle.

I can describe more why I'm sure the bug is here. Please let me know if more evidences are needed.

#bug #cubemx #usb-cdc

Ant M · ‎2018-02-26

Posted on February 26, 2018 at 16:55

Related to this?

https://community.st.com/0D50X00009Xkft5SAB

Ant

waclawek.jan · ‎2018-02-26

Posted on February 26, 2018 at 17:43

Yes, in that malloc() is called from the USB interrupt.

If it does cause problems in CDC, it's then specific to the implementation of CDC itself.

See also last paragraph in

JW

zoromgerg · ‎2018-02-26

Posted on February 26, 2018 at 20:23

Yes, it's related because of dynamic memory usage fact. But the memory is allocated for that only once. And the issue isn't related to the size of the heap. It's related to the heap content which is type of random data. The dynamic memory is used for USBD CDC assuming it's initialized with something. Zeroes there do the trick.

I agree that dynamic memory can be used, but if data from there is read before it's written then it's big problem. And it's exactly the case.