The documentation for HAL_ADCEx_MultiModeStart_DMA clearly states that the length parameter is in bytes.
/**
* @brief Enable ADC, start MultiMode conversion and transfer regular results through DMA.
* @note Multimode must have been previously configured using
* HAL_ADCEx_MultiModeConfigChannel() function.
* Interruptions enabled in this function:
* overrun, DMA half transfer, DMA transfer complete.
* Each of these interruptions has its dedicated callback function.
* @note State field of Slave ADC handle is not updated in this configuration:
* user should not rely on it for information related to Slave regular
* conversions.
* @PAram hadc ADC handle of ADC master (handle of ADC slave must not be used)
* @PAram pData Destination Buffer address.
* @PAram Length Length of data to be transferred from ADC peripheral to memory (in bytes).
* @retval HAL status
*/
HAL_StatusTypeDef HAL_ADCEx_MultiModeStart_DMA(ADC_HandleTypeDef *hadc, uint32_t *pData, uint32_t Length)
{
However this length parameter is then passed to HAL_DMA_Start_IT which writes it to the DMA_CNDTR register. This register contains the number of DMA transfers. As the only useful DMA transfer size for this function is 32bits this results in a transfer of length * 4 bytes, which in turn may result in a buffer overflow.
The documentation should reflect that the length parameter is the number of transfers and not the number of bytes.
This bug was found on the STM32G474 but is probably relevant for all series which support master/slave ADCs.
