2012-01-09 01:09 AM
Hi everybody.
I've a remark to do about the ''USBD_GetString(uint8_t *desc, uint8_t *unicode, uint16_t *len)'' function defined in ''usbd_req.c''. When it's called with the function ''USBD_GetString (USBD_PRODUCT_FS_STRING, USBD_StrDesc, length);'' in ''usbd_desc.c'', the reserved size of ''USBD_StrDesc'' in memory is 50 : ''__ALIGN_BEGIN uint8_t USBD_StrDesc[USB_MAX_STR_DESC_SIZ] __ALIGN_END ;'' in ''usbd_req.c'' with following define in ''usbd_conf.h'' : ''#define USB_MAX_STR_DESC_SIZ 50'' However the ''USBD_PRODUCT_FS_STRING'' is define in ''usbd_desc.c'' as ''#define USBD_PRODUCT_FS_STRING ''STM32 Virtual ComPort in FS Mode'' '' so it's a string of 32 characters. When USBD_GetString(...) is called it converts an ascii string to unicode string so doubles the size of the string and adds its length at the beginning. So for a string of 32 chars a size of 66 chars have to be reserved, that is 16 more than it is. I don't know who alert about this little mistake but for me it has been a pain because it overflowed over data I used in my main application. So if it can help someone in the same case I post it. Regards. Robin.2013-07-28 03:35 AM
Thank you very much, it helps a lot
I use this driver for ages now and only today I found that overflow myself, it went under the radar till today2017-02-19 10:01 PM
Date: Mon, 20 Feb 2017 08:52:56 +0300
Subject: [PATCH] Limit string length with USBD_MAX_STR_DESC_SIZ in USBD_GetString()---
Middlewares/ST/STM32_USB_Device_Library/Core/Src/usbd_ctlreq.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-)diff --git a/Middlewares/ST/STM32_USB_Device_Library/Core/Src/usbd_ctlreq.c b/Middlewares/ST/STM32_USB_Device_Library/Core/Src/usbd_ctlreq.c
index 7701a6d..d355903 100644--- a/Middlewares/ST/STM32_USB_Device_Library/Core/Src/usbd_ctlreq.c+++ b/Middlewares/ST/STM32_USB_Device_Library/Core/Src/usbd_ctlreq.c@@ -733,13 +733,16 @@ void USBD_GetString(uint8_t *desc, uint8_t *unicode, uint16_t *len) { uint8_t idx = 0; - if (desc != NULL) + if (desc != NULL) { - *len = USBD_GetLen(desc) * 2 + 2; + *len = USBD_GetLen(desc) * 2 + 2; + if (*len > USBD_MAX_STR_DESC_SIZ) + *len = USBD_MAX_STR_DESC_SIZ; + unicode[idx++] = *len; unicode[idx++] = USB_DESC_TYPE_STRING; - while (*desc != '\0') + while (*desc != '\0' && idx < *len - 1) { unicode[idx++] = *desc++; unicode[idx++] = 0x00; -- 2.1.4