Fixed swapped paremeters in the HID state memory copy call while processing a HID PUSH item in the HID report parser.

Fixed memory corruption HID report parser when too many COLLECTION or PUSH items were processed.

Make RNDIS device class driver include the CDC device class driver header, so that it can inherrit the required CDC functional descriptor macro.

Make HID host class driver include the HID report parser.
pull/1469/head
Dean Camera 16 years ago
parent f4814771d2
commit a2001ac1cc

@ -37,11 +37,11 @@
#define _DESCRIPTORS_H_ #define _DESCRIPTORS_H_
/* Includes: */ /* Includes: */
#include <avr/pgmspace.h>
#include <LUFA/Drivers/USB/USB.h> #include <LUFA/Drivers/USB/USB.h>
#include <LUFA/Drivers/USB/Class/HID.h> #include <LUFA/Drivers/USB/Class/HID.h>
#include <avr/pgmspace.h>
/* Type Defines: */ /* Type Defines: */
/** Type define for the device configuration descriptor structure. This must be defined in the /** Type define for the device configuration descriptor structure. This must be defined in the
* application code, as the configuration descriptor contains several sub-descriptors which * application code, as the configuration descriptor contains several sub-descriptors which

@ -38,25 +38,11 @@
/* Includes: */ /* Includes: */
#include <LUFA/Drivers/USB/USB.h> #include <LUFA/Drivers/USB/USB.h>
#include <LUFA/Drivers/USB/Class/RNDIS.h>
#include <avr/pgmspace.h> #include <avr/pgmspace.h>
/* Macros: */ /* Macros: */
/** Macro to define a CDC class-specific functional descriptor. CDC functional descriptors have a
* uniform structure but variable sized data payloads, thus cannot be represented accurately by
* a single typedef struct. A macro is used instead so that functional descriptors can be created
* easily by specifying the size of the payload. This allows sizeof() to work correctly.
*
* \param[in] DataSize Size in bytes of the CDC functional descriptor's data payload
*/
#define CDC_FUNCTIONAL_DESCRIPTOR(DataSize) \
struct \
{ \
USB_Descriptor_Header_t Header; \
uint8_t SubType; \
uint8_t Data[DataSize]; \
}
/** Endpoint number of the CDC device-to-host notification IN endpoint. */ /** Endpoint number of the CDC device-to-host notification IN endpoint. */
#define CDC_NOTIFICATION_EPNUM 3 #define CDC_NOTIFICATION_EPNUM 3

@ -47,8 +47,7 @@
#include <LUFA/Drivers/Misc/TerminalCodes.h> #include <LUFA/Drivers/Misc/TerminalCodes.h>
#include <LUFA/Drivers/Peripheral/SerialStream.h> #include <LUFA/Drivers/Peripheral/SerialStream.h>
#include <LUFA/Drivers/Board/LEDs.h> #include <LUFA/Drivers/Board/LEDs.h>
#include <LUFA/Drivers/USB/USB.h> #include <LUFA/Drivers/USB/USB.h>\
#include <LUFA/Drivers/USB/Class/Host/CDC.h>
/* Macros: */ /* Macros: */
/** LED mask for the library LED driver, to indicate that the USB interface is not ready. */ /** LED mask for the library LED driver, to indicate that the USB interface is not ready. */

@ -105,7 +105,7 @@ int main(void)
USB_HostState = HOST_STATE_Configured; USB_HostState = HOST_STATE_Configured;
break; break;
case HOST_STATE_Configured: case HOST_STATE_Configured:
if (HID_Host_ReportReceived(&Mouse_HID_Interface)) if (HID_Host_IsReportReceived(&Mouse_HID_Interface))
{ {
} }

@ -14,5 +14,5 @@
# code. # code.
%: %:
# make -C ClassDriver/ $@ <TODO: Re-enable after Host class drivers complete> make -C ClassDriver/ $@
make -C LowLevel/ $@ make -C LowLevel/ $@

@ -37,6 +37,7 @@
/* Includes: */ /* Includes: */
#include "../../USB.h" #include "../../USB.h"
#include "CDC.h"
#include <string.h> #include <string.h>

@ -127,11 +127,21 @@ void HID_Host_USBTask(USB_ClassInfo_HID_Host_t* HIDInterfaceInfo)
} }
void HID_Host_IsReportReceived(USB_ClassInfo_HID_Host_t* HIDInterfaceInfo) bool HID_Host_IsReportReceived(USB_ClassInfo_HID_Host_t* HIDInterfaceInfo)
{ {
bool ReportReceived;
if ((USB_HostState != HOST_STATE_Configured) || !(HIDInterfaceInfo->State.Active))
return false;
Pipe_SelectPipe(HIDInterfaceInfo->Config.DataINPipeNumber); Pipe_SelectPipe(HIDInterfaceInfo->Config.DataINPipeNumber);
Pipe_Unfreeze();
ReportReceived = Pipe_IsReadWriteAllowed();
Pipe_Freeze();
return Pipe_IsReadWriteAllowed(); return ReportReceived;
} }
#endif #endif

@ -47,6 +47,7 @@
/* Includes: */ /* Includes: */
#include "../../USB.h" #include "../../USB.h"
#include "../Common/HID.h" #include "../Common/HID.h"
#include "HIDParser.h"
/* Enable C linkage for C++ Compilers: */ /* Enable C linkage for C++ Compilers: */
#if defined(__cplusplus) #if defined(__cplusplus)
@ -95,14 +96,14 @@
HID_ENUMERROR_InvalidConfigDescriptor = 1, /**< The device returned an invalid Configuration Descriptor */ HID_ENUMERROR_InvalidConfigDescriptor = 1, /**< The device returned an invalid Configuration Descriptor */
HID_ENUMERROR_NoHIDInterfaceFound = 2, /**< A compatible HID interface was not found in the device's Configuration Descriptor */ HID_ENUMERROR_NoHIDInterfaceFound = 2, /**< A compatible HID interface was not found in the device's Configuration Descriptor */
HID_ENUMERROR_EndpointsNotFound = 3, /**< Compatible HID endpoints were not found in the device's CDC interface */ HID_ENUMERROR_EndpointsNotFound = 3, /**< Compatible HID endpoints were not found in the device's CDC interface */
} CDCHost_EnumerationFailure_ErrorCodes_t; } HIDHost_EnumerationFailure_ErrorCodes_t;
/* Function Prototypes: */ /* Function Prototypes: */
void HID_Host_USBTask(USB_ClassInfo_HID_Host_t* HIDInterfaceInfo); void HID_Host_USBTask(USB_ClassInfo_HID_Host_t* HIDInterfaceInfo);
uint8_t HID_Host_ConfigurePipes(USB_ClassInfo_HID_Host_t* HIDInterfaceInfo, uint16_t ConfigDescriptorLength, uint8_t HID_Host_ConfigurePipes(USB_ClassInfo_HID_Host_t* HIDInterfaceInfo, uint16_t ConfigDescriptorLength,
uint8_t* DeviceConfigDescriptor); uint8_t* DeviceConfigDescriptor);
void HID_Host_IsReportReceived(USB_ClassInfo_HID_Host_t* HIDInterfaceInfo); bool HID_Host_IsReportReceived(USB_ClassInfo_HID_Host_t* HIDInterfaceInfo);
/* Private Interface - For use in library only: */ /* Private Interface - For use in library only: */
#if !defined(__DOXYGEN__) #if !defined(__DOXYGEN__)

@ -36,44 +36,53 @@
uint8_t USB_ProcessHIDReport(const uint8_t* ReportData, uint16_t ReportSize, HID_ReportInfo_t* const ParserData) uint8_t USB_ProcessHIDReport(const uint8_t* ReportData, uint16_t ReportSize, HID_ReportInfo_t* const ParserData)
{ {
HID_StateTable_t StateTable[HID_STATETABLE_STACK_DEPTH]; HID_StateTable_t StateTable[HID_STATETABLE_STACK_DEPTH];
HID_StateTable_t* CurrStateTable = &StateTable[0]; HID_StateTable_t* CurrStateTable = &StateTable[0];
uint16_t UsageStack[HID_USAGE_STACK_DEPTH]; uint16_t UsageStack[HID_USAGE_STACK_DEPTH];
uint8_t UsageStackSize = 0; uint8_t UsageStackSize = 0;
uint16_t BitOffsetIn = 0; uint16_t BitOffsetIn = 0;
uint16_t BitOffsetOut = 0; uint16_t BitOffsetOut = 0;
#if defined(HID_ENABLE_FEATURE_PROCESSING) #if defined(HID_ENABLE_FEATURE_PROCESSING)
uint16_t BitOffsetFeature = 0; uint16_t BitOffsetFeature = 0;
#endif #endif
HID_CollectionPath_t* CurrCollectionPath = NULL; HID_CollectionPath_t* CurrCollectionPath = NULL;
memset((void*)ParserData, 0x00, sizeof(HID_ReportInfo_t)); memset(ParserData, 0x00, sizeof(HID_ReportInfo_t));
memset((void*)StateTable, 0x00, sizeof(StateTable)); memset(StateTable, 0x00, sizeof(StateTable));
while (ReportSize) while (ReportSize)
{ {
uint8_t HIDReportItem = *(ReportData++);
uint32_t ReportItemData = 0; uint32_t ReportItemData = 0;
switch (*ReportData & DATA_SIZE_MASK) ReportSize--;
switch (HIDReportItem & DATA_SIZE_MASK)
{ {
case DATA_SIZE_4: case DATA_SIZE_4:
ReportItemData = *((uint32_t*)(ReportData + 1)); ReportItemData = *((uint32_t*)ReportData);
ReportSize -= 4;
ReportData += 4;
break; break;
case DATA_SIZE_2: case DATA_SIZE_2:
ReportItemData = *((uint16_t*)(ReportData + 1)); ReportItemData = *((uint16_t*)ReportData);
ReportSize -= 2;
ReportData += 2;
break; break;
case DATA_SIZE_1: case DATA_SIZE_1:
ReportItemData = *((uint8_t*)(ReportData + 1)); ReportItemData = *((uint8_t*)ReportData);
ReportSize -= 1;
ReportData += 1;
break; break;
} }
switch (*ReportData & (TYPE_MASK | TAG_MASK)) switch (HIDReportItem & (TYPE_MASK | TAG_MASK))
{ {
case (TYPE_GLOBAL | TAG_GLOBAL_PUSH): case (TYPE_GLOBAL | TAG_GLOBAL_PUSH):
if (CurrStateTable == &StateTable[HID_STATETABLE_STACK_DEPTH]) if (CurrStateTable == &StateTable[HID_STATETABLE_STACK_DEPTH - 1])
return HID_PARSE_HIDStackOverflow; return HID_PARSE_HIDStackOverflow;
memcpy((CurrStateTable - 1), memcpy(CurrStateTable,
CurrStateTable, (CurrStateTable + 1),
sizeof(HID_ReportItem_t)); sizeof(HID_ReportItem_t));
CurrStateTable++; CurrStateTable++;
@ -113,7 +122,7 @@ uint8_t USB_ProcessHIDReport(const uint8_t* ReportData, uint16_t ReportSize, HID
break; break;
case (TYPE_GLOBAL | TAG_GLOBAL_REPORTID): case (TYPE_GLOBAL | TAG_GLOBAL_REPORTID):
CurrStateTable->ReportID = ReportItemData; CurrStateTable->ReportID = ReportItemData;
BitOffsetIn = 0; BitOffsetIn = 0;
BitOffsetOut = 0; BitOffsetOut = 0;
break; break;
case (TYPE_LOCAL | TAG_LOCAL_USAGE): case (TYPE_LOCAL | TAG_LOCAL_USAGE):
@ -141,7 +150,7 @@ uint8_t USB_ProcessHIDReport(const uint8_t* ReportData, uint16_t ReportSize, HID
while (CurrCollectionPath->Parent != NULL); while (CurrCollectionPath->Parent != NULL);
{ {
if (CurrCollectionPath == &ParserData->CollectionPaths[HID_MAX_COLLECTIONS]) if (CurrCollectionPath == &ParserData->CollectionPaths[HID_MAX_COLLECTIONS - 1])
return HID_PARSE_InsufficientCollectionPaths; return HID_PARSE_InsufficientCollectionPaths;
CurrCollectionPath++; CurrCollectionPath++;
@ -209,7 +218,7 @@ uint8_t USB_ProcessHIDReport(const uint8_t* ReportData, uint16_t ReportSize, HID
CurrReportItem->Attributes.Usage.Usage = 0; CurrReportItem->Attributes.Usage.Usage = 0;
} }
switch (*ReportData & TAG_MASK) switch (HIDReportItem & TAG_MASK)
{ {
case TAG_MAIN_INPUT: case TAG_MAIN_INPUT:
CurrReportItem->ItemType = REPORT_ITEM_TYPE_In; CurrReportItem->ItemType = REPORT_ITEM_TYPE_In;
@ -236,11 +245,11 @@ uint8_t USB_ProcessHIDReport(const uint8_t* ReportData, uint16_t ReportSize, HID
#endif #endif
} }
#if !defined(HID_INCLUDE_CONSTANT_DATA_ITEMS) #if defined(HID_INCLUDE_CONSTANT_DATA_ITEMS)
ParserData->TotalReportItems++;
#else
if (!(ReportItemData & IOF_CONSTANT)) if (!(ReportItemData & IOF_CONSTANT))
ParserData->TotalReportItems++; ParserData->TotalReportItems++;
#else
ParserData->TotalReportItems++;
#endif #endif
} }
@ -249,32 +258,12 @@ uint8_t USB_ProcessHIDReport(const uint8_t* ReportData, uint16_t ReportSize, HID
break; break;
} }
if ((*ReportData & TYPE_MASK) == TYPE_MAIN) if ((HIDReportItem & TYPE_MASK) == TYPE_MAIN)
{ {
CurrStateTable->Attributes.Usage.MinMax.Minimum = 0; CurrStateTable->Attributes.Usage.MinMax.Minimum = 0;
CurrStateTable->Attributes.Usage.MinMax.Maximum = 0; CurrStateTable->Attributes.Usage.MinMax.Maximum = 0;
UsageStackSize = 0; UsageStackSize = 0;
} }
switch (*ReportData & DATA_SIZE_MASK)
{
case DATA_SIZE_4:
ReportSize -= 5;
ReportData += 5;
break;
case DATA_SIZE_2:
ReportSize -= 3;
ReportData += 3;
break;
case DATA_SIZE_1:
ReportSize -= 2;
ReportData += 2;
break;
case DATA_SIZE_0:
ReportSize -= 1;
ReportData += 1;
break;
}
} }
return HID_PARSE_Successful; return HID_PARSE_Successful;

@ -15,6 +15,8 @@
* <b>Fixed:</b> * <b>Fixed:</b>
* - Fixed possible lockup in the CDC device class driver, when the host sends data that is a multiple of the * - Fixed possible lockup in the CDC device class driver, when the host sends data that is a multiple of the
* endpoint's bank * endpoint's bank
* - Fixed swapped paremeters in the HID state memory copy call while processing a HID PUSH item in the HID report parser
* - Fixed memory corruption HID report parser when too many COLLECTION or PUSH items were processed
* *
* *
* \section Sec_ChangeLog090810 Version 090810 * \section Sec_ChangeLog090810 Version 090810

@ -32,6 +32,7 @@
* *
* - Bicycle POV: http://www.code.google.com/p/bicycleledpov/ * - Bicycle POV: http://www.code.google.com/p/bicycleledpov/
* - CAMTRIG, a remote Camera Trigger device: http://code.astraw.com/projects/motmot/camtrig * - CAMTRIG, a remote Camera Trigger device: http://code.astraw.com/projects/motmot/camtrig
* - "Fingerlicking Wingdinger" (WARNING: Bad Language if no Javascript), a MIDI controller - http://noisybox.net/electronics/wingdinger/
* - Opendous-JTAG, an open source JTAG device: http://code.google.com/p/opendous-jtag/ * - Opendous-JTAG, an open source JTAG device: http://code.google.com/p/opendous-jtag/
* - Openkubus, an open source hardware-based authentication dongle: http://code.google.com/p/openkubus/ * - Openkubus, an open source hardware-based authentication dongle: http://code.google.com/p/openkubus/
* - Orbee, a USB connected RGB Orb for notifications: http://www.franksworkshop.com.au/Electronics/Orbee/Orbee.htm * - Orbee, a USB connected RGB Orb for notifications: http://www.franksworkshop.com.au/Electronics/Orbee/Orbee.htm

Loading…
Cancel
Save