From b56f5206bd40f8735f78ee2b37c767e268b2f9af Mon Sep 17 00:00:00 2001 From: Stacey Sheldon Date: Thu, 14 Mar 2013 22:57:57 -0400 Subject: [PATCH] com/usart/cdc: ensure that device structs are memset before use CDC and USART device drivers were not all clearing their device structs before using them. This specifically caused crashes in the case where the upper COM layer was binding only a Tx path. The Rx path callback in the lower driver was uninitialized random data and would result in the lower driver faulting when it tried to call the callback. Conflicts: flight/PiOS/STM32F30x/pios_usart.c flight/PiOS/STM32F30x/pios_usb_cdc.c flight/PiOS/STM32F30x/pios_usb_hid.c --- flight/pios/common/pios_com.c | 3 +++ flight/pios/stm32f10x/pios_usart.c | 3 +++ flight/pios/stm32f10x/pios_usb_cdc.c | 3 +++ flight/pios/stm32f10x/pios_usb_hid.c | 3 +++ flight/pios/stm32f4xx/pios_usart.c | 7 +++---- flight/pios/stm32f4xx/pios_usb_cdc.c | 3 +++ flight/pios/stm32f4xx/pios_usb_hid.c | 3 +++ 7 files changed, 21 insertions(+), 4 deletions(-) diff --git a/flight/pios/common/pios_com.c b/flight/pios/common/pios_com.c index e1800a047..1e24d4cd0 100644 --- a/flight/pios/common/pios_com.c +++ b/flight/pios/common/pios_com.c @@ -73,6 +73,7 @@ static struct pios_com_dev * PIOS_COM_alloc(void) com_dev = (struct pios_com_dev *)pvPortMalloc(sizeof(*com_dev)); if (!com_dev) return (NULL); + memset(com_dev, 0, sizeof(*com_dev)); com_dev->magic = PIOS_COM_DEV_MAGIC; return(com_dev); } @@ -88,6 +89,8 @@ static struct pios_com_dev * PIOS_COM_alloc(void) } com_dev = &pios_com_devs[pios_com_num_devs++]; + + memset(com_dev, 0, sizeof(*com_dev)); com_dev->magic = PIOS_COM_DEV_MAGIC; return (com_dev); diff --git a/flight/pios/stm32f10x/pios_usart.c b/flight/pios/stm32f10x/pios_usart.c index 3691c0dfd..f6aaf3b50 100644 --- a/flight/pios/stm32f10x/pios_usart.c +++ b/flight/pios/stm32f10x/pios_usart.c @@ -78,6 +78,7 @@ static struct pios_usart_dev * PIOS_USART_alloc(void) usart_dev = (struct pios_usart_dev *)pvPortMalloc(sizeof(*usart_dev)); if (!usart_dev) return(NULL); + memset(usart_dev, 0, sizeof(*usart_dev)); usart_dev->magic = PIOS_USART_DEV_MAGIC; return(usart_dev); } @@ -93,6 +94,8 @@ static struct pios_usart_dev * PIOS_USART_alloc(void) } usart_dev = &pios_usart_devs[pios_usart_num_devs++]; + + memset(usart_dev, 0, sizeof(*usart_dev)); usart_dev->magic = PIOS_USART_DEV_MAGIC; return (usart_dev); diff --git a/flight/pios/stm32f10x/pios_usb_cdc.c b/flight/pios/stm32f10x/pios_usb_cdc.c index 8004e5285..1a04f00f5 100644 --- a/flight/pios/stm32f10x/pios_usb_cdc.c +++ b/flight/pios/stm32f10x/pios_usb_cdc.c @@ -88,6 +88,7 @@ static struct pios_usb_cdc_dev * PIOS_USB_CDC_alloc(void) usb_cdc_dev = (struct pios_usb_cdc_dev *)pvPortMalloc(sizeof(*usb_cdc_dev)); if (!usb_cdc_dev) return(NULL); + memset(usb_cdc_dev, 0, sizeof(*usb_cdc_dev)); usb_cdc_dev->magic = PIOS_USB_CDC_DEV_MAGIC; return(usb_cdc_dev); } @@ -103,6 +104,8 @@ static struct pios_usb_cdc_dev * PIOS_USB_CDC_alloc(void) } usb_cdc_dev = &pios_usb_cdc_devs[pios_usb_cdc_num_devs++]; + + memset(usb_cdc_dev, 0, sizeof(*usb_cdc_dev)); usb_cdc_dev->magic = PIOS_USB_CDC_DEV_MAGIC; return (usb_cdc_dev); diff --git a/flight/pios/stm32f10x/pios_usb_hid.c b/flight/pios/stm32f10x/pios_usb_hid.c index 2656c3dce..55e9af251 100644 --- a/flight/pios/stm32f10x/pios_usb_hid.c +++ b/flight/pios/stm32f10x/pios_usb_hid.c @@ -87,6 +87,7 @@ static struct pios_usb_hid_dev * PIOS_USB_HID_alloc(void) usb_hid_dev = (struct pios_usb_hid_dev *)pvPortMalloc(sizeof(*usb_hid_dev)); if (!usb_hid_dev) return(NULL); + memset(usb_hid_dev, 0, sizeof(*usb_hid_dev)); usb_hid_dev->magic = PIOS_USB_HID_DEV_MAGIC; return(usb_hid_dev); } @@ -102,6 +103,8 @@ static struct pios_usb_hid_dev * PIOS_USB_HID_alloc(void) } usb_hid_dev = &pios_usb_hid_devs[pios_usb_hid_num_devs++]; + + memset(usb_hid_dev, 0, sizeof(*usb_hid_dev)); usb_hid_dev->magic = PIOS_USB_HID_DEV_MAGIC; return (usb_hid_dev); diff --git a/flight/pios/stm32f4xx/pios_usart.c b/flight/pios/stm32f4xx/pios_usart.c index daa4d25bb..cf54b5d21 100644 --- a/flight/pios/stm32f4xx/pios_usart.c +++ b/flight/pios/stm32f4xx/pios_usart.c @@ -80,10 +80,7 @@ static struct pios_usart_dev * PIOS_USART_alloc(void) usart_dev = (struct pios_usart_dev *)pvPortMalloc(sizeof(*usart_dev)); if (!usart_dev) return(NULL); - usart_dev->rx_in_cb = 0; - usart_dev->rx_in_context = 0; - usart_dev->tx_out_cb = 0; - usart_dev->tx_out_context = 0; + memset(usart_dev, 0, sizeof(*usart_dev)); usart_dev->magic = PIOS_USART_DEV_MAGIC; return(usart_dev); } @@ -99,6 +96,8 @@ static struct pios_usart_dev * PIOS_USART_alloc(void) } usart_dev = &pios_usart_devs[pios_usart_num_devs++]; + + memset(usart_dev, 0, sizeof(*usart_dev)); usart_dev->magic = PIOS_USART_DEV_MAGIC; return (usart_dev); diff --git a/flight/pios/stm32f4xx/pios_usb_cdc.c b/flight/pios/stm32f4xx/pios_usb_cdc.c index 43db97ce7..0b47c880b 100644 --- a/flight/pios/stm32f4xx/pios_usb_cdc.c +++ b/flight/pios/stm32f4xx/pios_usb_cdc.c @@ -101,6 +101,7 @@ static struct pios_usb_cdc_dev * PIOS_USB_CDC_alloc(void) usb_cdc_dev = (struct pios_usb_cdc_dev *)pvPortMalloc(sizeof(*usb_cdc_dev)); if (!usb_cdc_dev) return(NULL); + memset(usb_cdc_dev, 0, sizeof(*usb_cdc_dev)); usb_cdc_dev->magic = PIOS_USB_CDC_DEV_MAGIC; return(usb_cdc_dev); } @@ -116,6 +117,8 @@ static struct pios_usb_cdc_dev * PIOS_USB_CDC_alloc(void) } usb_cdc_dev = &pios_usb_cdc_devs[pios_usb_cdc_num_devs++]; + + memset(usb_cdc_dev, 0, sizeof(*usb_cdc_dev)); usb_cdc_dev->magic = PIOS_USB_CDC_DEV_MAGIC; return (usb_cdc_dev); diff --git a/flight/pios/stm32f4xx/pios_usb_hid.c b/flight/pios/stm32f4xx/pios_usb_hid.c index 64b811cff..8e54c859f 100644 --- a/flight/pios/stm32f4xx/pios_usb_hid.c +++ b/flight/pios/stm32f4xx/pios_usb_hid.c @@ -90,6 +90,7 @@ static struct pios_usb_hid_dev * PIOS_USB_HID_alloc(void) usb_hid_dev = (struct pios_usb_hid_dev *)pvPortMalloc(sizeof(*usb_hid_dev)); if (!usb_hid_dev) return(NULL); + memset(usb_hid_dev, 0, sizeof(*usb_hid_dev)); usb_hid_dev->magic = PIOS_USB_HID_DEV_MAGIC; return(usb_hid_dev); } @@ -105,6 +106,8 @@ static struct pios_usb_hid_dev * PIOS_USB_HID_alloc(void) } usb_hid_dev = &pios_usb_hid_devs[pios_usb_hid_num_devs++]; + + memset(usb_hid_dev, 0, sizeof(*usb_hid_dev)); usb_hid_dev->magic = PIOS_USB_HID_DEV_MAGIC; return (usb_hid_dev);