USB Driver memory corruption (overrun)

[quickplot]

I'm using Pi B+ for my tests if this matters In EnumerateDevice around line 2645 the function call to HCDGetDescriptor overwrites device->PayLoadId which is right after device->Descriptor in the structure UsbDevice

/*	USB ENUMERATION BY THE BOOK STEP 4 = Read Device Descriptor At Address	*/
	result = HCDGetDescriptor(
		device->Pipe0,												// Device control 0 pipe
		USB_DESCRIPTOR_TYPE_DEVICE,							        // Fetch device descriptor 
		0,															// Index 0
		0,															// Language 0
		&device->Descriptor,										// Pointer to buffer in device structure 
		sizeof(device->Descriptor),									// Ask for entire descriptor
		bmREQ_GET_DEVICE_DESCRIPTOR,								// Recipient device
		&transferred, true);										// Pass in pointer to get bytes transferred back
	if ((result != OK) || (transferred != sizeof(device->Descriptor))) {// This should pass on any valid device
		dwc_release_channel(pipectrl.Channel);						// Release the channel we are exiting
		LOG("Enumeration: Step 4 on device %i failed, Result: %#x.\n",
			device->Pipe0.Number, result);							// Log any error
		return result;												// Fatal enumeration error of this device
	}

This causes USB detection to fail as deviceId becomes 0x82 instead of 0x01 that it should be I verified this by saving deviceId before the faulty call and restoring it afterwards and USB started working.

uint8_t savePlByte = device->PayLoadId;
/*	USB ENUMERATION BY THE BOOK STEP 4 = Read Device Descriptor At Address	*/
	// Make faulty HCDGetDescriptor call
device->PayLoadId = savePlByte;

Within HCDGetDescriptor I believe the problem might lie in HCDSumbitControlMessage