USBD_CtlSendData() is called with a pointer to stack allocated memory

[jobasto]

Problem:

In Class/CDC/Src/usbd_cdc.c, Class/CDC_ECM/Src/usbd_cdc_ecm.c, Class/CCID/Src/usbd_ccid.c, Class/CCID/Src/usbd_ccid.c (and maybe others) USBD_CtlSendData() is called with pointer to stack allocated memory for its pbuf parameter.

Example:

https://github.com/STMicroelectronics/stm32_mw_usb_device/blob/555ce2b1f7960031f153c93ed4e1c0bb95f34c95/Class/CDC/Src/usbd_cdc.c#L433 https://github.com/STMicroelectronics/stm32_mw_usb_device/blob/555ce2b1f7960031f153c93ed4e1c0bb95f34c95/Class/CDC/Src/usbd_cdc.c#L438 https://github.com/STMicroelectronics/stm32_mw_usb_device/blob/555ce2b1f7960031f153c93ed4e1c0bb95f34c95/Class/CDC/Src/usbd_cdc.c#L494

USBD_CtlSendData() does not read the content of ifalt immediately but only stores the pointer to it via USBD_LL_Transmit()->HAL_PCD_EP_Transmit(). Reading only takes place when the transmit fifo empty interrupt fires. At that moment USBD_CDC_Setup() may already have returned and ifalt may have gone out of scope.

Solution:

Declare ifalt as const static. Examine the code for other locations where stack allocated memory is passed to USBD_CtlSendData(). Modify USBD_CtlSendData()'s signature from

USBD_StatusTypeDef USBD_CtlSendData(USBD_HandleTypeDef *pdev,
                                    uint8_t *pbuf, uint32_t len)

to

USBD_StatusTypeDef USBD_CtlSendData(USBD_HandleTypeDef *pdev,
                                    const uint8_t *pbuf, uint32_t len)

to be able to pass a const pointer without cast.

[billybednar]

The same applies to status_info, which is declared on the line after ifault.