Skip to content

Commit 4212db1

Browse files
GuavTekGuavTek
committed
Move desc_len sanity checks to start of loops
1 parent ebcd706 commit 4212db1

File tree

2 files changed

+11
-11
lines changed

2 files changed

+11
-11
lines changed

src/host/usbh.c

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1631,6 +1631,13 @@ static bool _parse_configuration_descriptor(uint8_t dev_addr, tusb_desc_configur
16311631

16321632
// parse each interfaces
16331633
while( p_desc < desc_end ) {
1634+
if ( 0 == tu_desc_len(p_desc) ) {
1635+
// A zero length descriptor indicates that the device is off spec (e.g. wrong wTotalLength).
1636+
// Parsed interfaces should still be usable
1637+
TU_LOG_USBH("Encountered a zero-length descriptor after %u bytes\r\n", (uint32_t)p_desc - (uint32_t)desc_cfg);
1638+
break;
1639+
}
1640+
16341641
uint8_t assoc_itf_count = 1;
16351642

16361643
// Class will always starts with Interface Association (if any) and then Interface descriptor
@@ -1645,13 +1652,6 @@ static bool _parse_configuration_descriptor(uint8_t dev_addr, tusb_desc_configur
16451652
// desc_iad->bFunctionClass == desc_itf->bInterfaceClass);
16461653
}
16471654

1648-
if ( 0 == tu_desc_len(p_desc) ) {
1649-
// A zero length descriptor indicates that the wTotalLength field is wrong.
1650-
// Parsed interfaces should still be usable
1651-
TU_LOG_USBH("Encountered a zero-length descriptor after %u bytes\r\n", (uint32_t)p_desc - (uint32_t)desc_cfg);
1652-
break;
1653-
}
1654-
16551655
TU_ASSERT( TUSB_DESC_INTERFACE == tu_desc_type(p_desc) );
16561656
tusb_desc_interface_t const* desc_itf = (tusb_desc_interface_t const*) p_desc;
16571657

src/tusb.c

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -247,6 +247,10 @@ uint16_t tu_desc_get_interface_total_len(tusb_desc_interface_t const* desc_itf,
247247
p_desc = tu_desc_next(p_desc);
248248

249249
while (len < max_len) {
250+
if (tu_desc_len(p_desc) == 0) {
251+
// Escape infinite loop
252+
break;
253+
}
250254
// return on IAD regardless of itf count
251255
if (tu_desc_type(p_desc) == TUSB_DESC_INTERFACE_ASSOCIATION) {
252256
return len;
@@ -255,10 +259,6 @@ uint16_t tu_desc_get_interface_total_len(tusb_desc_interface_t const* desc_itf,
255259
((tusb_desc_interface_t const*) p_desc)->bAlternateSetting == 0) {
256260
break;
257261
}
258-
if (tu_desc_len(p_desc) == 0) {
259-
// Escape infinite loop
260-
break;
261-
}
262262

263263
len += tu_desc_len(p_desc);
264264
p_desc = tu_desc_next(p_desc);

0 commit comments

Comments
 (0)