Changeset 87207 in vbox
- Timestamp:
- Jan 8, 2021 9:42:52 PM (4 years ago)
- svn:sync-xref-src-repo-rev:
- 142160
- File:
-
- 1 edited
-
trunk/src/VBox/Devices/USB/VUSBUrb.cpp (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/VBox/Devices/USB/VUSBUrb.cpp
r84360 r87207 944 944 */ 945 945 uint8_t *pbData = (uint8_t *)(pExtra->pMsg + 1); 946 if ( &pExtra->pbCur[pUrb->cbData] >&pbData[pSetup->wLength])946 if ((uintptr_t)&pExtra->pbCur[pUrb->cbData] > (uintptr_t)&pbData[pSetup->wLength]) 947 947 { 948 if (!pSetup->wLength) /* happens during iPhone detection with iTunes (correct?) */ 948 /* In the device -> host direction, the device never returns more data than 949 what was requested (wLength). So, we can just cap cbData. */ 950 ssize_t const cbLeft = &pbData[pSetup->wLength] - pExtra->pbCur; 951 if (pSetup->bmRequestType & VUSB_DIR_TO_HOST) 949 952 { 950 Log(("%s: vusbUrbSubmitCtrl: pSetup->wLength == 0!! (iPhone)\n", pUrb->pszDesc)); 953 LogFlow(("%s: vusbUrbSubmitCtrl: Adjusting DATA request: %d -> %d\n", pUrb->pszDesc, pUrb->cbData, cbLeft)); 954 pUrb->cbData = cbLeft >= 0 ? (uint32_t)cbLeft : 0; 955 } 956 /* In the host -> direction it's undefined what happens if the host provides 957 more data than what wLength inidicated. However, in 2007, iPhone detection 958 via iTunes would issue wLength=0 but provide a data URB which we needed to 959 pass on to the device anyway, so we'll just quietly adjust wLength if it's 960 zero and get on with the work. 961 962 What confuses me (bird) here, though, is that we've already sent the SETUP 963 URB to the device when we received it, and all we end up doing is an 964 unnecessary memcpy and completing the URB, but never actually sending the 965 data to the device. So, I guess this stuff is still a little iffy. 966 967 Note! We currently won't be doing any resizing, as we've disabled resizing 968 in general. 969 P.S. We used to have a very strange (pUrb->cbData % pSetup->wLength) == 0 970 thing too that joined the pUrb->cbData adjusting above. */ 971 else if ( pSetup->wLength == 0 972 && pUrb->cbData <= pExtra->cbMax) 973 { 974 Log(("%s: vusbUrbSubmitCtrl: pAdjusting wLength: %u -> %u (iPhone hack)\n", 975 pUrb->pszDesc, pSetup->wLength, pUrb->cbData)); 951 976 pSetup->wLength = pUrb->cbData; 952 } 953 954 /* Variable length data transfers */ 955 if ( (pSetup->bmRequestType & VUSB_DIR_TO_HOST) 956 || pSetup->wLength == 0 957 || (pUrb->cbData % pSetup->wLength) == 0) /* magic which need explaining... */ 958 { 959 uint8_t *pbEnd = pbData + pSetup->wLength; 960 int cbLeft = pbEnd - pExtra->pbCur; 961 LogFlow(("%s: vusbUrbSubmitCtrl: Var DATA, pUrb->cbData %d -> %d\n", pUrb->pszDesc, pUrb->cbData, cbLeft)); 962 pUrb->cbData = cbLeft; 977 Assert(cbLeft >= (ssize_t)pUrb->cbData); 963 978 } 964 979 else 965 980 { 966 Log(("%s: vusbUrbSubmitCtrl: Stall at data stage!!\n", pUrb->pszDesc)); 981 Log(("%s: vusbUrbSubmitCtrl: Stall at data stage!! wLength=%u cbData=%d cbMax=%d cbLeft=%dz\n", 982 pUrb->pszDesc, pSetup->wLength, pUrb->cbData, pExtra->cbMax, cbLeft)); 967 983 vusbMsgStall(pUrb); 968 984 break; … … 992 1008 { 993 1009 /* get data for sending when completed. */ 1010 AssertStmt((ssize_t)pUrb->cbData <= pExtra->cbMax - (pExtra->pbCur - pbData), /* paranoia: checked above */ 1011 pUrb->cbData = pExtra->cbMax - (uint32_t)RT_MIN(pExtra->pbCur - pbData, pExtra->cbMax)); 994 1012 memcpy(pExtra->pbCur, pUrb->abData, pUrb->cbData); 995 1013
Note:
See TracChangeset
for help on using the changeset viewer.
