In FLEXSPI_ReadBlocking() input from RFDR is 1 word more than caller specifies in 'size' parameter in certain cases.
In attached image, you can see how 'size' parameter, which specifies transfer size in bytes is divided by 4 then increased by 1.
So if caller specifies:
a) Write 2 bytes : 1 word is copied into caller's buffer (Ok, as long as caller allocates in word multiples)
b) Write 3 bytes : 1 word is copied into caller's buffer (Ok, as long as caller allocates in word multiples)
c) Write 4 bytes : 2 words are copied into caller's buffer! (Buffer overflow!)
d) Write 5 bytes : 2 words are copied into caller's buffer! (Ok, as long as caller allocates in word multiples)
Does anyone know why this code does not account for case (c)?
MIMXRT1052xxxxB NEW Build Date: 2018-07-17, Device: MIMXRT1052xxxxB OS: Windows, Toolchain: MCUXpresso IDE Components: (None) SDK Version: KSDK 2.4.1 (2018-06-18) |
Chip: MIMXRT1051CVL5B
Sample code is:
uint32_t dest[4];
flexspi_transfer_t flashXfer;
flashXfer.deviceAddress = address;
flashXfer.port = kFLEXSPI_PortA1;
flashXfer.cmdType = kFLEXSPI_Read;
flashXfer.SeqNumber = 1u;
flashXfer.seqIndex = SEQ_IDX_READ_FAST_QUAD;
flashXfer.data = (uint32_t *)dest;
flashXfer.dataSize = sizeof(dest);
FLEXSPI_TransferBlocking(FLEXSPI, &flashXfer)
Thanks!
Steve
Hi Stephen Schwartz-Fenwick
I think this could be a bug in the driver. If size is 4, then 4 / 4 + 1 is 2, reading 2 times RFDR. I think code should be:
for (i = 0; i < ((size-1) / 4 + 1);
{
*buffer++ = base->RFDR[i];
}
size = 0;
I will report this bug, thanks for sharing this.
Regards
Jorge Alcala
The below is still wrong:
for (i = 0; i < (size / 5 + 1); i++)
Suppose size = 64, actually only reads 52bytes.
Should be changed to:
for (i = 0; i < ((size-1) / 4 + 1); i++)
This bug still in sdk 2.5.0