AnsweredAssumed Answered

FLEXSPI_ReadBlocking() buffer overflow?

Question asked by Stephen Schwartz-Fenwick on Jul 19, 2018
Latest reply on Jul 27, 2018 by Jorge Antonio Alcala Vazquez

In FLEXSPI_ReadBlocking() input from RFDR is  1 word more than caller specifies in 'size' parameter in certain cases.

 

In attached image, you can see how 'size' parameter, which specifies transfer size in bytes is divided by 4 then increased by 1.

 

So if caller specifies:

 

a) Write 2 bytes : 1 word is copied into caller's buffer (Ok, as long as caller allocates in word multiples)

b) Write 3 bytes : 1 word is copied into caller's buffer (Ok, as long as caller allocates in word multiples)

c) Write 4 bytes : 2 words are copied into caller's buffer! (Buffer overflow!)

d) Write 5 bytes : 2 words are copied into caller's buffer! (Ok, as long as caller allocates in word multiples)

 

Does anyone know why this code does not account for case (c)? 

 

MIMXRT1052xxxxB  NEW

Build Date: 2018-07-17, Device: MIMXRT1052xxxxB

OS: Windows, Toolchain: MCUXpresso IDE

Components: (None)

SDK Version: KSDK 2.4.1 (2018-06-18)

Chip: MIMXRT1051CVL5B

 

Sample code is:

 

uint32_t dest[4];

flexspi_transfer_t flashXfer;

flashXfer.deviceAddress = address;
flashXfer.port = kFLEXSPI_PortA1;
flashXfer.cmdType = kFLEXSPI_Read;
flashXfer.SeqNumber = 1u;
flashXfer.seqIndex = SEQ_IDX_READ_FAST_QUAD;
flashXfer.data = (uint32_t *)dest;
flashXfer.dataSize = sizeof(dest);

FLEXSPI_TransferBlocking(FLEXSPI, &flashXfer)

 

Thanks!

Steve

Attachments

Outcomes