🪲[BUG] pio_usb_bus_receive_packet_and_handshake gets stuck in an infinite loop and corrupts memory if timing is disrupted.

[Daft-Freak]

Describe the bug you encountered:

If the timer is disrupted by something like another interrupt taking too long or writing to flash pio_usb_bus_receive_packet_and_handshake can get into a bad state where it reads data infinitely, locking up the core. Also because idx is int16_t and there's only a check against the size of the buffer, it eventually wraps around to negative and corrupts memory before the buffer.

The easiest way I've found to trigger this (with devices connected):

    // flash write simulator
    for(int i = 0; i < 5000; i++)
    {
        auto status = save_and_disable_interrupts();
        sleep_us(620); // roughly how long flash_range_program takes for a single page
        restore_interrupts(status);
    }

What did you expect to happen instead?

Ideally, handle whatever is going wrong gracefully instead of blowing everything up.

What actually happened in your case?

One core hangs, the other dies in a pile of hardfaults due to the memory corruption.

Additional information

The hardware I'm using is an Adafruit Fruit Jam (USB host with a hub). I've tried finding a way to disable USB around my flash writes, but tuh_deinit/init results in a panic because the DMA channel is already claimed and pio_usb_host_stop/restart don't seem to do anything other than hang.

---

[sekigon-gonnoc]

Please do not use pio_usb_host_stop / pio_usb_host_restart, as these functions are deprecated and were intended to be removed.
Similar to the custom USB stack that existed in versions prior to v0.6, disconnecting the device at the end of a frame and stopping the timer should allow flash writing to work correctly.
https://github.com/sekigon-gonnoc/Pico-PIO-USB/blob/0.6.1/src/pio_usb_host.c#L1240-L1253

[Daft-Freak]

I assume that's something that would need to be implemented and that there aren't existing functions for this?