On Tue, Mar 11, 2025 at 7:12 AM Alan Stern <stern@xxxxxxxxxxxxxxxxxxx> wrote: > > On Tue, Mar 11, 2025 at 04:41:11PM +0800, Xin Dai wrote: > > When the DWC2 controller detects a packet Babble Error, where a device > > transmits more data over USB than the host controller anticipates for a > > transaction. It follows this process: > > > There is no risk of memory overflow. The length of the transfer for the > CSW is limited to US_BULK_CS_WRAP_LEN, which is 13. And the length of a > CBW transfer is limited to US_BULK_CB_WRAP_LEN, which is 31 (or to 32 > if the US_FL_BULK32 quirk flag is set). Therefore a 64-byte buffer is > more than enough. There is no risk of memory overflow *unless* the DWC controller doesn't respect the buffer length as given in the URB. If there is an overflow issue here, it is an issue with the controller level. Matt -- Matthew Dharm Former Maintainer, USB Mass Storage driver for Linux
