Serious bug corrupts heap in T3 beta7

I have now narrowed this problem to usb_isr().

I attached leds to Teensy pins 8 and 9 in addition to using the pin 13 led.

I fill the region from _ebss to _estack with 0X55555555.

I modified usb_isr to check memory on entry and exit.

The result is that memory is overwritten during the execution of usb_isr(). This is indicated by the digitalWrite(13, 1) being executed in the usb_isr as shown below.

Here is the diff for usb_dev.c
Code:
diff -ur org/usb_dev.c mod/usb_dev.c
--- org/usb_dev.c	Tue Nov  6 16:49:58 2012
+++ mod/usb_dev.c	Sat Nov 10 07:48:28 2012
@@ -2,7 +2,7 @@
 //#include "HardwareSerial.h"
 #include "usb_dev.h"
 #include "usb_mem.h"
-
+extern int dbgBadMem();/////////////////////////////////////////////////////////////////
 // buffer descriptor table
 
 typedef struct {
@@ -592,7 +592,10 @@
 void usb_isr(void)
 {
 	uint8_t status, stat, t;
-
+  if (dbgBadMem()) {///////////////////////////////////////////////////////////////////
+    digitalWrite(8 ,1);
+    while(1);
+  }///////////////////////////////////////////////////////////////////////////////////
 	//serial_print("isr");
 	//status = USB0_ISTAT;
 	//serial_phex(status);
@@ -764,6 +767,10 @@
 
 		// is this necessary?
 		USB0_CTL = USB_CTL_USBENSOFEN;
+    if (dbgBadMem()) {///////////////////////////////////////////////////////////////////
+      digitalWrite(9,1);
+      while(1);
+    }///////////////////////////////////////////////////////////////////////////////////
 		return;
 	}
 
@@ -786,7 +793,10 @@
 		//serial_print("sleep\n");
 		USB0_ISTAT = USB_ISTAT_SLEEP;
 	}
-
+  if (dbgBadMem()) {///////////////////////////////////////////////////////////////////
+    digitalWrite(13,1);
+    while(1);
+  }///////////////////////////////////////////////////////////////////////////////////
 }

Here is dbgBadMem()
Code:
int dbgBadMem() {
  unsigned *p = &_ebss;
  int i;
  for (i = 0; i < 200; i++) {
    if (p[i] != 0X55555555) return 1;
  }
  return 0;
}
 
Back
Top