PN533 easily corrupts its USB descriptors. We know that and we
already try to detect and even repair them.
However there are situations where lower software layers get
confused before libnfc can help. On Windows, libusb may set
dev->config to NULL, but we can also have a non NULL dev->config
referencing corrupted data.
In order to get more robust, let us replace the Windows libusb
specific (dev->config == NULL) test by an inconditionnal use of
hardcoded descriptors when they are available.
The problem occurs in the following succession of events:
* Emit commands returning an answer larger than 16 bytes
* Re-enumerate USB devices without power cycle, e.g. a warm reboot of the PC
The bug can be reproduced for testing purposes with usbreset.c from
https://askubuntu.com/questions/645/how-do-you-reset-a-usb-device-from-the-command-line#661
$ lsusb|grep NFC
Bus 001 Device 010: ID 04e6:5591 SCM Microsystems, Inc. SCL3711-NFC&RW
$ sudo ./usbreset /dev/bus/usb/001/010
Resetting USB device /dev/bus/usb/001/010
Reset successful
$ echo -e "4a 01 00\n423000" |pn53x-tamashell
$ sudo ./usbreset /dev/bus/usb/001/010
Resetting USB device /dev/bus/usb/001/010
Error in ioctl: No such device
$ lsusb|grep NFC
... device disappeared
In the example above, reading 4 pages of a MFUL corrupted one single byte.
The entire buffer can be corrupted e.g. with fast-reading a MFUL EV1:
$ echo -e "4a 01 00\n423a0013"|pn53x-tamashell
The problem occurs in the following succession of events:
* Emit commands larger than 17 bytes
* Re-enumerate USB devices without power cycle, e.g. a warm reboot of the PC
The bug can be reproduced for testing purposes with usbreset.c from
https://askubuntu.com/questions/645/how-do-you-reset-a-usb-device-from-the-command-line#661
$ lsusb|grep NFC
Bus 001 Device 010: ID 04e6:5591 SCM Microsystems, Inc. SCL3711-NFC&RW
$ sudo ./usbreset /dev/bus/usb/001/010
Resetting USB device /dev/bus/usb/001/010
Reset successful
$ echo 06000000000000000000000000000000000000 |pn53x-tamashell
$ sudo ./usbreset /dev/bus/usb/001/010
Resetting USB device /dev/bus/usb/001/010
Error in ioctl: No such device
$ lsusb|grep NFC
... device disappeared
After a DESfire operation SCL3711 will sometimes enter a state where
libusb-0.x is unable to fill config field in struct usb_device. The
USB device has to be power-cycled to restore a sane state.
This introduce a work around, by using hardcoded values for endpoints
and packet size when they are unavailable.
Problem reported by Coverity:
CID 1090322 (#1 of 1): Unchecked return value (CHECKED_RETURN)
unchecked_value: No check of the return value of "pn53x_build_frame(abtFrame, &szFrame, pbtData, szData)".
- Fixed the suppression of the auto-fixup for linking against MS built libs
- Fixed all the formatting warnings by shifting to inttypes.h specifiers
- shifted to %lu for DWORD printf
Now call only once usb_init(); usb_find_busses(); usb_find_devices()
instead of multiple calls in several scan() then open()
This fixes the following leaks:
==1159== 8 bytes in 1 blocks are definitely lost in loss record 9 of 102
==1159== at 0x4C28BED: malloc (vg_replace_malloc.c:263)
==1159== by 0x53D9931: usb_parse_configuration (in /lib/x86_64-linux-gnu/libusb-0.1.so.4.4.4)
==1159== by 0x53DB8B1: usb_os_find_devices (in /lib/x86_64-linux-gnu/libusb-0.1.so.4.4.4)
==1159== by 0x53D8FDC: usb_find_devices (in /lib/x86_64-linux-gnu/libusb-0.1.so.4.4.4)
==1159== by 0x4E41D79: pn53x_usb_scan (in /usr/lib/x86_64-linux-gnu/libnfc.so.4.0.0)
==1159==
==1159== 8 bytes in 1 blocks are definitely lost in loss record 10 of 102
==1159== at 0x4C28BED: malloc (vg_replace_malloc.c:263)
==1159== by 0x53D9931: usb_parse_configuration (in /lib/x86_64-linux-gnu/libusb-0.1.so.4.4.4)
==1159== by 0x53DB8B1: usb_os_find_devices (in /lib/x86_64-linux-gnu/libusb-0.1.so.4.4.4)
==1159== by 0x53D8FDC: usb_find_devices (in /lib/x86_64-linux-gnu/libusb-0.1.so.4.4.4)
==1159== by 0x4E42CC7: pn53x_usb_open (in /usr/lib/x86_64-linux-gnu/libnfc.so.4.0.0)
==1159== by 0x4E351E6: nfc_open (in /usr/lib/x86_64-linux-gnu/libnfc.so.4.0.0)
- Rename nfc-probe to nfc-scan-device
- Rename internal drivers function prototypes: _probe to _scan
- Revamp _scan function prototype: it now returns device found count
- New nfc_device_get_information_about()
- Moved nfc-utils function str_nfc_baud_rate()
- New str_nfc_modulation_type()
- Add new device_get_information_about callback to nfc_driver struct
- Export new symbols
- Changed internal pn53x firmware text handling: we now store firmware text for further operations
- print_nfc_target() now uses str_nfc_* functions
- nfc-probe util now have a verbose which display information on detected devices (Fix verbose set but not used warning ;-) )
pn53x_usb.c:94: warning: no previous prototype for ‘pn53x_usb_bulk_read’
pn53x_usb.c:107: warning: no previous prototype for ‘pn53x_usb_bulk_write’
pn53x_usb.c:139: warning: no previous prototype for ‘pn53x_usb_get_device_model’
pn53x_usb.c:154: warning: no previous prototype for ‘pn53x_usb_get_end_points’
pn53x_usb.c:259: warning: no previous prototype for ‘pn53x_usb_connstring_decode’
pn53x_usb.c:713: warning: no previous prototype for ‘pn53x_usb_set_property_bool’
pn53x_usb.c:742: warning: no previous prototype for ‘pn53x_usb_abort_command’
