a overflow loop may happens when uart_stm32_fifo_read_visitor . #80599
Description
the type of uint8_t for num_tx may overflow while size can be over 256, if the freq of cpu is relative low and uart baudrate is high, it may be stuck. the problem also appears in at least uart_stm32_fifo_fill.
Describe the bug
in zephyr/drivers/serial/uart_stm32.c, one of the function uart_stm32_fifo_read_visitor is:
static int uart_stm32_fifo_read_visitor(const struct device *dev, void *rx_data, const int size,
fifo_read_fn read_fn)
{
const struct uart_stm32_config *config = dev->config;
USART_TypeDef *usart = config->usart;
uint8_t num_rx = 0U;
while ((size - num_rx > 0) && LL_USART_IsActiveFlag_RXNE(usart)) {
/* RXNE flag will be cleared upon read from DR|RDR register */
read_fn(usart, rx_data, num_rx);
num_rx++;
/* Clear overrun error flag */
if (LL_USART_IsActiveFlag_ORE(usart)) {
LL_USART_ClearFlag_ORE(usart);
/*
* On stm32 F4X, F1X, and F2X, the RXNE flag is affected (cleared) by
* the uart_err_check function call (on errors flags clearing)
*/
}
}
return num_rx;
}To Reproduce
just use the uart_stm32.
Expected behavior
the overflow may happens in uart_stm32_fifo_read_visitor then rxdata will be wrong, and it will also cause more loops for uart read if size is large than 255.
Impact
bad data in rxdata, or loop in fifo_read
Environment (please complete the following information):
- OS: Linux
- Toolchain: arm-gcc-none-eabi