From 674db8d5ac5f2095104c983bf72862ce16f630a9 Mon Sep 17 00:00:00 2001
From: iceman1001 <iceman@iuse.se>
Date: Sun, 8 Oct 2017 14:56:04 +0200
Subject: [PATCH] fix: 'hf snoop'  - buffer overflow (@satuoni)

---
 armsrc/BigBuf.c  |  5 ++++-
 armsrc/BigBuf.h  |  1 +
 armsrc/hfsnoop.c | 14 +++++++-------
 3 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/armsrc/BigBuf.c b/armsrc/BigBuf.c
index 6acb410a3..f74115232 100644
--- a/armsrc/BigBuf.c
+++ b/armsrc/BigBuf.c
@@ -124,7 +124,10 @@ uint16_t BigBuf_max_traceLen(void)
 void clear_trace() {
 	traceLen = 0;
 }
-
+void set_tracelen(uint16_t tl)
+{
+    traceLen=tl;
+}
 void set_tracing(bool enable) {
 	tracing = enable;
 }
diff --git a/armsrc/BigBuf.h b/armsrc/BigBuf.h
index 7692b8350..03066010f 100644
--- a/armsrc/BigBuf.h
+++ b/armsrc/BigBuf.h
@@ -39,6 +39,7 @@ extern void BigBuf_print_status(void);
 extern uint16_t BigBuf_get_traceLen(void);
 extern void clear_trace(void);
 extern void set_tracing(bool enable);
+extern void set_tracelen(uint16_t tl);
 extern bool RAMFUNC LogTrace(const uint8_t *btBytes, uint16_t iLen, uint32_t timestamp_start, uint32_t timestamp_end, uint8_t *parity, bool readerToTag);
 extern int LogTraceHitag(const uint8_t * btBytes, int iBits, int iSamples, uint32_t dwParity, int bReader);
 extern uint8_t emlSet(uint8_t *data, uint32_t offset, uint32_t length);
diff --git a/armsrc/hfsnoop.c b/armsrc/hfsnoop.c
index fcf8e6090..98ccd2bb7 100644
--- a/armsrc/hfsnoop.c
+++ b/armsrc/hfsnoop.c
@@ -2,6 +2,7 @@
 #include "apps.h"
 #include "BigBuf.h"
 #include "util.h"
+#include "usb_cdc.h"	// for usb_poll_validate_length
 
 static void RAMFUNC optimizedSnoop(void);
 
@@ -10,7 +11,7 @@ static void RAMFUNC optimizedSnoop(void)
 	int n = BigBuf_max_traceLen() / sizeof(uint16_t); // take all memory
 
 	uint16_t *dest = (uint16_t *)BigBuf_get_addr();
-	uint16_t *destend = dest + n;
+    uint16_t *destend = dest + n-1;
 
 	AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(16); // Setting Frame mode, 16 bits per word
 	// Reading data loop
@@ -24,6 +25,8 @@ static void RAMFUNC optimizedSnoop(void)
 	}
 	//Resetting Frame mode (First set in fpgaloader.c)
 	AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) | AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0);
+    //setting tracelen - importsnt!  it was set by buffer overflow before
+    set_tracelen( BigBuf_max_traceLen());
 }
 
 void HfSnoop(int samplesToSkip, int triggersToSkip)
@@ -41,7 +44,7 @@ void HfSnoop(int samplesToSkip, int triggersToSkip)
 	// connect Demodulated Signal to ADC:
 	SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
 	FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SNOOP);
-	SpinDelay(50);
+    SpinDelay(100);
 	
 	AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(16); // Setting Frame Mode For better performance on high speed data transfer.
 
@@ -52,15 +55,12 @@ void HfSnoop(int samplesToSkip, int triggersToSkip)
 		if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
 			r = (uint16_t)AT91C_BASE_SSC->SSC_RHR;
 			r = MAX(r & 0xff, r >> 8); 
-			if (r >= 240) 
-			{
-				
-				if (++trigger_cnt > triggersToSkip) {
+            if (r >= 180) {
+                if (++trigger_cnt > triggersToSkip)
 				break;
 			} 
 		}
 	}
-	}
 
 	if(!BUTTON_PRESS()) {
 		int waitcount = samplesToSkip; // lets wait 40000 ticks of pck0