I believe there is a bug in the function HidToBufferFromHost() in UsbHid.c starting around line 836: *(pEP1 + 1) is used to get number of valid bytes in buffer, then pEP1 +=2; is incremented, and further down is again used as *(pEP1 + 1) to get bytes in the buffer at line 849, when it should be using pEP2.
//how many byte we can get from one endpoint buffer
nTmp1 = *HidReadCtrl[INTFNUM_OFFSET(intfNum)].pCT1;
if (nTmp1 & EPBCNT_NAK){
nTmp1 = nTmp1 & 0x7f; //clear NAK bit
HidReadCtrl[INTFNUM_OFFSET(intfNum)].nBytesInEp = *(pEP1 + 1); //holds how many valid bytes in the EP buffer
if (HidReadCtrl[INTFNUM_OFFSET(intfNum)].nBytesInEp > nTmp1 - 2){
HidReadCtrl[INTFNUM_OFFSET(intfNum)].nBytesInEp = nTmp1 - 2;
}
pEP1 += 2; //here starts user data
HidCopyUsbToBuff(pEP1, HidReadCtrl[INTFNUM_OFFSET(
intfNum)].pCT1,intfNum);
nTmp1 = *HidReadCtrl[INTFNUM_OFFSET(intfNum)].pCT2;
//try read data from second buffer
if ((HidReadCtrl[INTFNUM_OFFSET(intfNum)].nBytesToReceiveLeft > 0) && //do we have more data to send?
(nTmp1 & EPBCNT_NAK)){ //if the second buffer has received data?
nTmp1 = nTmp1 & 0x7f; //clear NAK bit
HidReadCtrl[INTFNUM_OFFSET(intfNum)].nBytesInEp = *(pEP1 + 1); //holds how many valid bytes in the EP buffer
if (HidReadCtrl[INTFNUM_OFFSET(intfNum)].nBytesInEp > nTmp1 - 2){
HidReadCtrl[INTFNUM_OFFSET(intfNum)].nBytesInEp = nTmp1 - 2;
}
HidReadCtrl[INTFNUM_OFFSET(intfNum)].pEP2 += 2; //here starts user data
HidCopyUsbToBuff(HidReadCtrl[INTFNUM_OFFSET(
intfNum)].pEP2,
HidReadCtrl[INTFNUM_OFFSET(intfNum)].pCT2,intfNum);
HidReadCtrl[INTFNUM_OFFSET(intfNum)].pCT1 =
HidReadCtrl[INTFNUM_OFFSET(intfNum)].pCT2;
}
}
