Stack smashing after thread finishes running

[sisco]

hi there,

i have a little problem with my qt software. the software uses usblib to connect to a custom made hid device. normally connecting/disconnecting the device works fine with the software detecting if the device has been connected or disconnected.

but the problem im having is the after i send data to the device with this function:

Qt Code:

Switch view

void UsbCom::sendData()
{
    mutex->lock();
    int r,transf;
    r = libusb_interrupt_transfer(devh, EP_INTR_OUT,data, 64,&transf,100);
    send = false;
    mutex->unlock();
}

void UsbCom::sendData()
{
    mutex->lock();
    int r,transf;
    r = libusb_interrupt_transfer(devh, EP_INTR_OUT,data, 64,&transf,100);
    send = false;
    mutex->unlock();
}

To copy to clipboard, switch view to plain text mode 

and the disconnecting the device gives me a stack smashing error. the callback function that detects if the device has been disconnected:

Qt Code:

Switch view

void ep_irq_in_cb(libusb_transfer *transfer)
{
    int *data = static_cast<int*>(transfer->user_data);
    if(transfer->status != LIBUSB_TRANSFER_COMPLETED)
    {
        fprintf(stderr, "uncompleted transter\n");
    }
    else
    {
        *data = 1;
    }
    if (libusb_submit_transfer(transfer) < 0)
    {
        *data = 2; //device disconnected
    }
}

void ep_irq_in_cb(libusb_transfer *transfer)
{
    int *data = static_cast<int*>(transfer->user_data);
    if(transfer->status != LIBUSB_TRANSFER_COMPLETED)
    {
        fprintf(stderr, "uncompleted transter\n");
    }
    else
    {
        *data = 1;
    }
    if (libusb_submit_transfer(transfer) < 0)
    {
        *data = 2; //device disconnected
    }
}

To copy to clipboard, switch view to plain text mode 

the loop function that uses a switch for *data

Qt Code:

Switch view

void UsbCom::run()
{
    int r;
    unsigned char temp[64];
    r = libusb_init(NULL); //initialize libusb
    send = false;
    if (r < 0)
    {
        emit error("Failed to initialize USB!");
 
    }
    if (openDevice()) //if device handle can be opened
    {
        if (detachKernel()) //if kernel driver can be detached
        {
            if (claimInterface()) //if interface can be claimed
            {
                //true
                int a = 0;
                irq_transfer = libusb_alloc_transfer(0);
                libusb_fill_interrupt_transfer(irq_transfer, devh, EP_INTR_IN, irqbuf,sizeof(irqbuf), ep_irq_in_cb, &a,10);
                libusb_submit_transfer(irq_transfer);
                emit error("2");
                while(1)
                {
                    if(send)
                    {
                        sendData();
                    }
                    if (a == 1)
                    {
                        for (int i = 0; i<128; i++)
                        {
                            temp[i] = irqbuf[i];
                        }
                        emit dataRecieved(temp);
                        a = 0;
                    }
                    if (a == 2)
                    {
                       break; //device has been disconnected so stop checking for things
                    }
                    r = libusb_handle_events(NULL);
                 }
            }
        }        
        emit error("1"); //emit signal to main thread
        libusb_close(devh); //close device handle
    }
 } //stack smashing occurs here

void UsbCom::run()
{
    int r;
    unsigned char temp[64];
    r = libusb_init(NULL); //initialize libusb
    send = false;
    if (r < 0)
    {
        emit error("Failed to initialize USB!");

    }
    if (openDevice()) //if device handle can be opened
    {
        if (detachKernel()) //if kernel driver can be detached
        {
            if (claimInterface()) //if interface can be claimed
            {
                //true
                int a = 0;
                irq_transfer = libusb_alloc_transfer(0);
                libusb_fill_interrupt_transfer(irq_transfer, devh, EP_INTR_IN, irqbuf,sizeof(irqbuf), ep_irq_in_cb, &a,10);
                libusb_submit_transfer(irq_transfer);
                emit error("2");
                while(1)
                {
                    if(send)
                    {
                        sendData();
                    }
                    if (a == 1)
                    {
                        for (int i = 0; i<128; i++)
                        {
                            temp[i] = irqbuf[i];
                        }
                        emit dataRecieved(temp);
                        a = 0;
                    }
                    if (a == 2)
                    {
                       break; //device has been disconnected so stop checking for things
                    }
                    r = libusb_handle_events(NULL);
                 }
            }
        }        
        emit error("1"); //emit signal to main thread
        libusb_close(devh); //close device handle
    }
 } //stack smashing occurs here

To copy to clipboard, switch view to plain text mode 

error output:

*** stack smashing detected ***: /home/sisco/Desktop/release/bin/Project terminated
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xb6d3cda8]
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x0)[0xb6d3cd60]
/home/sisco/Desktop/release/bin/Project[0x805e640]
[0x0]

complete error output is in the 2 attachments

i have tried finding the problem reading the code line by line for at least a million times but im pretty new to Qt and c++ so couldn't find anything. can anybody point me in the right direction on how to solve this problem?

thanks,

SIsco

[numbat]

Qt Code:

Switch view

unsigned char temp[64];
...
for (int i = 0; i<128; i++)
{
   temp&[i] = irqbuf[i];
}

unsigned char temp[64];
...
for (int i = 0; i<128; i++)
{
   temp&[i] = irqbuf[i];
}

To copy to clipboard, switch view to plain text mode 

[sisco]

much love, finnaly found it!

temp was only 64 long while irqbuff was 128.
this was driving me crazy, i cant believe i didnt see that =/