usb: mass storage fix

Message ID
State New
Headers show

Commit Message

Gerd Hoffmann May 10, 2011, 9:08 a.m.
Initialize scsi_len with zero when starting a new request, so any
stuff leftover from the previous request is cleared out.  This may
happen in case the data returned by the scsi command doesn't fit
into the buffer provided by the guest.

Signed-off-by: Gerd Hoffmann <>
(cherry picked from commit ef0bdf77d7070494692cbccd80c4c8f08c85c240)
 hw/usb-msd.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)


diff --git a/hw/usb-msd.c b/hw/usb-msd.c
index 76f5b02..d73216e 100644
--- a/hw/usb-msd.c
+++ b/hw/usb-msd.c
@@ -364,6 +364,7 @@  static int usb_msd_handle_data(USBDevice *dev, USBPacket *p)
             DPRINTF("Command tag 0x%x flags %08x len %d data %d\n",
                     s->tag, cbw.flags, cbw.cmd_len, s->data_len);
             s->residue = 0;
+            s->scsi_len = 0;
             s->scsi_dev->info->send_command(s->scsi_dev, s->tag, cbw.cmd, 0);
             /* ??? Should check that USB and SCSI data transfer
                directions match.  */