From ef0bdf77d7070494692cbccd80c4c8f08c85c240 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Wed, 4 May 2011 16:49:56 +0200
Subject: usb: mass storage fix

Initialize scsi_len with zero when starting a new request, so any
stuff leftover from the previous request is cleared out.  This may
happen in case the data returned by the scsi command doesn't fit
into the buffer provided by the guest.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 hw/usb-msd.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'hw/usb-msd.c')

diff --git a/hw/usb-msd.c b/hw/usb-msd.c
index 93f4b78f3c..bd1c3a415f 100644
--- a/hw/usb-msd.c
+++ b/hw/usb-msd.c
@@ -364,6 +364,7 @@ static int usb_msd_handle_data(USBDevice *dev, USBPacket *p)
             DPRINTF("Command tag 0x%x flags %08x len %d data %d\n",
                     s->tag, cbw.flags, cbw.cmd_len, s->data_len);
             s->residue = 0;
+            s->scsi_len = 0;
             s->scsi_dev->info->send_command(s->scsi_dev, s->tag, cbw.cmd, 0);
             /* ??? Should check that USB and SCSI data transfer
                directions match.  */
-- 
cgit v1.2.3