>> The '40' should have been the second TD; instead
>> the FF is used, incorrectly.
>
> The second TD? There is only one here, T0 = 0x95 & 0xf0 >> 4 = b1001
Yes, sorry, I should not have capitalized TD in my comment. The code
uses the variable 'td' to hold the upper 4 bits of T0, and then, if
present, the upper 4 bits of TD1. So what is read imprecisely is the
upper 4 bits of TD1.
I don't know qemu patch protocol; that seems like a very minor detail in
the comment; does it justify a resubmit?
>
>>
>> Signed-off-by: Jeremy White <jwh...@codeweavers.com>
>> ---
>> hw/usb/ccid-card-passthru.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/hw/usb/ccid-card-passthru.c b/hw/usb/ccid-card-passthru.c
>> index 10f1d30..2ae3b81 100644
>> --- a/hw/usb/ccid-card-passthru.c
>> +++ b/hw/usb/ccid-card-passthru.c
>> @@ -168,8 +168,8 @@ static int check_atr(PassthruState *card, uint8_t *data,
>> int len)
>> opt_bytes++;
>> }
>> if (td & 0x8) {
>> - opt_bytes++;
>> td = data[opt_bytes + 2] >> 4;
>> + opt_bytes++;
>> }
>> }
>> if (len < 2 + historical_length + opt_bytes) {
>> --
>> 1.7.10.4
>>
>>
>
> That looks correct, opt_bytes before incrementing points to the current TD.
>
> Reviewed-by: Marc-André Lureau <marcandre.lur...@redhat.com>
>
