>> The '40' should have been the second TD; instead >> the FF is used, incorrectly. > > The second TD? There is only one here, T0 = 0x95 & 0xf0 >> 4 = b1001
Yes, sorry, I should not have capitalized TD in my comment. The code uses the variable 'td' to hold the upper 4 bits of T0, and then, if present, the upper 4 bits of TD1. So what is read imprecisely is the upper 4 bits of TD1. I don't know qemu patch protocol; that seems like a very minor detail in the comment; does it justify a resubmit? > >> >> Signed-off-by: Jeremy White <jwh...@codeweavers.com> >> --- >> hw/usb/ccid-card-passthru.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/hw/usb/ccid-card-passthru.c b/hw/usb/ccid-card-passthru.c >> index 10f1d30..2ae3b81 100644 >> --- a/hw/usb/ccid-card-passthru.c >> +++ b/hw/usb/ccid-card-passthru.c >> @@ -168,8 +168,8 @@ static int check_atr(PassthruState *card, uint8_t *data, >> int len) >> opt_bytes++; >> } >> if (td & 0x8) { >> - opt_bytes++; >> td = data[opt_bytes + 2] >> 4; >> + opt_bytes++; >> } >> } >> if (len < 2 + historical_length + opt_bytes) { >> -- >> 1.7.10.4 >> >> > > That looks correct, opt_bytes before incrementing points to the current TD. > > Reviewed-by: Marc-André Lureau <marcandre.lur...@redhat.com> >