Initialize scsi_len with zero when starting a new request, so any
stuff leftover from the previous request is cleared out. This may
happen in case the data returned by the scsi command doesn't fit
into the buffer provided by the guest.
Signed-off-by: Gerd Hoffmann <kra...@redhat.com>
---
hw/usb-msd.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/hw/usb-msd.c b/hw/usb-msd.c
index 93f4b78..bd1c3a4 100644
--- a/hw/usb-msd.c
+++ b/hw/usb-msd.c
@@ -364,6 +364,7 @@ static int usb_msd_handle_data(USBDevice *dev, USBPacket *p)
DPRINTF("Command tag 0x%x flags %08x len %d data %d\n",
s->tag, cbw.flags, cbw.cmd_len, s->data_len);
s->residue = 0;
+ s->scsi_len = 0;
s->scsi_dev->info->send_command(s->scsi_dev, s->tag, cbw.cmd, 0);
/* ??? Should check that USB and SCSI data transfer
directions match. */
--
1.7.1
