On 11/18/21 11:03, Mark Cave-Ayland wrote: > If a reset command is sent after data has been transferred into the SCSI > buffer > ensure that async_len is reset to 0. Otherwise a subsequent TI command assumes > the SCSI buffer contains data to be transferred to the device causing it to > dereference the stale async_buf pointer. > > Signed-off-by: Mark Cave-Ayland <[email protected]> > Fixes: https://gitlab.com/qemu-project/qemu/-/issues/724 > --- > hw/scsi/esp.c | 1 + > 1 file changed, 1 insertion(+)
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
