Hi Sean, On Wed, 23 Mar 2022 at 16:24, Sean Anderson <sean...@gmail.com> wrote: > > sandbox_flash_bulk uses priv->read_len to determine if priv->buff contains > the response data (such as from SCSI_INQUIRY). However, if priv->fd=-1 in > handle_read, then priv->read_len is not set even though we are going to > PHASE_DATA. This causes sandbox_flash_bulk to try and read len bytes from > priv->buff, which likely goes past the end of the buffer. Fix this by always > setting priv->read_len even if we aren't going to read anything. > > Fixes: f4f715360c ("dm: usb: sandbox: Add an emulator for USB flash devices") > Signed-off-by: Sean Anderson <sean...@gmail.com> > --- > Is returning -EIO correct here? Should we return 0 (nothing read)? Or pretend > to > read the whole thing and then let the caller figure it out based on the > status?
It looks like returning an error makes sense, but Marek may know more. > > drivers/usb/emul/sandbox_flash.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) Reviewed-by: Simon Glass <s...@chromium.org> > Applied to u-boot-dm, thanks!