24057fe0a8
sandbox_flash_bulk uses priv->read_len to determine if priv->buff contains
the response data (such as from SCSI_INQUIRY). However, if priv->fd=-1 in
handle_read, then priv->read_len is not set even though we are going to
PHASE_DATA. This causes sandbox_flash_bulk to try and read len bytes from
priv->buff, which likely goes past the end of the buffer. Fix this by always
setting priv->read_len even if we aren't going to read anything.
Fixes:
|
||
---|---|---|
.. | ||
Kconfig | ||
Makefile | ||
sandbox_flash.c | ||
sandbox_hub.c | ||
sandbox_keyb.c | ||
usb-emul-uclass.c |