From: pbrook <pbrook@c046a42c-6fe2-441c-8c8c-71466251a162>
Date: Sun, 6 Aug 2006 11:31:06 +0000 (+0000)
Subject: Fix SCSI off-by-one device size.
X-Git-Tag: release_0_9_0~311
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=51c1ebb1bc2642296379a8db1ba9dfb4f78a2f80;p=thirdparty%2Fqemu.git

Fix SCSI off-by-one device size.


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@2091 c046a42c-6fe2-441c-8c8c-71466251a162
---

diff --git a/hw/scsi-disk.c b/hw/scsi-disk.c
index decab1f42b9..f545c89c227 100644
--- a/hw/scsi-disk.c
+++ b/hw/scsi-disk.c
@@ -348,15 +348,21 @@ int32_t scsi_send_command(SCSIDevice *s, uint32_t tag, uint8_t *buf, int lun)
         /* The normal LEN field for this command is zero.  */
 	memset(s->buf, 0, 8);
 	bdrv_get_geometry(s->bdrv, &nb_sectors);
-	s->buf[0] = (nb_sectors >> 24) & 0xff;
-	s->buf[1] = (nb_sectors >> 16) & 0xff;
-	s->buf[2] = (nb_sectors >> 8) & 0xff;
-	s->buf[3] = nb_sectors & 0xff;
-	s->buf[4] = 0;
-	s->buf[5] = 0;
-        s->buf[6] = s->cluster_size * 2;
-	s->buf[7] = 0;
-	s->buf_len = 8;
+        /* Returned value is the address of the last sector.  */
+        if (nb_sectors) {
+            nb_sectors--;
+            s->buf[0] = (nb_sectors >> 24) & 0xff;
+            s->buf[1] = (nb_sectors >> 16) & 0xff;
+            s->buf[2] = (nb_sectors >> 8) & 0xff;
+            s->buf[3] = nb_sectors & 0xff;
+            s->buf[4] = 0;
+            s->buf[5] = 0;
+            s->buf[6] = s->cluster_size * 2;
+            s->buf[7] = 0;
+            s->buf_len = 8;
+        } else {
+            scsi_command_complete(s, SENSE_NOT_READY);
+        }
 	break;
     case 0x08:
     case 0x28: