From 9738c657208800298a7d68272b861fb2dc49fee1 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Sat, 6 Mar 2021 11:24:12 +0100 Subject: scsi-generic: do not snoop the output of failed commands If a READ CAPACITY command would fail, for example s->qdev.blocksize would be set to zero and cause a division by zero on the next use. Signed-off-by: Paolo Bonzini --- hw/scsi/scsi-generic.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'hw/scsi') diff --git a/hw/scsi/scsi-generic.c b/hw/scsi/scsi-generic.c index cf7e11cf44..f9fd2ccfdd 100644 --- a/hw/scsi/scsi-generic.c +++ b/hw/scsi/scsi-generic.c @@ -288,7 +288,10 @@ static void scsi_read_complete(void * opaque, int ret) } } - if (len == 0) { + if (r->io_header.host_status != SCSI_HOST_OK || + (r->io_header.driver_status & SG_ERR_DRIVER_TIMEOUT) || + r->io_header.status != GOOD || + len == 0) { scsi_command_complete_noio(r, 0); goto done; } -- cgit v1.2.3-55-g7522