Hi Sean,
On Wed, 23 Mar 2022 at 16:24, Sean Anderson seanga2@gmail.com wrote:
sandbox_flash_bulk uses priv->read_len to determine if priv->buff contains the response data (such as from SCSI_INQUIRY). However, if priv->fd=-1 in handle_read, then priv->read_len is not set even though we are going to PHASE_DATA. This causes sandbox_flash_bulk to try and read len bytes from priv->buff, which likely goes past the end of the buffer. Fix this by always setting priv->read_len even if we aren't going to read anything.
Fixes: f4f715360c ("dm: usb: sandbox: Add an emulator for USB flash devices") Signed-off-by: Sean Anderson seanga2@gmail.com
Is returning -EIO correct here? Should we return 0 (nothing read)? Or pretend to read the whole thing and then let the caller figure it out based on the status?
It looks like returning an error makes sense, but Marek may know more.
drivers/usb/emul/sandbox_flash.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)
Reviewed-by: Simon Glass sjg@chromium.org
Applied to u-boot-dm, thanks!