scsi-disk: improve out-of-range LBA detection for WRITE SAME

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
author: Paolo Bonzini <pbonzini@redhat.com> 2012-08-09 13:34:53 +0200
committer: Paolo Bonzini <pbonzini@redhat.com> 2012-08-09 15:35:45 +0200
commit: a084a703df9ab896c9d30ac479e1388e5e4cafb0 (patch)
tree: 2c5234d59101515c8180a6ea9d541d6da97df0f0 /hw/scsi-disk.c
parent: 46e3f30e3c81e23c07f16b2193dfb6928646c205 (diff)
download: qemu-a084a703df9ab896c9d30ac479e1388e5e4cafb0.tar.gz
qemu-a084a703df9ab896c9d30ac479e1388e5e4cafb0.tar.bz2
qemu-a084a703df9ab896c9d30ac479e1388e5e4cafb0.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/hw/scsi-disk.c b/hw/scsi-disk.c
index 9af9d18fad..584aec13fb 100644
--- a/hw/scsi-disk.c
+++ b/hw/scsi-disk.c
@@ -1712,7 +1712,8 @@ static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf)
             scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
             return 0;
         }
-        if (r->req.cmd.lba > s->qdev.max_lba) {
+        if (r->req.cmd.lba > r->req.cmd.lba + nb_sectors ||
+            r->req.cmd.lba + nb_sectors - 1 > s->qdev.max_lba) {
             goto illegal_lba;
         }
author	Paolo Bonzini <pbonzini@redhat.com>	2012-08-09 13:34:53 +0200
committer	Paolo Bonzini <pbonzini@redhat.com>	2012-08-09 15:35:45 +0200
commit	a084a703df9ab896c9d30ac479e1388e5e4cafb0 (patch)
tree	2c5234d59101515c8180a6ea9d541d6da97df0f0 /hw/scsi-disk.c
parent	46e3f30e3c81e23c07f16b2193dfb6928646c205 (diff)
download	qemu-a084a703df9ab896c9d30ac479e1388e5e4cafb0.tar.gz qemu-a084a703df9ab896c9d30ac479e1388e5e4cafb0.tar.bz2 qemu-a084a703df9ab896c9d30ac479e1388e5e4cafb0.zip