From 51c1ebb1bc2642296379a8db1ba9dfb4f78a2f80 Mon Sep 17 00:00:00 2001
From: pbrook <pbrook@c046a42c-6fe2-441c-8c8c-71466251a162>
Date: Sun, 6 Aug 2006 11:31:06 +0000
Subject: Fix SCSI off-by-one device size.

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@2091 c046a42c-6fe2-441c-8c8c-71466251a162
---
 hw/scsi-disk.c | 24 +++++++++++++++---------
 1 file changed, 15 insertions(+), 9 deletions(-)

(limited to 'hw/scsi-disk.c')

diff --git a/hw/scsi-disk.c b/hw/scsi-disk.c
index decab1f..f545c89 100644
--- a/hw/scsi-disk.c
+++ b/hw/scsi-disk.c
@@ -348,15 +348,21 @@ int32_t scsi_send_command(SCSIDevice *s, uint32_t tag, uint8_t *buf, int lun)
         /* The normal LEN field for this command is zero.  */
 	memset(s->buf, 0, 8);
 	bdrv_get_geometry(s->bdrv, &nb_sectors);
-	s->buf[0] = (nb_sectors >> 24) & 0xff;
-	s->buf[1] = (nb_sectors >> 16) & 0xff;
-	s->buf[2] = (nb_sectors >> 8) & 0xff;
-	s->buf[3] = nb_sectors & 0xff;
-	s->buf[4] = 0;
-	s->buf[5] = 0;
-        s->buf[6] = s->cluster_size * 2;
-	s->buf[7] = 0;
-	s->buf_len = 8;
+        /* Returned value is the address of the last sector.  */
+        if (nb_sectors) {
+            nb_sectors--;
+            s->buf[0] = (nb_sectors >> 24) & 0xff;
+            s->buf[1] = (nb_sectors >> 16) & 0xff;
+            s->buf[2] = (nb_sectors >> 8) & 0xff;
+            s->buf[3] = nb_sectors & 0xff;
+            s->buf[4] = 0;
+            s->buf[5] = 0;
+            s->buf[6] = s->cluster_size * 2;
+            s->buf[7] = 0;
+            s->buf_len = 8;
+        } else {
+            scsi_command_complete(s, SENSE_NOT_READY);
+        }
 	break;
     case 0x08:
     case 0x28:
-- 
cgit v1.1