On 11/12/20 09:32, Wenxiang Qian wrote:
+ The lba is set to -1 to avoid some code paths, to make PoC simpler.
void ide_atapi_cmd_reply_end(IDEState *s)
{
int byte_count_limit, size, ret;
while (s->packet_transfer_size > 0) {
.....
if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
<----- set lba to -1 to avoid this part
.....
}
if (s->elementary_transfer_size > 0) {
......
} else {
.......
if (s->lba != -1) { <-----
if (size > (s->cd_sector_size - s->io_buffer_index))
size = (s->cd_sector_size - s->io_buffer_index);
<-----
}
}
If the lba is not -1, I don't think bad things can happen on this path.
Am I wrong?
Paolo
