From: j_mayer <j_mayer@c046a42c-6fe2-441c-8c8c-71466251a162>
Date: Sun, 4 Nov 2007 17:17:08 +0000 (+0000)
Subject: Fix memory corruption: bdrv_read/write API has been changed to take
X-Git-Tag: xen-3.3.0-rc1~827
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=d6c1a327a94437f0ed74ba970b97fd962462bc77;p=qemu-xen-3.3-testing.git

Fix memory corruption: bdrv_read/write API has been changed to take
  nb_sectors instead of len in bytes but the fdc driver has never been fixed.


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3532 c046a42c-6fe2-441c-8c8c-71466251a162
---

diff --git a/hw/fdc.c b/hw/fdc.c
index c6e2362d..db76acb9 100644
--- a/hw/fdc.c
+++ b/hw/fdc.c
@@ -1213,8 +1213,7 @@ static uint32_t fdctrl_read_data (fdctrl_t *fdctrl)
             len = fdctrl->data_len - fdctrl->data_pos;
             if (len > FD_SECTOR_LEN)
                 len = FD_SECTOR_LEN;
-            bdrv_read(cur_drv->bs, fd_sector(cur_drv),
-                      fdctrl->fifo, len);
+            bdrv_read(cur_drv->bs, fd_sector(cur_drv), fdctrl->fifo, 1);
         }
     }
     retval = fdctrl->fifo[pos];
@@ -1321,8 +1320,7 @@ static void fdctrl_write_data (fdctrl_t *fdctrl, uint32_t value)
         fdctrl->fifo[fdctrl->data_pos++] = value;
         if (fdctrl->data_pos % FD_SECTOR_LEN == (FD_SECTOR_LEN - 1) ||
             fdctrl->data_pos == fdctrl->data_len) {
-            bdrv_write(cur_drv->bs, fd_sector(cur_drv),
-                       fdctrl->fifo, FD_SECTOR_LEN);
+            bdrv_write(cur_drv->bs, fd_sector(cur_drv), fdctrl->fifo, 1);
         }
         /* Switch from transfer mode to status mode
          * then from status mode to command mode