From e5f676d9b5ef77b8eff01a20b16431aef4af956f Mon Sep 17 00:00:00 2001
From: OBattler <oubattler@gmail.com>
Date: Thu, 13 Jun 2024 19:21:37 +0200
Subject: [PATCH] CD-ROM: Actually set the format variable of
 GPCMD_READ_DVD_STRUCTURE to cdb[7], fixes heap corruptions due to the format
 incorrectly mismatching the given buffer lengths, fixes #4522 .

---
 src/scsi/scsi_cdrom.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/scsi/scsi_cdrom.c b/src/scsi/scsi_cdrom.c
index 262d9600c..f6e4b9cf6 100644
--- a/src/scsi/scsi_cdrom.c
+++ b/src/scsi/scsi_cdrom.c
@@ -3000,6 +3000,7 @@ begin:
 
             if ((cdb[7] <= 0x7f) || (cdb[7] == 0xff)) {
                 if (cdb[1] == 0) {
+                    format         = cdb[7];
                     ret            = scsi_cdrom_read_dvd_structure(dev, format, cdb, dev->buffer);
                     dev->buffer[0] = (ret >> 8);
                     dev->buffer[1] = (ret & 0xff);