From 65c7dfb2eed2cab535de32a19220870d7f6d2f79 Mon Sep 17 00:00:00 2001
From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
Date: Sat, 6 Sep 2025 02:53:30 -0500
Subject: [PATCH] Fix dynamic SCSI buffer window sizing causing SEGV

---
 src/include/86box/scsi_disk.h | 1 +
 src/scsi/scsi_disk.c          | 9 ++++++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/include/86box/scsi_disk.h b/src/include/86box/scsi_disk.h
index 293cc35e6..2d2371172 100644
--- a/src/include/86box/scsi_disk.h
+++ b/src/include/86box/scsi_disk.h
@@ -29,6 +29,7 @@ typedef struct scsi_disk_t {
     void *             log;
 
     uint8_t *          temp_buffer;
+    size_t             temp_buffer_sz;
     uint8_t            atapi_cdb[16];
     uint8_t            current_cdb[16];
     uint8_t            sense[256];
diff --git a/src/scsi/scsi_disk.c b/src/scsi/scsi_disk.c
index 8c09a30a1..bfa8b42cf 100644
--- a/src/scsi/scsi_disk.c
+++ b/src/scsi/scsi_disk.c
@@ -623,8 +623,15 @@ static void
 scsi_disk_buf_alloc(scsi_disk_t *dev, uint32_t len)
 {
     scsi_disk_log(dev->log, "Allocated buffer length: %i\n", len);
-    if (dev->temp_buffer == NULL)
+    if (dev->temp_buffer == NULL) {
         dev->temp_buffer = (uint8_t *) malloc(len);
+        dev->temp_buffer_sz = len;
+    }
+    if (len > dev->temp_buffer_sz) {
+        uint8_t *buf = (uint8_t *) realloc(dev->temp_buffer, len);
+        dev->temp_buffer = buf;
+        dev->temp_buffer_sz = len;
+    }
 }
 
 static void