projects / sdk / emulator / qemu.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 515aa3c)
qxl: Slot sanity check in qxl_phys2virt() is off by one, fix
authorMarkus Armbruster <armbru@redhat.com>
Fri, 4 Nov 2011 09:34:24 +0000 (10:34 +0100)
committerGerd Hoffmann <kraxel@redhat.com>
Tue, 17 Jan 2012 15:30:57 +0000 (16:30 +0100)
Spotted by Coverity.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
hw/qxl.c patch | blob | history

diff --git a/hw/qxl.c b/hw/qxl.c
index ac81927..bdd36f9 100644 (file)
--- a/hw/qxl.c
+++ b/hw/qxl.c
@@ -1020,7 +1020,7 @@ void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, int group_id)
     case MEMSLOT_GROUP_HOST:
         return (void*)offset;
     case MEMSLOT_GROUP_GUEST:
-        PANIC_ON(slot > NUM_MEMSLOTS);
+        PANIC_ON(slot >= NUM_MEMSLOTS);
         PANIC_ON(!qxl->guest_slots[slot].active);
         PANIC_ON(offset < qxl->guest_slots[slot].delta);
         offset -= qxl->guest_slots[slot].delta;
Domain: SDK / Emulator;