From: Greg Kurz <groug@kaod.org>
Date: Mon, 27 Jun 2016 16:28:15 +0000 (+0200)
Subject: spapr: fix write-past-end-of-array error in cpu core device init code
X-Git-Tag: Tizen_Studio_1.3_Release_p2.3.2~6^2~13^2~6^2~151^2~13
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=dde35bc966ef8c1afb4f4e0f3c0e99fc0f27ca04;p=sdk%2Femulator%2Fqemu.git

spapr: fix write-past-end-of-array error in cpu core device init code

This fixes a potential QEMU crash introduced by commit 3b542549661.

Signed-off-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---

diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c
index 3a5da09b99..8b802a6fcf 100644
--- a/hw/ppc/spapr_cpu_core.c
+++ b/hw/ppc/spapr_cpu_core.c
@@ -309,10 +309,9 @@ static void spapr_cpu_core_realize(DeviceState *dev, Error **errp)
     }
 
 err:
-    while (i >= 0) {
+    while (--i >= 0) {
         obj = sc->threads + i * size;
         object_unparent(obj);
-        i--;
     }
     g_free(sc->threads);
     error_propagate(errp, local_err);