peterdelevoryas / rpms / qemu

Forked from rpms/qemu 2 years ago
Clone

Blame 0209-ide-Fix-off-by-one-error-in-array-index-check.patch

cd9d16
From 99f6b4ed1c345b144b0f052974cb470036418020 Mon Sep 17 00:00:00 2001
cd9d16
From: Kevin Wolf <kwolf@redhat.com>
cd9d16
Date: Wed, 26 Oct 2011 11:52:47 +0200
cd9d16
Subject: [PATCH] ide: Fix off-by-one error in array index check
cd9d16
MIME-Version: 1.0
cd9d16
Content-Type: text/plain; charset=UTF-8
cd9d16
Content-Transfer-Encoding: 8bit
cd9d16
cd9d16
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
cd9d16
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
cd9d16
(cherry picked from commit fb60105d4942a26f571b1be92a8b9e7528d0c4d8)
cd9d16
cd9d16
Signed-off-by: Bruce Rogers <brogers@suse.com>
cd9d16
Signed-off-by: Andreas Färber <afaerber@suse.de>
cd9d16
---
cd9d16
 hw/ide/core.c | 2 +-
cd9d16
 1 file changed, 1 insertion(+), 1 deletion(-)
cd9d16
cd9d16
diff --git a/hw/ide/core.c b/hw/ide/core.c
cd9d16
index d145b19..9bc446e 100644
cd9d16
--- a/hw/ide/core.c
cd9d16
+++ b/hw/ide/core.c
cd9d16
@@ -1933,7 +1933,7 @@ static int ide_drive_pio_post_load(void *opaque, int version_id)
cd9d16
 {
cd9d16
     IDEState *s = opaque;
cd9d16
 
cd9d16
-    if (s->end_transfer_fn_idx > ARRAY_SIZE(transfer_end_table)) {
cd9d16
+    if (s->end_transfer_fn_idx >= ARRAY_SIZE(transfer_end_table)) {
cd9d16
         return -EINVAL;
cd9d16
     }
cd9d16
     s->end_transfer_func = transfer_end_table[s->end_transfer_fn_idx];
cd9d16
-- 
cd9d16
1.7.11.2
cd9d16