peterdelevoryas / rpms / qemu

Forked from rpms/qemu 2 years ago
Clone
Blob Blame History Raw
From 99f6b4ed1c345b144b0f052974cb470036418020 Mon Sep 17 00:00:00 2001
From: Kevin Wolf <kwolf@redhat.com>
Date: Wed, 26 Oct 2011 11:52:47 +0200
Subject: [PATCH] ide: Fix off-by-one error in array index check
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit fb60105d4942a26f571b1be92a8b9e7528d0c4d8)

Signed-off-by: Bruce Rogers <brogers@suse.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
---
 hw/ide/core.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/ide/core.c b/hw/ide/core.c
index d145b19..9bc446e 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -1933,7 +1933,7 @@ static int ide_drive_pio_post_load(void *opaque, int version_id)
 {
     IDEState *s = opaque;
 
-    if (s->end_transfer_fn_idx > ARRAY_SIZE(transfer_end_table)) {
+    if (s->end_transfer_fn_idx >= ARRAY_SIZE(transfer_end_table)) {
         return -EINVAL;
     }
     s->end_transfer_func = transfer_end_table[s->end_transfer_fn_idx];
-- 
1.7.11.2