From e7f5ba3d995dde13369b53a61e65cb718ab585b3 Mon Sep 17 00:00:00 2001

From: Gerd Hoffmann <kraxel@redhat.com>

Date: Mon, 10 Mar 2014 14:40:49 +0100

Subject: [PATCH 01/13] xhci: fix overflow in usb_xhci_post_load

RH-Author: Gerd Hoffmann <kraxel@redhat.com>

Message-id: <1394462449-19999-2-git-send-email-kraxel@redhat.com>

Patchwork-id: 58065

O-Subject: [RHEL-7 qemu-kvm PATCH 1/1] xhci: fix overflow in usb_xhci_post_load

Bugzilla: 1074219

RH-Acked-by: Dr. David Alan Gilbert (git) <dgilbert@redhat.com>

RH-Acked-by: Radim Krcmar <rkrcmar@redhat.com>

RH-Acked-by: Juan Quintela <quintela@redhat.com>

Found by Coverity.

Reported-by: Markus Armbruster <armbru@redhat.com>

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

(cherry picked from commit f6969b9fef543da1ffa975d24f4d7b75dc369b03)

---

 hw/usb/hcd-xhci.c | 2 +-

 1 file changed, 1 insertion(+), 1 deletion(-)

Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>

---

 hw/usb/hcd-xhci.c |    2 +-

 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c

index 87ba7af..fd1bd89 100644

--- a/hw/usb/hcd-xhci.c

+++ b/hw/usb/hcd-xhci.c

@@ -3457,7 +3457,7 @@ static int usb_xhci_post_load(void *opaque, int version_id)

         slot->uport = xhci_lookup_uport(xhci, slot_ctx);

         assert(slot->uport && slot->uport->dev);

-        for (epid = 1; epid <= 32; epid++) {

+        for (epid = 1; epid <= 31; epid++) {

             pctx = slot->ctx + 32 * epid;

             xhci_dma_read_u32s(xhci, pctx, ep_ctx, sizeof(ep_ctx));

             state = ep_ctx[0] & EP_STATE_MASK;

-- 

1.7.1