958e1b
From e7f5ba3d995dde13369b53a61e65cb718ab585b3 Mon Sep 17 00:00:00 2001
958e1b
From: Gerd Hoffmann <kraxel@redhat.com>
958e1b
Date: Mon, 10 Mar 2014 14:40:49 +0100
958e1b
Subject: [PATCH 01/13] xhci: fix overflow in usb_xhci_post_load
958e1b
958e1b
RH-Author: Gerd Hoffmann <kraxel@redhat.com>
958e1b
Message-id: <1394462449-19999-2-git-send-email-kraxel@redhat.com>
958e1b
Patchwork-id: 58065
958e1b
O-Subject: [RHEL-7 qemu-kvm PATCH 1/1] xhci: fix overflow in usb_xhci_post_load
958e1b
Bugzilla: 1074219
958e1b
RH-Acked-by: Dr. David Alan Gilbert (git) <dgilbert@redhat.com>
958e1b
RH-Acked-by: Radim Krcmar <rkrcmar@redhat.com>
958e1b
RH-Acked-by: Juan Quintela <quintela@redhat.com>
958e1b
958e1b
Found by Coverity.
958e1b
958e1b
Reported-by: Markus Armbruster <armbru@redhat.com>
958e1b
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
958e1b
(cherry picked from commit f6969b9fef543da1ffa975d24f4d7b75dc369b03)
958e1b
---
958e1b
 hw/usb/hcd-xhci.c | 2 +-
958e1b
 1 file changed, 1 insertion(+), 1 deletion(-)
958e1b
958e1b
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
958e1b
---
958e1b
 hw/usb/hcd-xhci.c |    2 +-
958e1b
 1 files changed, 1 insertions(+), 1 deletions(-)
958e1b
958e1b
diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
958e1b
index 87ba7af..fd1bd89 100644
958e1b
--- a/hw/usb/hcd-xhci.c
958e1b
+++ b/hw/usb/hcd-xhci.c
958e1b
@@ -3457,7 +3457,7 @@ static int usb_xhci_post_load(void *opaque, int version_id)
958e1b
         slot->uport = xhci_lookup_uport(xhci, slot_ctx);
958e1b
         assert(slot->uport && slot->uport->dev);
958e1b
 
958e1b
-        for (epid = 1; epid <= 32; epid++) {
958e1b
+        for (epid = 1; epid <= 31; epid++) {
958e1b
             pctx = slot->ctx + 32 * epid;
958e1b
             xhci_dma_read_u32s(xhci, pctx, ep_ctx, sizeof(ep_ctx));
958e1b
             state = ep_ctx[0] & EP_STATE_MASK;
958e1b
-- 
958e1b
1.7.1
958e1b