From e7f5ba3d995dde13369b53a61e65cb718ab585b3 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Mon, 10 Mar 2014 14:40:49 +0100
Subject: [PATCH 01/13] xhci: fix overflow in usb_xhci_post_load

RH-Author: Gerd Hoffmann <kraxel@redhat.com>
Message-id: <1394462449-19999-2-git-send-email-kraxel@redhat.com>
Patchwork-id: 58065
O-Subject: [RHEL-7 qemu-kvm PATCH 1/1] xhci: fix overflow in usb_xhci_post_load
Bugzilla: 1074219
RH-Acked-by: Dr. David Alan Gilbert (git) <dgilbert@redhat.com>
RH-Acked-by: Radim Krcmar <rkrcmar@redhat.com>
RH-Acked-by: Juan Quintela <quintela@redhat.com>

Found by Coverity.

Reported-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit f6969b9fef543da1ffa975d24f4d7b75dc369b03)
---
 hw/usb/hcd-xhci.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
 hw/usb/hcd-xhci.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
index 87ba7af..fd1bd89 100644
--- a/hw/usb/hcd-xhci.c
+++ b/hw/usb/hcd-xhci.c
@@ -3457,7 +3457,7 @@ static int usb_xhci_post_load(void *opaque, int version_id)
         slot->uport = xhci_lookup_uport(xhci, slot_ctx);
         assert(slot->uport && slot->uport->dev);
 
-        for (epid = 1; epid <= 32; epid++) {
+        for (epid = 1; epid <= 31; epid++) {
             pctx = slot->ctx + 32 * epid;
             xhci_dma_read_u32s(xhci, pctx, ep_ctx, sizeof(ep_ctx));
             state = ep_ctx[0] & EP_STATE_MASK;
-- 
1.7.1