From: Markus Armbruster <armbru@redhat.com>
Date: Fri, 4 Nov 2011 09:34:24 +0000 (+0100)
Subject: qxl: Slot sanity check in qxl_phys2virt() is off by one, fix
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=6b7332eb4013fec6ad294115ab889d77d4463624;p=qemu.git

qxl: Slot sanity check in qxl_phys2virt() is off by one, fix

Spotted by Coverity.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---

diff --git a/hw/qxl.c b/hw/qxl.c
index ac819271b2..bdd36f9d06 100644
--- a/hw/qxl.c
+++ b/hw/qxl.c
@@ -1020,7 +1020,7 @@ void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, int group_id)
     case MEMSLOT_GROUP_HOST:
         return (void*)offset;
     case MEMSLOT_GROUP_GUEST:
-        PANIC_ON(slot > NUM_MEMSLOTS);
+        PANIC_ON(slot >= NUM_MEMSLOTS);
         PANIC_ON(!qxl->guest_slots[slot].active);
         PANIC_ON(offset < qxl->guest_slots[slot].delta);
         offset -= qxl->guest_slots[slot].delta;