From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:44531) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aL491-0002KW-Qi for qemu-devel@nongnu.org; Mon, 18 Jan 2016 02:22:32 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aL48w-0000s9-Se for qemu-devel@nongnu.org; Mon, 18 Jan 2016 02:22:31 -0500 From: Peter Crosthwaite Date: Sun, 17 Jan 2016 23:22:17 -0800 Message-Id: <1453101737-11255-1-git-send-email-crosthwaite.peter@gmail.com> Subject: [Qemu-devel] [PATCH] misc: zynq-xadc: Fix off-by-one List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: pbonzini@redhat.com, Peter Crosthwaite , qemu-arm@nongnu.org, linux@roeck-us.net, alistair.francis@xilinx.com This bounds check was off-by-one. Fix. Reported-by: Paolo Bonzini Signed-off-by: Peter Crosthwaite --- hw/misc/zynq-xadc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/misc/zynq-xadc.c b/hw/misc/zynq-xadc.c index 1a32595..d160ff2 100644 --- a/hw/misc/zynq-xadc.c +++ b/hw/misc/zynq-xadc.c @@ -220,7 +220,7 @@ static void zynq_xadc_write(void *opaque, hwaddr offset, uint64_t val, break; } - if (xadc_reg > ZYNQ_XADC_NUM_ADC_REGS && xadc_cmd != CMD_NOP) { + if (xadc_reg >= ZYNQ_XADC_NUM_ADC_REGS && xadc_cmd != CMD_NOP) { qemu_log_mask(LOG_GUEST_ERROR, "read/write op to invalid xadc " "reg 0x%x\n", xadc_reg); break; -- 1.9.1