From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1EVxKY-0007V3-HV
	for qemu-devel@nongnu.org; Sat, 29 Oct 2005 16:29:34 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1EVxKW-0007UZ-Vp
	for qemu-devel@nongnu.org; Sat, 29 Oct 2005 16:29:34 -0400
Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1EVxKW-0007UW-T1
	for qemu-devel@nongnu.org; Sat, 29 Oct 2005 16:29:32 -0400
Received: from [65.74.133.11] (helo=mail.codesourcery.com)
	by monty-python.gnu.org with esmtp
	(TLS-1.0:DHE_RSA_3DES_EDE_CBC_SHA:24) (Exim 4.34) id 1EVxKW-0007n1-Ny
	for qemu-devel@nongnu.org; Sat, 29 Oct 2005 16:29:33 -0400
From: Paul Brook <paul@codesourcery.com>
Date: Sat, 29 Oct 2005 21:29:28 +0100
MIME-Version: 1.0
Content-Type: Multipart/Mixed;
  boundary="Boundary-00=_ou9YDOBUEUcHyLl"
Message-Id: <200510292129.28691.paul@codesourcery.com>
Subject: [Qemu-devel] [parch] Incorrect IO index overflow check
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

--Boundary-00=_ou9YDOBUEUcHyLl
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

The attached patch fixes an incorrect overflow check in 
cpu_register_io_memory.

Paul

--Boundary-00=_ou9YDOBUEUcHyLl
Content-Type: text/x-diff; charset="us-ascii"; name="patch.qemu_io_overflow"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
	filename="patch.qemu_io_overflow"

Index: exec.c
===================================================================
RCS file: /cvsroot/qemu/qemu/exec.c,v
retrieving revision 1.65
diff -u -p -r1.65 exec.c
--- exec.c	3 Sep 2005 10:49:04 -0000	1.65
+++ exec.c	29 Oct 2005 20:25:10 -0000
@@ -2095,14 +2095,11 @@ int cpu_register_io_memory(int io_index,
     int i;
 
     if (io_index <= 0) {
-        if (io_index >= IO_MEM_NB_ENTRIES)
-            return -1;
         io_index = io_mem_nb++;
-    } else {
-        if (io_index >= IO_MEM_NB_ENTRIES)
-            return -1;
     }
-    
+    if (io_index >= IO_MEM_NB_ENTRIES)
+        return -1;
+
     for(i = 0;i < 3; i++) {
         io_mem_read[io_index][i] = mem_read[i];
         io_mem_write[io_index][i] = mem_write[i];

--Boundary-00=_ou9YDOBUEUcHyLl--