xhci: fix overflow in usb_xhci_post_load

Found by Coverity.

Reported-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
index 0fa814ee09cbb49b13a5ae8b08afc3bd071733d0..8d9cfe8810bff64d907b503ad1fea1da136aa528 100644 (file)
--- a/hw/usb/hcd-xhci.c
+++ b/hw/usb/hcd-xhci.c
@@ -3636,7 +3636,7 @@ static int usb_xhci_post_load(void *opaque, int version_id)
         slot->uport = xhci_lookup_uport(xhci, slot_ctx);
         assert(slot->uport && slot->uport->dev);
 
-        for (epid = 1; epid <= 32; epid++) {
+        for (epid = 1; epid <= 31; epid++) {
             pctx = slot->ctx + 32 * epid;
             xhci_dma_read_u32s(xhci, pctx, ep_ctx, sizeof(ep_ctx));
             state = ep_ctx[0] & EP_STATE_MASK;