On 12/11/21 20:11, Peter Maydell wrote:
> In process_its_cmd() and process_mapti() we must check the
> event ID against a limit defined by the size field in the DTE,
> which specifies the number of ID bits minus one. Convert
> this code to our num_foo convention, fixing the off-by-one error.
>
> Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
> ---
> hw/intc/arm_gicv3_its.c | 14 +++++++-------
> 1 file changed, 7 insertions(+), 7 deletions(-)
> @@ -299,10 +299,10 @@ static bool process_its_cmd(GICv3ITSState *s, uint64_t
> value, uint32_t offset,
> dte_valid ? "valid" : "invalid",
> ite_valid ? "valid" : "invalid",
> cte_valid ? "valid" : "invalid");
> - } else if (eventid > max_eventid) {
> + } else if (eventid >= num_eventids) {
> qemu_log_mask(LOG_GUEST_ERROR,
> "%s: invalid command attributes: eventid %d > %d\n",
">=" in format.
Reviewed-by: Philippe Mathieu-Daudé <f4...@amsat.org>
> - __func__, eventid, max_eventid);
> + __func__, eventid, num_eventids);
