pseries: Fix array overrun bug in PCI code

spapr_populate_pci_devices() containd a loop with PCI_NUM_REGIONS (7)
iterations.  However this overruns the 'bars' global array, which only has
6 elements. In fact we only want to run this loop for things listed in the
bars array, so this patch corrects the loop bounds to reflect that.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
(cherry picked from commit 135712de61dfa22368e98914d65b8b0860ec8505)

diff --git a/hw/spapr_pci.c b/hw/spapr_pci.c
index 7162588543167b51aa9a6a3201b6cccd1b01d945..9b6a032ccecc8d44320b87dfa4a50f73f6d02d3d 100644 (file)
--- a/hw/spapr_pci.c
+++ b/hw/spapr_pci.c
@@ -454,7 +454,7 @@ int spapr_populate_pci_devices(sPAPRPHBState *phb,
         reg[0].size = 0;
 
         n = 0;
-        for (i = 0; i < PCI_NUM_REGIONS; ++i) {
+        for (i = 0; i < ARRAY_SIZE(bars); ++i) {
             if (0 == dev->io_regions[i].size) {
                 continue;
             }