From c4f20c1700145ecfad286c6965b48c508bb1e084 Mon Sep 17 00:00:00 2001
From: Yonghua Huang <yonghua.huang@intel.com>
Date: Tue, 18 Dec 2018 21:27:36 +0800
Subject: [PATCH] hv:fix possible buffer overflow in 'ptirq_get_intr_data()'

 - 'buffer'with size of 'buffer_cnt',  will overflow in
    next loop if 'index == buffer_cnt - 1'.

Tracked-On: #1252
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
---
 hypervisor/common/ptdev.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hypervisor/common/ptdev.c b/hypervisor/common/ptdev.c
index 52cdebd23..7289fae42 100644
--- a/hypervisor/common/ptdev.c
+++ b/hypervisor/common/ptdev.c
@@ -229,7 +229,7 @@ uint32_t ptirq_get_intr_data(const struct acrn_vm *target_vm, uint64_t *buffer,
 			buffer[index + 1U] = entry->intr_count;
 
 			index += 2U;
-			if (index >= buffer_cnt) {
+			if (index > (buffer_cnt - 2U)) {
 				break;
 			}
 		}