From f2eb665a11a34ac9f6459f8a18c3d9d8be9ca359 Mon Sep 17 00:00:00 2001
From: Leon Alrae <leon.alrae@imgtec.com>
Date: Mon, 4 Apr 2016 09:59:00 +0100
Subject: [PATCH] hw/mips_itu: fix off-by-one reported by Coverity

Fix off-by-one error in ITC Tag read.

Remove the switch as we just want to check if index is in valid range
rather than test against list of values.

Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
---
 hw/misc/mips_itu.c | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/hw/misc/mips_itu.c b/hw/misc/mips_itu.c
index 8461d2379b..da5455062d 100644
--- a/hw/misc/mips_itu.c
+++ b/hw/misc/mips_itu.c
@@ -66,18 +66,13 @@ static uint64_t itc_tag_read(void *opaque, hwaddr addr, unsigned size)
 {
     MIPSITUState *tag = (MIPSITUState *)opaque;
     uint64_t index = addr >> 3;
-    uint64_t ret = 0;
 
-    switch (index) {
-    case 0 ... ITC_ADDRESSMAP_NUM:
-        ret = tag->ITCAddressMap[index];
-        break;
-    default:
+    if (index >= ITC_ADDRESSMAP_NUM) {
         qemu_log_mask(LOG_GUEST_ERROR, "Read 0x%" PRIx64 "\n", addr);
-        break;
+        return 0;
     }
 
-    return ret;
+    return tag->ITCAddressMap[index];
 }
 
 static void itc_reconfigure(MIPSITUState *tag)