id = 2780
title = "Out-of-bounds access in smc91c111_receive()"
state = "closed"
created_at = "2025-01-17T06:10:03.904Z"
closed_at = "2025-02-17T08:25:14.195Z"
labels = ["Fuzzer", "Networking", "workflow::Patch available"]
url = "https://gitlab.com/qemu-project/qemu/-/issues/2780"
host-os = "Ubuntu 24.04"
host-arch = "x86_64"
qemu-version = "commit 4d5d933bb"
guest-os = "n/a"
guest-arch = "ARM"
description = """An out-of-bounds access happens at hw/net/smc91c111.c:705.

`hw/net/smc91c111.c:705:5: runtime error: index -1 out of bounds for type 'int[4]'`"""
reproduce = """```
export QEMU_ARGS="-display none -machine accel=qtest, -m 512M -machine realview-eb"
cat << EOF | ./qemu-system-arm $QEMU_ARGS -qtest /dev/null -qtest stdio
writew 0x4e000005 0x227
writel 0x4e00000b 0x25ab1f2
writew 0x4e000000 0xaa6c
clock_step
EOF
```"""
additional = """"""