ppc: 0.770
graphic: 0.749
performance: 0.722
network: 0.716
device: 0.712
mistranslation: 0.709
semantic: 0.692
register: 0.664
vnc: 0.659
socket: 0.636
kernel: 0.615
architecture: 0.613
peripherals: 0.560
files: 0.558
PID: 0.547
arm: 0.543
risc-v: 0.532
x86: 0.532
permissions: 0.525
VMM: 0.525
debug: 0.519
hypervisor: 0.512
TCG: 0.509
i386: 0.493
boot: 0.487
user-level: 0.444
KVM: 0.422
assembly: 0.342
virtual: 0.306

Could this cause OOB bug ?

In function megasas_handle_scsi(hw/scsi/megasas.c):

```c
static int megasas_handle_scsi(MegasasState *s, MegasasCmd *cmd,
                               int frame_cmd)
{
    ............................................................................
    cdb = cmd->frame->pass.cdb;
    target_id = cmd->frame->header.target_id;
    lun_id = cmd->frame->header.lun_id;
    cdb_len = cmd->frame->header.cdb_len;
    ............................................................................
    if (cdb_len > 16) {
        trace_megasas_scsi_invalid_cdb_len(
                mfi_frame_desc[frame_cmd], is_logical,
                target_id, lun_id, cdb_len);
        megasas_write_sense(cmd, SENSE_CODE(INVALID_OPCODE));
        cmd->frame->header.scsi_status = CHECK_CONDITION;
        s->event_count++;
        return MFI_STAT_SCSI_DONE_WITH_ERROR;
    }
}
```

Two variables, frame_cmd and cdb_len, can be controlled by guest os. So can mfi_frame_desc[frame_cmd] cause OOB bug ?

QEMU emulator version 5.0.50 (v5.0.0-533-gdebe78ce14-dirty)

You must start the trace function of QEMU to trigger this BUG!

I think we should fix this anyway, even if it can only be triggered when trace functions are enabled

Fix has been included:
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=ee760ac80ac1f1