On 2011-09-20 21:19, Alan Amaral wrote: > QEMU emulator version 0.14.50, Copyright (c) 2003-2008 Fabrice Bellard
(That's an ambitious development version.) > > You are correct, it's not hardcoded to 4. However, when it's allocated the > number of elements IS 4. Also, > there's a comment just above pci_set_irq which says: > > /* 0 <= irq_num <= 3. level must be 0 or 1 */ > static void pci_set_irq(void *opaque, int irq_num, int level) > > so, that implies to me that it's probably always 4... Sorry for the > confusion. Assuming you look at PIIX3: Yes, it allocates 4 IRQs - but only returns 0..3 via pci_slot_get_pirq. Xen uses some more, but also looks safe. Can you provide a backtrace where irq_num gets larger than 3 and writes beyond the end of irq_count? Do you have private patches in your tree? Jan
signature.asc
Description: OpenPGP digital signature
