Out-of-bounds access in smc91c111_receive()

Host environment

Operating system:

Ubuntu 24.04
OS/kernel version:

Linux 6.8
Architecture:

x86_64
QEMU flavor:

qemu-system-arm
QEMU version:

commit 4d5d933b

Emulated/Virtualized environment

Architecture:

ARM

Description of problem

An out-of-bounds access happens at hw/net/smc91c111.c:705.

hw/net/smc91c111.c:705:5: runtime error: index -1 out of bounds for type 'int[4]'

Steps to reproduce

export QEMU_ARGS="-display none -machine accel=qtest, -m 512M -machine realview-eb"
cat << EOF | ./qemu-system-arm $QEMU_ARGS -qtest /dev/null -qtest stdio
writew 0x4e000005 0x227
writel 0x4e00000b 0x25ab1f2
writew 0x4e000000 0xaa6c
clock_step
EOF

Additional information

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information