sdhci: Another way to trigger Assertion wpnum < sd->wpgrps_size failed
Hello, This is issue is distinct from #450 (closed)
Reproducer
cat << EOF | ./qemu-system-i386 -display none -machine accel=qtest, -m \
512M -nodefaults -device sdhci-pci,sd-spec-version=3 -device \
sd-card,drive=mydrive -drive \
if=none,index=0,file=null-co://,format=raw,id=mydrive -nographic -qtest \
stdio
outl 0xcf8 0x80001010
outl 0xcfc 0xe0000000
outl 0xcf8 0x80001004
outw 0xcfc 0x02
write 0xe000002c 0x1 0x05
write 0xe000000f 0x1 0x37
write 0xe000000a 0x1 0x01
write 0xe000000f 0x1 0x29
write 0xe000000f 0x1 0x02
write 0xe000000f 0x1 0x03
write 0xe0000005 0x1 0x01
write 0xe000000f 0x1 0x06
write 0xe000000c 0x1 0x05
write 0xe000000e 0x1 0x20
write 0xe000000f 0x1 0x08
write 0xe000000b 0x1 0x3d
write 0xe000000f 0x1 0x1e
EOF
Stack-Trace
qemu-fuzz-i386-target-generic-fuzz-sdhci-v3: ../hw/sd/sd.c:824: uint32_t sd_wpbits(SDState *, uint64_t):
Assertion `wpnum < sd->wpgrps_size' failed.
#0 0x7f62a8b2a438 in raise
#1 0x7f62a8b2c039 in abort
#2 0x7f62a8b22be6 in libc.so.6
#3 0x7f62a8b22c91 in __assert_fail
#4 0x5569adcec405 in sd_wpbits /src/qemu/hw/sd/sd.c:824:9
#5 0x5569adce5f6d in sd_normal_command /src/qemu/hw/sd/sd.c:1389:38
#6 0x5569adce3870 in sd_do_command /src/qemu/hw/sd/sd.c:1737:17
#7 0x5569adcf1566 in sdbus_do_command /src/qemu/hw/sd/core.c:100:16
#8 0x5569adcfc192 in sdhci_send_command /src/qemu/hw/sd/sdhci.c:337:12
#9 0x5569adcfa3a3 in sdhci_write /src/qemu/hw/sd/sdhci.c:1186:9
#10 0x5569adfb3447 in memory_region_write_accessor /src/qemu/softmmu/memory.c:492:5
#11 0x5569adfb32d2 in access_with_adjusted_size /src/qemu/softmmu/memory.c:554:18
#12 0x5569adfb2b31 in memory_region_dispatch_write /src/qemu/softmmu/memory.c:0:13
#13 0x5569adfa1307 in flatview_write_continue /src/qemu/softmmu/physmem.c:2778:23
#14 0x5569adf9bffc in flatview_write /src/qemu/softmmu/physmem.c:2818:14
#15 0x5569adf9be17 in address_space_write /src/qemu/softmmu/physmem.c:2910:18
#16 0x5569ad78f227 in __wrap_qtest_writeq /src/qemu/tests/qtest/fuzz/qtest_wrappers.c:187:9
#17 0x5569ad797736 in op_write /src/qemu/tests/qtest/fuzz/generic_fuzz.c:479:13
#18 0x5569ad795ecd in generic_fuzz /src/qemu/tests/qtest/fuzz/generic_fuzz.c:696:17
#19 0x5569ad78c5b0 in LLVMFuzzerTestOneInput /src/qemu/tests/qtest/fuzz/fuzz.c:151:5
OSS-Fuzz Report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36217
libqtest Reproducer: repro.c
Thank you