Hi Zheng, On 9/5/25 13:15, Zheng Huang wrote:
This patch fixes an assertion error in isa_bus_get_irq() in /hw/isa/isa-bus.c by adding a constraint to the irq property.
Can you provide a reproducer to trigger that?
Signed-off-by: Zheng Huang <hz1624917...@gmail.com> --- hw/audio/cs4231a.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hw/audio/cs4231a.c b/hw/audio/cs4231a.c index 5a9be80ba3..d390da4c37 100644 --- a/hw/audio/cs4231a.c +++ b/hw/audio/cs4231a.c @@ -682,6 +682,10 @@ static void cs4231a_realizefn (DeviceState *dev, Error **errp) return; }+ if (s->irq >= ISA_NUM_IRQS) {+ error_setg(errp, "Invalid IRQ %d (max %d)", s->irq, ISA_NUM_IRQS); + return; + } s->pic = isa_bus_get_irq(bus, s->irq); k = ISADMA_GET_CLASS(s->isa_dma); k->register_channel(s->isa_dma, s->dma, cs_dma_read, s);
