I might be mistaken, but I don't think this patch actually fixes
CVE-2017-13672. I tested the latest git repo (last commit 530049bc1d)
against my initial reproducer, and QEMU still segfaults.

I think this is because the actual OOB read occurs inside pixman, which
of course is not affected by this patch. Perhaps bounds checks need to
be applied to the arguments passed into pixman?