Hello Ren, Alex,

+-- On Wed, 13 May 2020, Ding, Ren wrote --+
| We couldn’t reproduce the bug with the patch provided by our reproducer 
| earlier, though we did not dig into the details of it. Meanwhile, we do also 
| see the null pointer dereference crash with the current upstream 
| (https://bugs.launchpad.net/qemu/+bug/1878259).

* Yes, I was able to reproduce both OOB access and NULL dereference issues 
  with Alex's reproducers.

* I have sent revised patches v2 with you in CC. I've tested the patches, 
  still please kindly confirm if they work for you OR if you see anything 
  amiss.

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D