Comment 2 for bug 1913917

The actual overrun here is not the one the backtrace describes. The first "writel 0x8000f00 0x5affaf" writes a value to GICD_SGIR which overruns the sgi_pending array in the GICState structure. In particular, it overwrites the s->num_irq field, which is what is guarding the array access to gic_irq_state[] that the "write 0x8000eff 0x1 0x0" exercises. With the first overrun fixed, the check for "if (irq >= s->num_irq)" functions correctly.