Comment 35 for bug 1647389

So I tested Len's patch, and it does seem to work.

However, I can't seem to understand why the below line is necessary, when upstream qemu has virtually identical code, and does not need this line. It almost makes me wonder if CVE-2016-5403-3.patch is incorrectly decrementing the inuse counter in our version of qemu.

"
vdev->vq[i].inuse = (inuse_tmp < 0 ? 0 : inuse_tmp);
"

@Len in the failing case are you always seeing a inuse value of -1?

I'm building a test qemu without 2016-5403-3 right now. The risk of removing that would be that we'd have a possible leak. It's at least worth a check.