Commit 4cb60ad650 for qemu.org

commit 4cb60ad6508af85bc1cf04bb58053a3289b8ba39
Author: Cédric Le Goater <clg@redhat.com>
Date:   Mon Mar 2 20:39:31 2026 +0100

    hw/i3c: Fix array bounds and storage in i3c_addr_is_rsvd()

    The size of the is_rsvd lookup table in i3c_addr_is_rsvd() is 255 but
    should be 256 to cover all possible uint8_t address values and avoid
    potential out-of-bounds access.

    The array should be static too as it's a constant lookup table.

    Reviewed-by: Jamin Lin <jamin_lin@aspeedtech.com>
    Reviewed-by: Nabih Estefan <nabihestefan@google.com>
    Link: https://lore.kernel.org/qemu-devel/20260302193931.382228-1-clg@redhat.com
    Signed-off-by: Cédric Le Goater <clg@redhat.com>

diff --git a/hw/i3c/core.c b/hw/i3c/core.c
index 8a37099ce3..0a266e00a2 100644
--- a/hw/i3c/core.c
+++ b/hw/i3c/core.c
@@ -525,7 +525,7 @@ int i3c_target_ibi_finish(I3CTarget *t, uint8_t data)

 static bool i3c_addr_is_rsvd(uint8_t addr)
 {
-    const bool is_rsvd[255] = {
+    static const bool is_rsvd[256] = {
         [0x00] = true,
         [0x01] = true,
         [0x02] = true,