oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position. Read more