In QEMU 3.1.0, loaddevicetree in devicetree.c calls the deprecated loadimage function, which has a buffer overflow risk.