Index: hw/dma.c
===================================================================
RCS file: /cvsroot/qemu/qemu/hw/dma.c,v
retrieving revision 1.14
diff -u -r1.14 dma.c
--- hw/dma.c    21 Nov 2005 23:29:55 -0000      1.14
+++ hw/dma.c    2 May 2007 14:23:19 -0000
@@ -438,6 +438,13 @@
     write_cont (d, (0x0d << d->dshift), 0);
 }
 
+static int dma_phony_handler (void *opaque, int nchan, int dma_pos, int dma_len)
+{
+    dolog ("unregistered DMA channel used nchan=%d dma_pos=%d dma_len=%d\n",
+           nchan, dma_pos, dma_len);
+    return dma_pos;
+}
+
 /* dshift = 0: 8 bit DMA, 1 = 16 bit DMA */
 static void dma_init2(struct dma_cont *d, int base, int dshift,
                       int page_base, int pageh_base)
@@ -470,6 +477,9 @@
     }
     qemu_register_reset(dma_reset, d);
     dma_reset(d);
+    for (i = 0; i < LENOFA (d->regs); ++i) {
+        d->regs[i].transfer_handler = dma_phony_handler;
+    }
 }
 
 static void dma_save (QEMUFile *f, void *opaque)
Index: hw/sb16.c
===================================================================
RCS file: /cvsroot/qemu/qemu/hw/sb16.c,v
retrieving revision 1.23
diff -u -r1.23 sb16.c
--- hw/sb16.c   7 Apr 2007 18:14:41 -0000       1.23
+++ hw/sb16.c   2 May 2007 14:23:19 -0000
@@ -1189,6 +1189,12 @@
     SB16State *s = opaque;
     int till, copy, written, free;
 
+    if (s->block_size <= 0) {
+        dolog ("invalid block size=%d nchan=%d dma_pos=%d dma_len=%d\n",
+               s->block_size, nchan, dma_pos, dma_len);
+        return dma_pos;
+    }
+
     if (s->left_till_irq < 0) {
         s->left_till_irq = s->block_size;
     }