Commit 595dcd5
authored
Fix off-by-one in aot_alloc_tiny_frame overflow check (#4845)
* Fix off-by-one in aot_alloc_tiny_frame overflow check
The boundary check in aot_alloc_tiny_frame only verifies that
new_frame itself doesn't exceed top_boundary, but doesn't account
for the sizeof(AOTTinyFrame) bytes that are about to be written.
When new_frame equals top_boundary exactly, the check passes but
the subsequent write to new_frame->func_index goes past the
boundary. This matches the correct pattern used in
aot_alloc_frame (line 4086) which includes the frame size.1 parent 01f4ff4 commit 595dcd5
1 file changed
+2
-1
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
4176 | 4176 | | |
4177 | 4177 | | |
4178 | 4178 | | |
4179 | | - | |
| 4179 | + | |
| 4180 | + | |
4180 | 4181 | | |
4181 | 4182 | | |
4182 | 4183 | | |
| |||
0 commit comments