Fix double-scaled pointer arithmetic in ETDumpGen constructor (TOB-EXECUTORCH-32)

Github Executorch · Github Executorch · commit 2e4938a055d8 · 2026-04-08T15:20:46.000-07:00
The expression `builder_ + sizeof(struct flatcc_builder)` double-scales
the offset because `builder_` is a `struct flatcc_builder*` -- the
compiler already multiplies by `sizeof(struct flatcc_builder)` for typed
pointer arithmetic. The result advances far past the intended location,
potentially into unallocated memory.

Replace with `builder_ + 1`, which correctly advances by exactly one
`sizeof(struct flatcc_builder)` element.

This PR was authored with the assistance of Claude.
diff --git a/devtools/etdump/etdump_flatcc.cpp b/devtools/etdump/etdump_flatcc.cpp
@@ -117,7 +117,7 @@ ETDumpGen::ETDumpGen(Span<uint8_t> buffer) {
     builder_ =
         (struct flatcc_builder*)internal::align_pointer(buffer.data(), 64);
     uintptr_t buffer_with_builder = (uintptr_t)internal::align_pointer(
-        builder_ + sizeof(struct flatcc_builder), 64);
+        builder_ + 1, 64);
     size_t builder_size =
         (size_t)(buffer_with_builder - (uintptr_t)buffer.data());
     size_t min_buf_size = max_alloc_buf_size + builder_size;
