From 510b56a31e32a2a1ed46bcc58a82e0f9df077501 Mon Sep 17 00:00:00 2001
From: losfair <zhy20000919@hotmail.com>
Date: Sat, 30 May 2020 00:35:27 +0800
Subject: [PATCH] Check memory offset calculation overflow.

---
 lib/compiler-singlepass/src/codegen_x64.rs | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/lib/compiler-singlepass/src/codegen_x64.rs b/lib/compiler-singlepass/src/codegen_x64.rs
index 25617f722..d574c2a14 100644
--- a/lib/compiler-singlepass/src/codegen_x64.rs
+++ b/lib/compiler-singlepass/src/codegen_x64.rs
@@ -1280,9 +1280,7 @@ impl<'a> FuncGen<'a> {
                     Location::Imm32(memarg.offset),
                     Location::GPR(tmp_addr),
                 );
-                self.assembler
-                    .emit_jmp(Condition::Carry, self.special_labels.heap_access_oob);
-                // unsigned overflow
+                // Overflow is checked outside the `need_check` block, so we don't need to check it here.
             }
 
             // Trap if the start address of the requested area is equal to or above that of the linear memory.
@@ -1320,6 +1318,10 @@ impl<'a> FuncGen<'a> {
                 Location::Imm32(memarg.offset as u32),
                 Location::GPR(tmp_addr),
             );
+
+            // Trap if offset calculation overflowed.
+            self.assembler
+                .emit_jmp(Condition::Carry, self.special_labels.heap_access_oob);
         }
         self.assembler
             .emit_add(Size::S64, Location::GPR(tmp_base), Location::GPR(tmp_addr));