Check memory offset calculation overflow.

2025-12-08 21:58:20 +00:00 · 2020-05-30 00:35:27 +08:00
parent 83a50a560e
commit 510b56a31e
1 changed files with 5 additions and 3 deletions
--- a/lib/compiler-singlepass/src/codegen_x64.rs
+++ b/lib/compiler-singlepass/src/codegen_x64.rs
@@ -1280,9 +1280,7 @@ impl<'a> FuncGen<'a> {
                    Location::Imm32(memarg.offset),
                    Location::GPR(tmp_addr),
                );
-                self.assembler
-                    .emit_jmp(Condition::Carry, self.special_labels.heap_access_oob);
-                // unsigned overflow
+                // Overflow is checked outside the `need_check` block, so we don't need to check it here.
            }

            // Trap if the start address of the requested area is equal to or above that of the linear memory.
@@ -1320,6 +1318,10 @@ impl<'a> FuncGen<'a> {
                Location::Imm32(memarg.offset as u32),
                Location::GPR(tmp_addr),
            );
+
+            // Trap if offset calculation overflowed.
+            self.assembler
+                .emit_jmp(Condition::Carry, self.special_labels.heap_access_oob);
        }
        self.assembler
            .emit_add(Size::S64, Location::GPR(tmp_base), Location::GPR(tmp_addr));