Skip to content

Commit

Permalink
[mini] Fix the bounds check in GET_BBLOCK (#73493)
Browse files Browse the repository at this point in the history
If the target IP is out of bounds, but `cfg->cil_offset_to_bb` has
some non-zero data before or after it, then `tblock` will be some
non-NULL pointer that we will treat as a good basic block.

Related to #73474 (but doesn't
fix the underlying issue there - it will just make the whole
offending method throw a BadImageFormatException when it's called)

This may have some performance overhead for the mono JIT.
  • Loading branch information
lambdageek authored Aug 6, 2022
1 parent d8dbd95 commit 7c06020
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/mono/mono/mini/method-to-ir.c
Original file line number Diff line number Diff line change
Expand Up @@ -467,9 +467,9 @@ mini_set_inline_failure (MonoCompile *cfg, const char *msg)
} while (0)

#define GET_BBLOCK(cfg,tblock,ip) do { \
if ((ip) >= end || (ip) < header->code) { UNVERIFIED; } \
(tblock) = cfg->cil_offset_to_bb [(ip) - cfg->cil_start]; \
if (!(tblock)) { \
if ((ip) >= end || (ip) < header->code) UNVERIFIED; \
NEW_BBLOCK (cfg, (tblock)); \
(tblock)->cil_code = (ip); \
ADD_BBLOCK (cfg, (tblock)); \
Expand Down

0 comments on commit 7c06020

Please sign in to comment.