From: Ivo Raisr <ivosh@ivosh.net>
Date: Tue, 13 Jun 2017 18:14:28 +0000 (+0000)
Subject: Fix a possible array overrun in VEX register allocator.
X-Git-Tag: VALGRIND_3_14_0~300^2~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bed4f39768ece10929769948674ebaefaee0844e;p=thirdparty%2Fvalgrind.git

Fix a possible array overrun in VEX register allocator.
Fixes BZ#381162.


git-svn-id: svn://svn.valgrind.org/vex/trunk@3392
---

diff --git a/VEX/priv/host_generic_reg_alloc2.c b/VEX/priv/host_generic_reg_alloc2.c
index ada2396865..2294a9bcc9 100644
--- a/VEX/priv/host_generic_reg_alloc2.c
+++ b/VEX/priv/host_generic_reg_alloc2.c
@@ -433,7 +433,7 @@ HInstrArray* doRegisterAllocation (
 
    /* .. and the redundant backward map */
    /* Each value is 0 .. n_rregs-1 or is INVALID_RREG_NO.
-      This inplies n_rregs must be <= 32768. */
+      This implies n_rregs must be <= 32768. */
    Short*     vreg_state;  /* [0 .. n_vregs-1] */
 
    /* The vreg -> rreg map constructed and then applied to each
@@ -554,8 +554,7 @@ HInstrArray* doRegisterAllocation (
 
    /* An array to hold the reg-usage info for the incoming
       instructions. */
-   reg_usage_arr
-      = LibVEX_Alloc_inline(sizeof(HRegUsage) * instrs_in->arr_used-1);
+   reg_usage_arr = LibVEX_Alloc_inline(sizeof(HRegUsage) * instrs_in->arr_used);
 
    /* ------ end of SET UP TO COMPUTE VREG LIVE RANGES ------ */