On 11/28/07, TeLeMan <[EMAIL PROTECTED]> wrote: > > dyngen_code() can generate more than CODE_GEN_MAX_SIZE bytes, code_gen_buffer > can be overflowed. I hope this security bug will be fixed soon.
Thank you for the analysis. It's true that cpu_gen_code does not pass CODE_GEN_MAX_SIZE (65536) on to gen_intermediate_code and that should be fixed. But gen_intermediate_code can only add OPC_MAX_SIZE (512 - 32) instructions more, so there is no security bug.
