On 06/11/2018 13:27, li qiang wrote: > The addr is 0~0x1fff, but when addr is at the near the end ,for example > 0x1fffe, the add>>2 can be 2047 > > and as script_ram is a uint32_t and so s->script_ram[addr >> 2] can read > out of the script_ram.
How so? s->script_ram has size 2048, it's okay to access it at 2047. Paolo
