On 6 November 2018 at 12:27, li qiang <liq...@outlook.com> wrote: > The addr is 0~0x1fff, but when addr is at the near the end ,for example > 0x1fffe, the add>>2 can be 2047 > > and as script_ram is a uint32_t and so s->script_ram[addr >> 2] can read > out of the script_ram.
But script_ram is declared as uint32_t script_ram[2048]; so if addr >> 2 == 2047, that's still in-bounds, isn't it? thanks -- PMM
