在 2018/11/6 20:28, Paolo Bonzini 写道: > On 06/11/2018 13:27, li qiang wrote: >> The addr is 0~0x1fff, but when addr is at the near the end ,for example >> 0x1fffe, the add>>2 can be 2047 >> >> and as script_ram is a uint32_t and so s->script_ram[addr >> 2] can read >> out of the script_ram. > How so? s->script_ram has size 2048, it's okay to access it at 2047.
Oh, right. I'm confused by the script_ram, it's not byte array. > Paolo
