Alex Bennée <alex.ben...@linaro.org> writes:
<snip> > diff --git a/tcg/tcg.c b/tcg/tcg.c > index a2268d9db0..f5e4529df2 100644 > --- a/tcg/tcg.c > +++ b/tcg/tcg.c > @@ -4211,6 +4211,7 @@ int tcg_gen_code(TCGContext *s, TranslationBlock *tb) > } > tcg_debug_assert(num_insns >= 0); > s->gen_insn_end_off[num_insns] = tcg_current_code_size(s); > + s->gen_insn_end_off[num_insns + 1] = 0; OK this was lazy of me and of course vulnerable to an overflow. Did you know the sha1 test is quite capable of exceeding this? -- Alex Bennée
