fix: ujit getinstancevariable code checks ivar extended table size

Co-authored-by: Maxime Chevalier-Boisvert <maxime.chevalierboisvert@shopify.com> Co-authored-by: Alan Wu <XrXr@users.noreply.github.com>
author: Mike Dalessio <mike.dalessio@gmail.com> 2021-02-16 14:40:16 -0500
committer: Alan Wu <XrXr@users.noreply.github.com> 2021-10-20 18:19:29 -0400
commit: 980aa329b648f3412d3584575481181b8d42cd60 (patch)
tree: 8b5190e09a816c16832d7ff3f0b8fc671a5bfa97
parent: ddd1a5ce790717d8606d3aba17cd1aaae266819f (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/ujit_codegen.c b/ujit_codegen.c
index 541f74b964..26aa4ffcf0 100644
--- a/ujit_codegen.c
+++ b/ujit_codegen.c
@@ -525,6 +525,15 @@ gen_getinstancevariable(jitstate_t* jit, ctx_t* ctx)
     test(cb, flags_opnd, imm_opnd(ROBJECT_EMBED));
     jnz_ptr(cb, side_exit);
 
+    // check that the extended table is big enough
+    if (ivar_index >= ROBJECT_EMBED_LEN_MAX + 1)
+    {
+        // Check that the slot is inside the extended table (num_slots > index)
+        x86opnd_t num_slots = mem_opnd(32, REG0, offsetof(struct RObject, as.heap.numiv));
+        cmp(cb, num_slots, imm_opnd(ivar_index));
+        jle_ptr(cb, side_exit);
+    }
+
     // Get a pointer to the extended table
     x86opnd_t tbl_opnd = mem_opnd(64, REG0, offsetof(struct RObject, as.heap.ivptr));
     mov(cb, REG0, tbl_opnd);
author	Mike Dalessio <mike.dalessio@gmail.com>	2021-02-16 14:40:16 -0500
committer	Alan Wu <XrXr@users.noreply.github.com>	2021-10-20 18:19:29 -0400
commit	980aa329b648f3412d3584575481181b8d42cd60 (patch)
tree	8b5190e09a816c16832d7ff3f0b8fc671a5bfa97
parent	ddd1a5ce790717d8606d3aba17cd1aaae266819f (diff)