[mono] Fix invalid memory write

Fixes dotnet#56526 and probably also dotnet#53546 Allocate enough memory when `SIZEOF_REGISTER == 4`, so that code like defs [ins->dreg + 1] = NULL; defs [ins->dreg + 2] = NULL; doesn't write after allocated range.
radekdoulik · Jul 29, 2021 · c963425 · c963425
1 parent 5ade773
commit c963425
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/src/mono/mono/mini/local-propagation.c b/src/mono/mono/mini/local-propagation.c
@@ -504,8 +504,14 @@ mono_local_cprop (MonoCompile *cfg)
 	int filter = FILTER_IL_SEQ_POINT;
 	int initial_max_vregs = cfg->next_vreg;
 
+#if SIZEOF_REGISTER == 4
+	#define VREG_ADD_SIZE 2
+#else
+	#define VREG_ADD_SIZE 0
+#endif
+
 	max = cfg->next_vreg;
-	defs = (MonoInst **)mono_mempool_alloc (cfg->mempool, sizeof (MonoInst*) * cfg->next_vreg);
+	defs = (MonoInst **)mono_mempool_alloc (cfg->mempool, sizeof (MonoInst*) * (cfg->next_vreg + VREG_ADD_SIZE));
 	def_index = (gint32 *)mono_mempool_alloc (cfg->mempool, sizeof (guint32) * cfg->next_vreg);
 	cfg->cbb = bb_opt = (MonoBasicBlock *)mono_mempool_alloc0 ((cfg)->mempool, sizeof (MonoBasicBlock));