From 1125750c47890935eb1271491d765e46ea66b07c Mon Sep 17 00:00:00 2001
From: Alon Zakai <azakai@google.com>
Date: Mon, 25 Mar 2024 14:55:58 -0700
Subject: StringNew: Trap on OOB start index (#6438)

---
 src/wasm-interpreter.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/wasm-interpreter.h')

diff --git a/src/wasm-interpreter.h b/src/wasm-interpreter.h
index f34cb83be..377eb9465 100644
--- a/src/wasm-interpreter.h
+++ b/src/wasm-interpreter.h
@@ -1883,7 +1883,7 @@ public:
         const auto& ptrDataValues = ptrData->values;
         size_t startVal = start.getSingleValue().getUnsigned();
         size_t endVal = end.getSingleValue().getUnsigned();
-        if (endVal > ptrDataValues.size()) {
+        if (startVal > ptrDataValues.size() || endVal > ptrDataValues.size()) {
           trap("array oob");
         }
         Literals contents;
-- 
cgit v1.2.3