From 1aecdabd7f219b9547f410b139e27f6eeb0f44f8 Mon Sep 17 00:00:00 2001
From: Elliott Hughes <enh@google.com>
Date: Fri, 29 Jun 2012 16:45:06 -0700
Subject: Fix a possible off-by-one in the verifier.

Bug: http://code.google.com/p/android/issues/detail?id=10863
Change-Id: I604f9a5ea08b6a6934b3ba522e1fda0bb738f81c
---
 vm/analysis/CodeVerify.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vm/analysis/CodeVerify.cpp b/vm/analysis/CodeVerify.cpp
index 8cb1099aa..c7336fe6b 100644
--- a/vm/analysis/CodeVerify.cpp
+++ b/vm/analysis/CodeVerify.cpp
@@ -3797,7 +3797,7 @@ static bool doCodeVerification(VerifierData* vdata, RegisterTable* regTable)
             if (instr == kPackedSwitchSignature ||
                 instr == kSparseSwitchSignature ||
                 instr == kArrayDataSignature ||
-                (instr == OP_NOP &&
+                (instr == OP_NOP && (insnIdx + 1 < insnsSize) &&
                  (meth->insns[insnIdx+1] == kPackedSwitchSignature ||
                   meth->insns[insnIdx+1] == kSparseSwitchSignature ||
                   meth->insns[insnIdx+1] == kArrayDataSignature)))
-- 
cgit v1.2.3