From 090ec8ef6b14ba47d40a622df23f27cac59a9e58 Mon Sep 17 00:00:00 2001
From: iwashiira <89283357+iwashiira@users.noreply.github.com>
Date: Thu, 30 May 2024 04:40:50 +0000
Subject: [PATCH] lepc: added bound check for collect_tgt

---
 lib/misc/lecp.c | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/lib/misc/lecp.c b/lib/misc/lecp.c
index bc341ce28..a66e65b46 100644
--- a/lib/misc/lecp.c
+++ b/lib/misc/lecp.c
@@ -673,10 +673,21 @@ push_m:
 		 * We're collecting int / float pieces
 		 */
 		case LECP_COLLECT:
-			if (ctx->be)
-				*ctx->collect_tgt++ = c;
-			else
-				*ctx->collect_tgt-- = c;
+			if (ctx->be) {
+
+				if (ctx->collect_tgt + 1 >= &ctx->item.opcode)
+					*ctx->collect_tgt = c;
+				else
+					*ctx->collect_tgt++ = c;
+
+			} else {
+
+				if (ctx->collect_tgt <= (uint8_t *)&ctx->item.u)
+					*ctx->collect_tgt = c;
+				else
+					*ctx->collect_tgt-- = c;
+
+			}
 
 			if (--st->collect_rem)
 				break;