From 1b3b4386c220e81395c04215d15c727cfdacb65b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?John=20H=C3=B6gberg?= <john@erlang.org>
Date: Mon, 12 Feb 2018 09:22:19 +0100
Subject: [PATCH] Make sure that the overwrite in bs_context_to_binary is safe

---
 erts/emulator/beam/bs_instrs.tab | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/erts/emulator/beam/bs_instrs.tab b/erts/emulator/beam/bs_instrs.tab
index b11903a47b9a..94e0000c8ba3 100644
--- a/erts/emulator/beam/bs_instrs.tab
+++ b/erts/emulator/beam/bs_instrs.tab
@@ -990,6 +990,9 @@ ctx_to_bin.execute() {
     Uint hole_size;
     Uint orig = mb->orig;
     ErlSubBin* sb = (ErlSubBin *) boxed_val(context);
+    /* Since we're going to overwrite the match state with the result, an
+     * ErlBinMatchState must be at least as large as an ErlSubBin. */
+    ERTS_CT_ASSERT(sizeof(ErlSubBin) <= sizeof(ErlBinMatchState));
     hole_size = 1 + header_arity(sb->thing_word) - ERL_SUB_BIN_SIZE;
     sb->thing_word = HEADER_SUB_BIN;
     sb->size = BYTE_OFFSET(size);