From a0db72bd4800853382ecfc3cd7557bd5447f8d9b Mon Sep 17 00:00:00 2001
From: Zoltan Varga <vargaz@gmail.com>
Date: Wed, 19 Dec 2018 12:57:13 -0500
Subject: [PATCH] [jit] Fix a buffer overflow in
 mini_get_gsharedvt_out_sig_wrapper_signature ().

Fixes https://github.com/mono/mono/issues/12130.
---
 mono/mini/mini-generic-sharing.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mono/mini/mini-generic-sharing.c b/mono/mini/mini-generic-sharing.c
index 2d075dba79434..442e5f74e0e16 100644
--- a/mono/mini/mini-generic-sharing.c
+++ b/mono/mini/mini-generic-sharing.c
@@ -1732,7 +1732,7 @@ mini_get_interp_lmf_wrapper (void)
 MonoMethodSignature*
 mini_get_gsharedvt_out_sig_wrapper_signature (gboolean has_this, gboolean has_ret, int param_count)
 {
-	MonoMethodSignature *sig = g_malloc0 (sizeof (MonoMethodSignature) + (32 * sizeof (MonoType*)));
+	MonoMethodSignature *sig = g_malloc0 (sizeof (MonoMethodSignature) + ((param_count + 3) * sizeof (MonoType*)));
 	int i, pindex;
 	MonoType *int_type = mono_get_int_type ();