From a085dc547e3d644633007858aea5b8f4f329ad63 Mon Sep 17 00:00:00 2001
From: Ben Vanik <ben.vanik@gmail.com>
Date: Wed, 6 Aug 2014 11:36:16 -0700
Subject: [PATCH] Fix potential heap corruption in code cache.

---
 src/alloy/backend/x64/x64_code_cache_win.cc | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/alloy/backend/x64/x64_code_cache_win.cc b/src/alloy/backend/x64/x64_code_cache_win.cc
index f3e96455b..bb55fec6a 100644
--- a/src/alloy/backend/x64/x64_code_cache_win.cc
+++ b/src/alloy/backend/x64/x64_code_cache_win.cc
@@ -88,7 +88,6 @@ void* X64CodeCache::PlaceCode(void* machine_code, size_t code_size,
 
   // Add entry to fn table.
   active_chunk_->AddTableEntry(final_address, code_size, stack_size);
-
   lock_.unlock();
 
   // Copy code.
@@ -210,8 +209,7 @@ void X64CodeChunk::AddTableEntry(uint8_t* code, size_t code_size,
 
   // Allocate unwind data. We know we have space because we overallocated.
   // This should be the tailing 16b with 16b alignment.
-  size_t unwind_info_offset = offset;
-  offset += UNWIND_INFO_SIZE;
+  size_t unwind_info_offset = offset - UNWIND_INFO_SIZE;
 
   if (!stack_size) {
     // http://msdn.microsoft.com/en-us/library/ddssxxy8.aspx