From 774f7dfe4d5036ef3285579f55b2a45b37fcbe76 Mon Sep 17 00:00:00 2001
From: Jakob Botsch Nielsen <jakob.botsch.nielsen@gmail.com>
Date: Mon, 3 Oct 2022 14:01:06 +0200
Subject: [PATCH 1/2] JIT: Ensure no overflow in ContainBlockStoreAddress

The offset here can be a "base" address due to various JIT
transformations so we should ensure the range [offset, offset+size) does
not overflow.

Fix #76506
---
 src/coreclr/jit/lowerarmarch.cpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/coreclr/jit/lowerarmarch.cpp b/src/coreclr/jit/lowerarmarch.cpp
index 1eae6c6dbc0987..8ad52d8a9d921e 100644
--- a/src/coreclr/jit/lowerarmarch.cpp
+++ b/src/coreclr/jit/lowerarmarch.cpp
@@ -688,6 +688,11 @@ void Lowering::ContainBlockStoreAddress(GenTreeBlk* blkNode, unsigned size, GenT
     {
         return;
     }
+#else
+    if ((ClrSafeInt<int>(offset) + ClrSafeInt<int>(size)).IsOverflow())
+    {
+        return;
+    }
 #endif // TARGET_ARM
 
     if (!IsSafeToContainMem(blkNode, addr))

From 81b2fa64f6f278f2f1fd51426b3197334a103990 Mon Sep 17 00:00:00 2001
From: Jakob Botsch Nielsen <jakob.botsch.nielsen@gmail.com>
Date: Mon, 3 Oct 2022 14:21:11 +0200
Subject: [PATCH 2/2] Nit

---
 src/coreclr/jit/lowerarmarch.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/coreclr/jit/lowerarmarch.cpp b/src/coreclr/jit/lowerarmarch.cpp
index 8ad52d8a9d921e..12023a99d77c1b 100644
--- a/src/coreclr/jit/lowerarmarch.cpp
+++ b/src/coreclr/jit/lowerarmarch.cpp
@@ -688,12 +688,12 @@ void Lowering::ContainBlockStoreAddress(GenTreeBlk* blkNode, unsigned size, GenT
     {
         return;
     }
-#else
+#else // !TARGET_ARM
     if ((ClrSafeInt<int>(offset) + ClrSafeInt<int>(size)).IsOverflow())
     {
         return;
     }
-#endif // TARGET_ARM
+#endif // !TARGET_ARM
 
     if (!IsSafeToContainMem(blkNode, addr))
     {