* Merge of ioq3-r1112

1 files changed, 6 insertions, 2 deletions

diff --git a/src/qcommon/vm_interpreted.c b/src/qcommon/vm_interpreted.c
index 00aa4710..35096e5b 100644
--- a/src/qcommon/vm_interpreted.c
+++ b/src/qcommon/vm_interpreted.c
@@ -395,9 +395,8 @@ nextInstruction:
 		r0 = ((int *)opStack)[0];
 		r1 = ((int *)opStack)[-1];
 nextInstruction2:
-		opcode = codeImage[ programCounter++ ];
 #ifdef DEBUG_VM
-		if ( (unsigned)programCounter > vm->codeLength ) {
+		if ( (unsigned)programCounter >= vm->codeLength ) {
 			Com_Error( ERR_DROP, "VM pc out of range" );
 		}
 
@@ -421,6 +420,7 @@ nextInstruction2:
 		}
 		profileSymbol->profileCount++;
 #endif
+		opcode = codeImage[ programCounter++ ];
 
 		switch ( opcode ) {
 #ifdef DEBUG_VM
@@ -565,6 +565,8 @@ nextInstruction2:
 					Com_Printf( "%s<--- %s\n", DEBUGSTR, VM_ValueToSymbol( vm, programCounter ) );
 				}
 #endif
+			} else if ( (unsigned)programCounter >= vm->codeLength ) {
+				Com_Error( ERR_DROP, "VM program counter out of range in OP_CALL" );
 			} else {
 				programCounter = vm->instructionPointers[ programCounter ];
 			}
@@ -620,6 +622,8 @@ nextInstruction2:
 			// check for leaving the VM
 			if ( programCounter == -1 ) {
 				goto done;
+			} else if ( (unsigned)programCounter >= vm->codeLength ) {
+				Com_Error( ERR_DROP, "VM program counter out of range in OP_LEAVE" );
 			}
 			goto nextInstruction;