From a695454daee78f7be97e73012315593adb591c34 Mon Sep 17 00:00:00 2001
From: Agent Kilo <github@theerrorlog.com>
Date: Mon, 28 Apr 2025 17:00:23 +0800
Subject: [PATCH] Try to fix cfun registry size check for cross-thread messages

---
 src/core/ev.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/core/ev.c b/src/core/ev.c
index 0d0e0734..d9ce3f48 100644
--- a/src/core/ev.c
+++ b/src/core/ev.c
@@ -3015,7 +3015,8 @@ static JanetEVGenericMessage janet_go_thread_subr(JanetEVGenericMessage args) {
             uint32_t count1;
             memcpy(&count1, nextbytes, sizeof(count1));
             size_t count = (size_t) count1;
-            if (count > (endbytes - nextbytes) * sizeof(JanetCFunRegistry)) {
+            /* Use division to avoid overflowing size_t */
+            if (count > (endbytes - nextbytes - sizeof(count1)) / sizeof(JanetCFunRegistry)) {
                 janet_panic("thread message invalid");
             }
             janet_vm.registry_count = count;