Hi, In my opinion the code has an insecure code pattern. The size may have integer overflow condition i think. But, I did not do dynamic analysis but I did static audit fpga code(I don't have an fpga device). because of this. I don't make sure about Yilun's comment. I think the code must have defensive coding rules. best regards.
