From 2e6f7c392ba7a267e4fb03a4d37420cff6615a15 Mon Sep 17 00:00:00 2001
From: Mark Rowe <mark@vector35.com>
Date: Thu, 7 May 2026 08:55:56 -0700
Subject: [PATCH] [Rust] Fix off-by-one accesses to operand lists within
 MediumLevelILInstruction::lift

This could result in a crash or incorrect data being read.

Fixes https://github.com/Vector35/binaryninja-api/issues/8155
---
 rust/src/medium_level_il/instruction.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rust/src/medium_level_il/instruction.rs b/rust/src/medium_level_il/instruction.rs
index 17534b312a..c1cd26a366 100644
--- a/rust/src/medium_level_il/instruction.rs
+++ b/rust/src/medium_level_il/instruction.rs
@@ -851,7 +851,7 @@ impl MediumLevelILInstruction {
             MemPhi(op) => Lifted::MemPhi(LiftedMemPhi {
                 dest_memory: op.dest_memory,
                 // TODO: Make a stronger type for this.
-                src_memory: self.get_operand_list(0),
+                src_memory: self.get_operand_list(1),
             }),
             VarSplit(op) => Lifted::VarSplit(op),
             SetVarSplit(op) => Lifted::SetVarSplit(LiftedSetVarSplit {
@@ -977,7 +977,7 @@ impl MediumLevelILInstruction {
                 )
                 .expect("Valid intrinsic"),
                 params: self
-                    .get_expr_list(3)
+                    .get_expr_list(2)
                     .iter()
                     .map(|expr| expr.lift())
                     .collect(),