Bug: check for constructor overflow in [exp] fields

The check for constructor overflow was considering only fields with
explicit names, ignoring fields with syntax '[exp]=exp'.

2 files changed, 5 insertions, 6 deletions

diff --git a/lopcodes.h b/lopcodes.h
index e3ac9d09..97870038 100644
--- a/lopcodes.h
+++ b/lopcodes.h
@@ -254,7 +254,7 @@ OP_SETTABLE,/*	A B C	R[A][R[B]] := RK(C)				*/
 OP_SETI,/*      A B C   R[A][B] := RK(C)                                */
 OP_SETFIELD,/*  A B C   R[A][K[B]:shortstring] := RK(C)                 */
 
-OP_NEWTABLE,/*  A B C k R[A] := {}                                      */
+OP_NEWTABLE,/*  A vB vC k       R[A] := {}                              */
 
 OP_SELF,/*      A B C   R[A+1] := R[B]; R[A] := R[B][K[C]:shortstring]  */
 
@@ -378,9 +378,9 @@ OP_EXTRAARG/*	Ax	extra (larger) argument for previous opcode	*/
   real C = EXTRAARG _ C (the bits of EXTRAARG concatenated with the
   bits of C).
 
-  (*) In OP_NEWTABLE, B is log2 of the hash size (which is always a
+  (*) In OP_NEWTABLE, vB is log2 of the hash size (which is always a
   power of 2) plus 1, or zero for size zero. If not k, the array size
-  is C. Otherwise, the array size is EXTRAARG _ C.
+  is vC. Otherwise, the array size is EXTRAARG _ vC.
 
   (*) For comparisons, k specifies what condition the test should accept
   (true or false).
diff --git a/lparser.c b/lparser.c
index e868e887..992d45bd 100644
--- a/lparser.c
+++ b/lparser.c
@@ -904,12 +904,11 @@ static void recfield (LexState *ls, ConsControl *cc) {
   FuncState *fs = ls->fs;
   lu_byte reg = ls->fs->freereg;
   expdesc tab, key, val;
-  if (ls->t.token == TK_NAME) {
-    luaY_checklimit(fs, cc->nh, INT_MAX / 2, "items in a constructor");
+  if (ls->t.token == TK_NAME)
     codename(ls, &key);
-  }
   else  /* ls->t.token == '[' */
     yindex(ls, &key);
+  luaY_checklimit(fs, cc->nh, INT_MAX / 2, "items in a constructor");
   cc->nh++;
   checknext(ls, '=');
   tab = *cc->t;