Fix edge cases when recording string.byte/sub.

Thanks to Sergey Kaplun. #1443
author: Mike Pall <mike> 2026-03-04 11:18:28 +0100
committer: Mike Pall <mike> 2026-03-04 11:18:28 +0100
commit: 89f268b3f745dba80da6350d3cbbb0964f3fdbee (patch)
tree: df04434f14179a9dbd7b41fc7666a4f0f43f4c9c
parent: 02e29995581cb568a784a9b996cd5e9139cd0737 (diff)
download: luajit-89f268b3f745dba80da6350d3cbbb0964f3fdbee.tar.gz
luajit-89f268b3f745dba80da6350d3cbbb0964f3fdbee.tar.bz2
luajit-89f268b3f745dba80da6350d3cbbb0964f3fdbee.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/src/lj_ffrecord.c b/src/lj_ffrecord.c
index 392c4fe0..2e706a55 100644
--- a/src/lj_ffrecord.c
+++ b/src/lj_ffrecord.c
@@ -703,7 +703,7 @@ static void LJ_FASTCALL recff_string_range(jit_State *J, RecordFFData *rd)
    }
  }
  if (rd->data) {  /* Return string.sub result. */
-    if (end - start >= 0) {
+    if (start <= end) {
      /* Also handle empty range here, to avoid extra traces. */
      TRef trptr, trslen = emitir(IRTGI(IR_SUBOV), trend, trstart);
      emitir(IRTGI(IR_GE), trslen, tr0);
@@ -714,8 +714,8 @@ static void LJ_FASTCALL recff_string_range(jit_State *J, RecordFFData *rd)
      J->base[0] = lj_ir_kstr(J, lj_str_new(J->L, strdata(str), 0));
    }
  } else {  /* Return string.byte result(s). */
-    ptrdiff_t i, len = end - start;
+    if (start < end) {
-    if (len > 0) {
+      ptrdiff_t i, len = end - start;
      TRef trslen = emitir(IRTGI(IR_SUBOV), trend, trstart);
      emitir(IRTGI(IR_EQ), trslen, lj_ir_kint(J, (int32_t)len));
      if (J->baseslot + len > LJ_MAX_JSLOTS)
author	Mike Pall <mike>	2026-03-04 11:18:28 +0100
committer	Mike Pall <mike>	2026-03-04 11:18:28 +0100
commit	89f268b3f745dba80da6350d3cbbb0964f3fdbee (patch)
tree	df04434f14179a9dbd7b41fc7666a4f0f43f4c9c
parent	02e29995581cb568a784a9b996cd5e9139cd0737 (diff)
download	luajit-89f268b3f745dba80da6350d3cbbb0964f3fdbee.tar.gz luajit-89f268b3f745dba80da6350d3cbbb0964f3fdbee.tar.bz2 luajit-89f268b3f745dba80da6350d3cbbb0964f3fdbee.zip

diff --git a/src/lj_ffrecord.c b/src/lj_ffrecord.c index 392c4fe0..2e706a55 100644 --- a/src/lj_ffrecord.c +++ b/src/lj_ffrecord.c
@@ -703,7 +703,7 @@ static void LJ_FASTCALL recff_string_range(jit_State J, RecordFFData rd)
703	}	703	}
704	}	704	}
705	if (rd->data) { /* Return string.sub result. */	705	if (rd->data) { /* Return string.sub result. */
706	if (end - start >= 0) {	706	if (start <= end) {
707	/* Also handle empty range here, to avoid extra traces. */	707	/* Also handle empty range here, to avoid extra traces. */
708	TRef trptr, trslen = emitir(IRTGI(IR_SUBOV), trend, trstart);	708	TRef trptr, trslen = emitir(IRTGI(IR_SUBOV), trend, trstart);
709	emitir(IRTGI(IR_GE), trslen, tr0);	709	emitir(IRTGI(IR_GE), trslen, tr0);
@@ -714,8 +714,8 @@ static void LJ_FASTCALL recff_string_range(jit_State J, RecordFFData rd)
714	J->base[0] = lj_ir_kstr(J, lj_str_new(J->L, strdata(str), 0));	714	J->base[0] = lj_ir_kstr(J, lj_str_new(J->L, strdata(str), 0));
715	}	715	}
716	} else { /* Return string.byte result(s). */	716	} else { /* Return string.byte result(s). */
717	ptrdiff_t i, len = end - start;	717	if (start < end) {
718	if (len > 0) {	718	ptrdiff_t i, len = end - start;
719	TRef trslen = emitir(IRTGI(IR_SUBOV), trend, trstart);	719	TRef trslen = emitir(IRTGI(IR_SUBOV), trend, trstart);
720	emitir(IRTGI(IR_EQ), trslen, lj_ir_kint(J, (int32_t)len));	720	emitir(IRTGI(IR_EQ), trslen, lj_ir_kint(J, (int32_t)len));
721	if (J->baseslot + len > LJ_MAX_JSLOTS)	721	if (J->baseslot + len > LJ_MAX_JSLOTS)