diff options
| author | Mike Pall <mike> | 2023-07-09 21:08:12 +0200 |
|---|---|---|
| committer | Mike Pall <mike> | 2023-07-09 21:08:12 +0200 |
| commit | a01cba9d2d74efc57376822aa43db2d5043af5a4 (patch) | |
| tree | 99946adbf5b302535bc607c2fe226862e8244294 | |
| parent | 94ada59628dd6ce5d6d2dad1d35a68ad30127f53 (diff) | |
| download | luajit-a01cba9d2d74efc57376822aa43db2d5043af5a4.tar.gz luajit-a01cba9d2d74efc57376822aa43db2d5043af5a4.tar.bz2 luajit-a01cba9d2d74efc57376822aa43db2d5043af5a4.zip | |
Fix maxslots when recording BC_VARG, part 2.
Analyzed by Sergey Kaplun. #1024
| -rw-r--r-- | src/lj_record.c | 8 |
1 files changed, 2 insertions, 6 deletions
diff --git a/src/lj_record.c b/src/lj_record.c index c9933968..6361b424 100644 --- a/src/lj_record.c +++ b/src/lj_record.c | |||
| @@ -1518,12 +1518,8 @@ static void rec_varg(jit_State *J, BCReg dst, ptrdiff_t nresults) | |||
| 1518 | if (J->framedepth > 0) { /* Simple case: varargs defined on-trace. */ | 1518 | if (J->framedepth > 0) { /* Simple case: varargs defined on-trace. */ |
| 1519 | ptrdiff_t i; | 1519 | ptrdiff_t i; |
| 1520 | if (nvararg < 0) nvararg = 0; | 1520 | if (nvararg < 0) nvararg = 0; |
| 1521 | if (nresults == -1) { | 1521 | if (nresults == -1) nresults = nvararg; |
| 1522 | nresults = nvararg; | 1522 | J->maxslot = dst + (BCReg)nresults; |
| 1523 | J->maxslot = dst + (BCReg)nvararg; | ||
| 1524 | } else if (dst + nresults > J->maxslot) { | ||
| 1525 | J->maxslot = dst + (BCReg)nresults; | ||
| 1526 | } | ||
| 1527 | if (J->baseslot + J->maxslot >= LJ_MAX_JSLOTS) | 1523 | if (J->baseslot + J->maxslot >= LJ_MAX_JSLOTS) |
| 1528 | lj_trace_err(J, LJ_TRERR_STACKOV); | 1524 | lj_trace_err(J, LJ_TRERR_STACKOV); |
| 1529 | for (i = 0; i < nresults; i++) | 1525 | for (i = 0; i < nresults; i++) |