aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Pall <mike>2023-07-08 19:44:48 +0200
committerMike Pall <mike>2023-07-08 19:44:48 +0200
commit0cc5fdfbc0810073485150eb184dc358dab507d9 (patch)
treeb015e9f04a13766ada8e0898ade9634eaa560442
parent69dadad6c31119be5b43e90ef34444001d374d4b (diff)
downloadluajit-0cc5fdfbc0810073485150eb184dc358dab507d9.tar.gz
luajit-0cc5fdfbc0810073485150eb184dc358dab507d9.tar.bz2
luajit-0cc5fdfbc0810073485150eb184dc358dab507d9.zip
Fix maxslots when recording BC_TSETM.
Analyzed by Sergey Kaplun. #1025
Diffstat
-rw-r--r--src/lj_record.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/src/lj_record.c b/src/lj_record.c
index 8e685a10..57642eb5 100644
--- a/src/lj_record.c
+++ b/src/lj_record.c
@@ -116,6 +116,7 @@ static void rec_check_slots(jit_State *J)
116 cTValue *tv = &base[s]; 116 cTValue *tv = &base[s];
117 IRRef ref = tref_ref(tr); 117 IRRef ref = tref_ref(tr);
118 IRIns *ir = NULL; /* Silence compiler. */ 118 IRIns *ir = NULL; /* Silence compiler. */
119 lj_assertJ(tv < J->L->top, "slot %d above top of Lua stack", s);
119 if (!LJ_FR2 || ref || !(tr & (TREF_FRAME | TREF_CONT))) { 120 if (!LJ_FR2 || ref || !(tr & (TREF_FRAME | TREF_CONT))) {
120 lj_assertJ(ref >= J->cur.nk && ref < J->cur.nins, 121 lj_assertJ(ref >= J->cur.nk && ref < J->cur.nins,
121 "slot %d ref %04d out of range", s, ref - REF_BIAS); 122 "slot %d ref %04d out of range", s, ref - REF_BIAS);
@@ -2476,6 +2477,7 @@ void lj_record_ins(jit_State *J)
2476 2477
2477 case BC_TSETM: 2478 case BC_TSETM:
2478 rec_tsetm(J, ra, (BCReg)(J->L->top - J->L->base), (int32_t)rcv->u32.lo); 2479 rec_tsetm(J, ra, (BCReg)(J->L->top - J->L->base), (int32_t)rcv->u32.lo);
2480 J->maxslot = ra; /* The table slot at ra-1 is the highest used slot. */
2479 break; 2481 break;
2480 2482
2481 case BC_TNEW: 2483 case BC_TNEW:
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 14:44:05 +0000