Fix bytecode JMP slot range after const + and/or optimization.

1 files changed, 15 insertions, 12 deletions

diff --git a/src/lj_parse.c b/src/lj_parse.c
index 0f32d121..2835aef0 100644
--- a/src/lj_parse.c
+++ b/src/lj_parse.c
@@ -269,20 +269,23 @@ static int jmp_novalue(FuncState *fs, BCPos list)
 /* Patch register of test instructions. */
 static int jmp_patchtestreg(FuncState *fs, BCPos pc, BCReg reg)
 {
-  BCIns *ip = &fs->bcbase[pc >= 1 ? pc-1 : pc].ins;
-  BCOp op = bc_op(*ip);
+  BCInsLine *ilp = &fs->bcbase[pc >= 1 ? pc-1 : pc];
+  BCOp op = bc_op(ilp->ins);
   if (op == BC_ISTC || op == BC_ISFC) {
-    if (reg != NO_REG && reg != bc_d(*ip)) {
-      setbc_a(ip, reg);
+    if (reg != NO_REG && reg != bc_d(ilp->ins)) {
+      setbc_a(&ilp->ins, reg);
     } else {  /* Nothing to store or already in the right register. */
-      setbc_op(ip, op+(BC_IST-BC_ISTC));
-      setbc_a(ip, 0);
+      setbc_op(&ilp->ins, op+(BC_IST-BC_ISTC));
+      setbc_a(&ilp->ins, 0);
+    }
+  } else if (bc_a(ilp->ins) == NO_REG) {
+    if (reg == NO_REG) {
+      ilp->ins = BCINS_AJ(BC_JMP, bc_a(fs->bcbase[pc].ins), 0);
+    } else {
+      setbc_a(&ilp->ins, reg);
+      if (reg >= bc_a(ilp[1].ins))
+        setbc_a(&ilp[1].ins, reg+1);
     }
-  } else if (bc_a(*ip) == NO_REG) {
-    if (reg == NO_REG)
-      *ip = BCINS_AJ(BC_JMP, bc_a(fs->bcbase[pc].ins), 0);
-    else
-      setbc_a(ip, reg);
   } else {
     return 0;  /* Cannot patch other instructions. */
   }
@@ -325,7 +328,7 @@ static void jmp_append(FuncState *fs, BCPos *l1, BCPos l2)
 
 /* Patch jump list and preserve produced values. */
 static void jmp_patchval(FuncState *fs, BCPos list, BCPos vtarget,
-                       BCReg reg, BCPos dtarget)
+                         BCReg reg, BCPos dtarget)
 {
   while (list != NO_JMP) {
     BCPos next = jmp_next(fs, list);