Prevent loop in snap_usedef().

Reported by XmiliaH.
author: Mike Pall <mike> 2021-07-23 21:33:59 +0200
committer: Mike Pall <mike> 2021-07-23 21:33:59 +0200
commit: 0e66fc96377853d898390f1a02723c54ec3a42f7 (patch)
tree: 2abd8d910800c7a0e9a253328e08158a48d1bc51 /src
parent: d87da3d5fed7f046c426d6a747bb84c2880f4e8d (diff)
download: luajit-0e66fc96377853d898390f1a02723c54ec3a42f7.tar.gz
luajit-0e66fc96377853d898390f1a02723c54ec3a42f7.tar.bz2
luajit-0e66fc96377853d898390f1a02723c54ec3a42f7.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/src/lj_snap.c b/src/lj_snap.c
index eb14058e..91880fcf 100644
--- a/src/lj_snap.c
+++ b/src/lj_snap.c
@@ -214,7 +214,12 @@ static BCReg snap_usedef(jit_State *J, uint8_t *udf,
      BCReg minslot = bc_a(ins);
      if (op >= BC_FORI && op <= BC_JFORL) minslot += FORL_EXT;
      else if (op >= BC_ITERL && op <= BC_JITERL) minslot += bc_b(pc[-2])-1;
-      else if (op == BC_UCLO) { pc += bc_j(ins); break; }
+      else if (op == BC_UCLO) {
+        ptrdiff_t delta = bc_j(ins);
+        if (delta < 0) return maxslot;  /* Prevent loop. */
+        pc += delta;
+        break;
+      }
      for (s = minslot; s < maxslot; s++) DEF_SLOT(s);
      return minslot < maxslot ? minslot : maxslot;
      }
author	Mike Pall <mike>	2021-07-23 21:33:59 +0200
committer	Mike Pall <mike>	2021-07-23 21:33:59 +0200
commit	0e66fc96377853d898390f1a02723c54ec3a42f7 (patch)
tree	2abd8d910800c7a0e9a253328e08158a48d1bc51 /src
parent	d87da3d5fed7f046c426d6a747bb84c2880f4e8d (diff)
download	luajit-0e66fc96377853d898390f1a02723c54ec3a42f7.tar.gz luajit-0e66fc96377853d898390f1a02723c54ec3a42f7.tar.bz2 luajit-0e66fc96377853d898390f1a02723c54ec3a42f7.zip