From 52f75e9a5c5cc2fad846adae8873b572bafde4c2 Mon Sep 17 00:00:00 2001
From: Mike Pall <mike>
Date: Sun, 12 Sep 2010 03:14:17 +0200
Subject: Fix off-by-one errors in maxslot calculation of trace recorder.

---
 src/lj_record.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/lj_record.c')

diff --git a/src/lj_record.c b/src/lj_record.c
index 2bb1c2c8..f82468f0 100644
--- a/src/lj_record.c
+++ b/src/lj_record.c
@@ -628,7 +628,7 @@ static void rec_ret(jit_State *J, BCReg rbase, ptrdiff_t gotresults)
       /* Copy result to destination slot. */
       BCReg dst = bc_a(*(frame_contpc(frame)-1));
       J->base[dst] = gotresults ? J->base[cbase+rbase] : TREF_NIL;
-      if (dst > J->maxslot) J->maxslot = dst+1;
+      if (dst >= J->maxslot) J->maxslot = dst+1;
     } else if (cont == lj_cont_nop) {
       /* Nothing to do here. */
     } else if (cont == lj_cont_cat) {
@@ -659,7 +659,7 @@ static void rec_varg(jit_State *J, BCReg dst, ptrdiff_t nresults)
       nresults = nvararg;
       J->maxslot = dst + nvararg;
     } else if (dst + nresults > J->maxslot) {
-      J->maxslot = dst + nresults + 1;
+      J->maxslot = dst + nresults;
     }
     for (i = 0; i < nresults; i++)
       J->base[dst+i] = i < nvararg ? J->base[i - nvararg - 1] : TREF_NIL;
-- 
cgit v1.2.3-55-g6feb