From c64020f3c6d124503213147f2fb47c20335a395b Mon Sep 17 00:00:00 2001
From: Mike Pall <mike>
Date: Thu, 24 Jul 2025 15:29:54 +0200
Subject: FFI: Fix dangling CType references (again).

Reported by Sergey Kaplun. Collateral of #1360
---
 src/lj_crecord.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

(limited to 'src')

diff --git a/src/lj_crecord.c b/src/lj_crecord.c
index f686b35f..80e25ef8 100644
--- a/src/lj_crecord.c
+++ b/src/lj_crecord.c
@@ -1125,6 +1125,7 @@ static int crec_call(jit_State *J, RecordFFData *rd, GCcdata *cd)
   if (ctype_isfunc(info)) {
     TRef func = emitir(IRT(IR_FLOAD, tp), J->base[0], IRFL_CDATA_PTR);
     CType *ctr = ctype_rawchild(cts, ct);
+    CTInfo ctr_info = ctr->info;  /* crec_call_args may invalidate ctr. */
     IRType t = crec_ct2irt(cts, ctr);
     TRef tr;
     TValue tv;
@@ -1133,11 +1134,11 @@ static int crec_call(jit_State *J, RecordFFData *rd, GCcdata *cd)
 		cdata_getptr(cdataptr(cd), (LJ_64 && tp == IRT_P64) ? 8 : 4));
     if (tvistrue(lj_tab_get(J->L, cts->miscmap, &tv)))
       lj_trace_err(J, LJ_TRERR_BLACKL);
-    if (ctype_isvoid(ctr->info)) {
+    if (ctype_isvoid(ctr_info)) {
       t = IRT_NIL;
       rd->nres = 0;
-    } else if (!(ctype_isnum(ctr->info) || ctype_isptr(ctr->info) ||
-		 ctype_isenum(ctr->info)) || t == IRT_CDATA) {
+    } else if (!(ctype_isnum(ctr_info) || ctype_isptr(ctr_info) ||
+		 ctype_isenum(ctr_info)) || t == IRT_CDATA) {
       lj_trace_err(J, LJ_TRERR_NYICALL);
     }
     if ((info & CTF_VARARG)
@@ -1148,7 +1149,7 @@ static int crec_call(jit_State *J, RecordFFData *rd, GCcdata *cd)
       func = emitir(IRT(IR_CARG, IRT_NIL), func,
 		    lj_ir_kint(J, ctype_typeid(cts, ct)));
     tr = emitir(IRT(IR_CALLXS, t), crec_call_args(J, rd, cts, ct), func);
-    if (ctype_isbool(ctr->info)) {
+    if (ctype_isbool(ctr_info)) {
       if (frame_islua(J->L->base-1) && bc_b(frame_pc(J->L->base-1)[-1]) == 1) {
 	/* Don't check result if ignored. */
 	tr = TREF_NIL;
@@ -1164,7 +1165,7 @@ static int crec_call(jit_State *J, RecordFFData *rd, GCcdata *cd)
 	tr = TREF_TRUE;
       }
     } else if (t == IRT_PTR || (LJ_64 && t == IRT_P32) ||
-	       t == IRT_I64 || t == IRT_U64 || ctype_isenum(ctr->info)) {
+	       t == IRT_I64 || t == IRT_U64 || ctype_isenum(ctr_info)) {
       TRef trid = lj_ir_kint(J, ctype_cid(info));
       tr = emitir(IRTG(IR_CNEWI, IRT_CDATA), trid, tr);
       if (t == IRT_I64 || t == IRT_U64) lj_needsplit(J);
-- 
cgit v1.2.3-55-g6feb


From e3fa3c48d8a4aadcf86429e9f7f6f1171914b15a Mon Sep 17 00:00:00 2001
From: Mike Pall <mike>
Date: Thu, 24 Jul 2025 15:35:56 +0200
Subject: Avoid out-of-range PC for stack overflow error from snapshot restore.

Reported by Sergey Kaplun. #1369
---
 src/lj_debug.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'src')

diff --git a/src/lj_debug.c b/src/lj_debug.c
index a639cddf..f3409649 100644
--- a/src/lj_debug.c
+++ b/src/lj_debug.c
@@ -101,6 +101,7 @@ static BCPos debug_framepc(lua_State *L, GCfunc *fn, cTValue *nextframe)
   pt = funcproto(fn);
   pos = proto_bcpos(pt, ins) - 1;
 #if LJ_HASJIT
+  if (pos == NO_BCPOS) return 1;  /* Pretend it's the first bytecode. */
   if (pos > pt->sizebc) {  /* Undo the effects of lj_trace_exit for JLOOP. */
     if (bc_isret(bc_op(ins[-1]))) {
       GCtrace *T = (GCtrace *)((char *)(ins-1) - offsetof(GCtrace, startins));
-- 
cgit v1.2.3-55-g6feb


From c92d0cb19263e7e302b4740ba6617a32c201c613 Mon Sep 17 00:00:00 2001
From: Mike Pall <mike>
Date: Thu, 24 Jul 2025 15:38:45 +0200
Subject: x86/x64: Don't use undefined MUL/IMUL zero flag.

Reported by VrIgHtEr. #1376
---
 src/lj_asm_x86.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/lj_asm_x86.h b/src/lj_asm_x86.h
index 239066d4..8b6ce479 100644
--- a/src/lj_asm_x86.h
+++ b/src/lj_asm_x86.h
@@ -1841,7 +1841,8 @@ static void asm_intarith(ASMState *as, IRIns *ir, x86Arith xa)
   RegSet allow = RSET_GPR;
   Reg dest, right;
   int32_t k = 0;
-  if (as->flagmcp == as->mcp) {  /* Drop test r,r instruction. */
+  if (as->flagmcp == as->mcp && xa != XOg_X_IMUL) {
+    /* Drop test r,r instruction. */
     MCode *p = as->mcp + ((LJ_64 && *as->mcp < XI_TESTb) ? 3 : 2);
     MCode *q = p[0] == 0x0f ? p+1 : p;
     if ((*q & 15) < 14) {
-- 
cgit v1.2.3-55-g6feb