gh-mirror/mikepaul-LuaJIT
1
0
Fork 0
mirror of https://github.com/LuaJIT/LuaJIT.git synced 2025-02-07 15:14:08 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix maxslots when recording BC_TSETM.

Browse Source 
Analyzed by Sergey Kaplun. #1025
This commit is contained in:
Mike Pall 2023-07-08 19:44:48 +02:00
parent 69dadad6c3
commit 0cc5fdfbc0
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/lj_record.c
View File

@ -116,6 +116,7 @@ static void rec_check_slots(jit_State *J)
cTValue *tv = &base[s]; cTValue *tv = &base[s];
IRRef ref = tref_ref(tr); IRRef ref = tref_ref(tr);
IRIns *ir = NULL; /* Silence compiler. */ IRIns *ir = NULL; /* Silence compiler. */
lj_assertJ(tv < J->L->top, "slot %d above top of Lua stack", s);
if (!LJ_FR2 || ref || !(tr & (TREF_FRAME | TREF_CONT))) { if (!LJ_FR2 || ref || !(tr & (TREF_FRAME | TREF_CONT))) {
lj_assertJ(ref >= J->cur.nk && ref < J->cur.nins, lj_assertJ(ref >= J->cur.nk && ref < J->cur.nins,
"slot %d ref %04d out of range", s, ref - REF_BIAS); "slot %d ref %04d out of range", s, ref - REF_BIAS);
@ -2476,6 +2477,7 @@ void lj_record_ins(jit_State *J)
case BC_TSETM: case BC_TSETM:
rec_tsetm(J, ra, (BCReg)(J->L->top - J->L->base), (int32_t)rcv->u32.lo); rec_tsetm(J, ra, (BCReg)(J->L->top - J->L->base), (int32_t)rcv->u32.lo);
J->maxslot = ra; /* The table slot at ra-1 is the highest used slot. */
break; break;
case BC_TNEW: case BC_TNEW: