diff --git a/src/lj_ccall.c b/src/lj_ccall.c
index 71331f39..392012ff 100644
--- a/src/lj_ccall.c
+++ b/src/lj_ccall.c
@@ -810,6 +810,7 @@ int lj_ccall_func(lua_State *L, GCcdata *cd)
     int gcsteps, ret;
     cc.func = (void (*)(void))cdata_getptr(cdataptr(cd), sz);
     gcsteps = ccall_set_args(L, cts, ct, &cc);
+    ct = (CType *)((intptr_t)ct-(intptr_t)cts->tab);
     cts->cb.slot = ~0u;
     lj_vm_ffi_call(&cc);
     if (cts->cb.slot != ~0u) {  /* Blacklist function that called a callback. */
@@ -817,6 +818,7 @@ int lj_ccall_func(lua_State *L, GCcdata *cd)
       setlightudV(&tv, (void *)cc.func);
       setboolV(lj_tab_set(L, cts->miscmap, &tv), 1);
     }
+    ct = (CType *)((intptr_t)ct+(intptr_t)cts->tab);  /* May be reallocated. */
     gcsteps += ccall_get_results(L, cts, ct, &cc, &ret);
 #if LJ_TARGET_X86 && LJ_ABI_WIN
     /* Automatically detect __stdcall and fix up C function declaration. */