From 478bcfe52a653bf338f17690147fa9f5793f5b42 Mon Sep 17 00:00:00 2001
From: Mike Pall <mike>
Date: Sun, 8 Dec 2019 19:25:45 +0100
Subject: [PATCH 1/8] FFI: Workaround for platform dlerror() returning NULL.

Contributed by mcclure.
---
 src/lj_clib.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/lj_clib.c b/src/lj_clib.c
index 8dc3c10e..dc72dced 100644
--- a/src/lj_clib.c
+++ b/src/lj_clib.c
@@ -118,12 +118,13 @@ static void *clib_loadlib(lua_State *L, const char *name, int global)
 		   RTLD_LAZY | (global?RTLD_GLOBAL:RTLD_LOCAL));
   if (!h) {
     const char *e, *err = dlerror();
-    if (*err == '/' && (e = strchr(err, ':')) &&
+    if (err && *err == '/' && (e = strchr(err, ':')) &&
 	(name = clib_resolve_lds(L, strdata(lj_str_new(L, err, e-err))))) {
       h = dlopen(name, RTLD_LAZY | (global?RTLD_GLOBAL:RTLD_LOCAL));
       if (h) return h;
       err = dlerror();
     }
+    if (!err) err = "dlopen failed";
     lj_err_callermsg(L, err);
   }
   return h;

From 1d1bac5a65e03e3fc1cebaf3e3699488c10428ff Mon Sep 17 00:00:00 2001
From: Mike Pall <mike>
Date: Sun, 8 Dec 2019 19:28:54 +0100
Subject: [PATCH 2/8] FFI: Add missing write barrier on C library index update.

Contributed by Yichun Zhang.
---
 src/lj_clib.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/lj_clib.c b/src/lj_clib.c
index dc72dced..41a8738e 100644
--- a/src/lj_clib.c
+++ b/src/lj_clib.c
@@ -364,6 +364,7 @@ TValue *lj_clib_index(lua_State *L, CLibrary *cl, GCstr *name)
       cd = lj_cdata_new(cts, id, CTSIZE_PTR);
       *(void **)cdataptr(cd) = p;
       setcdataV(L, tv, cd);
+      lj_gc_anybarriert(L, cl->cache);
     }
   }
   return tv;

From e0388e6c00866c9ee1c7c9aab8a3ba9e15186b5c Mon Sep 17 00:00:00 2001
From: Mike Pall <mike>
Date: Sun, 8 Dec 2019 19:32:27 +0100
Subject: [PATCH 3/8] Fix stack check when recording BC_VARG.

Contributed by Yichun Zhang.
---
 src/lj_record.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/lj_record.c b/src/lj_record.c
index bc4e8a6d..651bbf55 100644
--- a/src/lj_record.c
+++ b/src/lj_record.c
@@ -1602,6 +1602,8 @@ static void rec_varg(jit_State *J, BCReg dst, ptrdiff_t nresults)
       lj_trace_err_info(J, LJ_TRERR_NYIBC);
     }
   }
+  if (J->baseslot + J->maxslot >= LJ_MAX_JSLOTS)
+    lj_trace_err(J, LJ_TRERR_STACKOV);
 }
 
 /* -- Record allocations -------------------------------------------------- */

From 16e5605eec2e3882d709c6b123a644f6a8023945 Mon Sep 17 00:00:00 2001
From: Mike Pall <mike>
Date: Sun, 8 Dec 2019 19:35:25 +0100
Subject: [PATCH 4/8] Prevent integer overflow while parsing long strings.

---
 src/lj_lex.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lj_lex.c b/src/lj_lex.c
index 36603168..1d063f8f 100644
--- a/src/lj_lex.c
+++ b/src/lj_lex.c
@@ -140,7 +140,7 @@ static int skip_sep(LexState *ls)
   int s = ls->current;
   lua_assert(s == '[' || s == ']');
   save_and_next(ls);
-  while (ls->current == '=') {
+  while (ls->current == '=' && count < 0x20000000) {
     save_and_next(ls);
     count++;
   }

From 46a1b268eb0534182eda0447303c344a071632fe Mon Sep 17 00:00:00 2001
From: Mike Pall <mike>
Date: Sun, 8 Dec 2019 19:40:24 +0100
Subject: [PATCH 5/8] Add stricter check for print() vs. tostring() shortcut.

---
 src/lib_base.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/lib_base.c b/src/lib_base.c
index 162bbbb2..98ed3d60 100644
--- a/src/lib_base.c
+++ b/src/lib_base.c
@@ -504,7 +504,8 @@ LJLIB_CF(print)
     lua_gettable(L, LUA_GLOBALSINDEX);
     tv = L->top-1;
   }
-  shortcut = (tvisfunc(tv) && funcV(tv)->c.ffid == FF_tostring);
+  shortcut = (tvisfunc(tv) && funcV(tv)->c.ffid == FF_tostring)
+              && !gcrefu(basemt_it(G(L), LJ_TNUMX));
   for (i = 0; i < nargs; i++) {
     const char *str;
     size_t size;

From 41a25efc80bf7b33b2f52a6602a1a82bbe969f1d Mon Sep 17 00:00:00 2001
From: Mike Pall <mike>
Date: Sun, 8 Dec 2019 19:42:49 +0100
Subject: [PATCH 6/8] Fix declarations of _BitScanForward/_BitScanReverse.

Reported by Mumin Guler.
---
 src/lj_def.h | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/lj_def.h b/src/lj_def.h
index c7600d33..e9249e0d 100644
--- a/src/lj_def.h
+++ b/src/lj_def.h
@@ -254,19 +254,19 @@ static LJ_AINLINE uint32_t lj_fls(uint32_t x)
   return _CountLeadingZeros(x) ^ 31;
 }
 #else
-unsigned char _BitScanForward(uint32_t *, unsigned long);
-unsigned char _BitScanReverse(uint32_t *, unsigned long);
+unsigned char _BitScanForward(unsigned long *, unsigned long);
+unsigned char _BitScanReverse(unsigned long *, unsigned long);
 #pragma intrinsic(_BitScanForward)
 #pragma intrinsic(_BitScanReverse)
 
 static LJ_AINLINE uint32_t lj_ffs(uint32_t x)
 {
-  uint32_t r; _BitScanForward(&r, x); return r;
+  unsigned long r; _BitScanForward(&r, x); return (uint32_t)r;
 }
 
 static LJ_AINLINE uint32_t lj_fls(uint32_t x)
 {
-  uint32_t r; _BitScanReverse(&r, x); return r;
+  unsigned long r; _BitScanReverse(&r, x); return (uint32_t)r;
 }
 #endif
 

From 324aef08d9b178aa0640fb8ae5ac0a361ec72716 Mon Sep 17 00:00:00 2001
From: Mike Pall <mike>
Date: Sun, 8 Dec 2019 19:45:07 +0100
Subject: [PATCH 7/8] Typo.

---
 src/lj_asm.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/lj_asm.c b/src/lj_asm.c
index 8ce7bbd6..e486b03c 100644
--- a/src/lj_asm.c
+++ b/src/lj_asm.c
@@ -22,7 +22,6 @@
 #include "lj_ircall.h"
 #include "lj_iropt.h"
 #include "lj_mcode.h"
-#include "lj_iropt.h"
 #include "lj_trace.h"
 #include "lj_snap.h"
 #include "lj_asm.h"

From de48d000941f58a8d4d816e9d227de8a4f3c9de6 Mon Sep 17 00:00:00 2001
From: Mike Pall <mike>
Date: Sun, 8 Dec 2019 19:47:00 +0100
Subject: [PATCH 8/8] Fix hash table chaining (again).

Thanks to Peter Cawley.
---
 src/lj_tab.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/src/lj_tab.c b/src/lj_tab.c
index f2f3c0b0..2ff5eb0d 100644
--- a/src/lj_tab.c
+++ b/src/lj_tab.c
@@ -452,8 +452,7 @@ TValue *lj_tab_newkey(lua_State *L, GCtab *t, cTValue *key)
       /* Rechain pseudo-resurrected string keys with colliding hashes. */
       while (nextnode(freenode)) {
 	Node *nn = nextnode(freenode);
-	if (tvisstr(&nn->key) && !tvisnil(&nn->val) &&
-	    hashstr(t, strV(&nn->key)) == n) {
+	if (!tvisnil(&nn->val) && hashkey(t, &nn->key) == n) {
 	  freenode->next = nn->next;
 	  nn->next = n->next;
 	  setmref(n->next, nn);
@@ -466,9 +465,9 @@ TValue *lj_tab_newkey(lua_State *L, GCtab *t, cTValue *key)
 	  ** any string key that's currently in a non-main positions.
 	  */
 	  while ((nn = nextnode(freenode))) {
-	    if (tvisstr(&nn->key) && !tvisnil(&nn->val)) {
-	      Node *mn = hashstr(t, strV(&nn->key));
-	      if (mn != freenode) {
+	    if (!tvisnil(&nn->val)) {
+	      Node *mn = hashkey(t, &nn->key);
+	      if (mn != freenode && mn != nn) {
 		freenode->next = nn->next;
 		nn->next = mn->next;
 		setmref(mn->next, nn);