From 309fb42b871b6414f53e0e0e708bce0b0d62daff Mon Sep 17 00:00:00 2001
From: Mike Pall <mike>
Date: Mon, 28 Aug 2023 21:00:37 +0200
Subject: [PATCH 1/2] Fix predict_next() in parser (again).

Reported by Sergey Bronnikov. #1054
---
 src/lj_parse.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/lj_parse.c b/src/lj_parse.c
index c0cbd261..afdbcc3d 100644
--- a/src/lj_parse.c
+++ b/src/lj_parse.c
@@ -2527,9 +2527,11 @@ static void parse_for_num(LexState *ls, GCstr *varname, BCLine line)
 */
 static int predict_next(LexState *ls, FuncState *fs, BCPos pc)
 {
-  BCIns ins = fs->bcbase[pc].ins;
+  BCIns ins;
   GCstr *name;
   cTValue *o;
+  if (pc >= fs->bclim) return 0;
+  ins = fs->bcbase[pc].ins;
   switch (bc_op(ins)) {
   case BC_MOV:
     if (bc_d(ins) >= fs->nactvar) return 0;

From 14e2917e7ab3d6f043d6604298bfa66470c6f47d Mon Sep 17 00:00:00 2001
From: Mike Pall <mike>
Date: Mon, 28 Aug 2023 21:04:01 +0200
Subject: [PATCH 2/2] Fix external C call stack check when using
 LUAJIT_MODE_WRAPCFUNC.

Thanks to Peter Cawley. #1047
---
 src/lj_dispatch.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/lj_dispatch.c b/src/lj_dispatch.c
index 8009d289..63e09752 100644
--- a/src/lj_dispatch.c
+++ b/src/lj_dispatch.c
@@ -292,9 +292,9 @@ int luaJIT_setmode(lua_State *L, int idx, int mode)
       } else {
 	return 0;  /* Failed. */
       }
-      g->bc_cfunc_ext = BCINS_AD(BC_FUNCCW, 0, 0);
+      setbc_op(&g->bc_cfunc_ext, BC_FUNCCW);
     } else {
-      g->bc_cfunc_ext = BCINS_AD(BC_FUNCC, 0, 0);
+      setbc_op(&g->bc_cfunc_ext, BC_FUNCC);
     }
     break;
   default: