From 1b774d9da38686532c1da623819fedf7b261f607 Mon Sep 17 00:00:00 2001
From: Mike Pall <mike>
Date: Sat, 27 Dec 2014 05:46:51 +0100
Subject: [PATCH 1/6] Fix corner case in string to number conversion.

---
 src/lj_strscan.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/lj_strscan.c b/src/lj_strscan.c
index a21c414a..0fddd43b 100644
--- a/src/lj_strscan.c
+++ b/src/lj_strscan.c
@@ -289,14 +289,15 @@ static StrScanFmt strscan_dec(const uint8_t *p, TValue *o,
 
     /* Scale down until no more than 17 or 18 integer part digits remain. */
     while (idig > 9) {
-      uint32_t i, cy = 0;
+      uint32_t i = hi, cy = 0;
       ex2 += 6;
-      for (i = hi; i != lo; i = DNEXT(i)) {
+      do {
 	cy += xi[i];
 	xi[i] = (cy >> 6);
 	cy = 100 * (cy & 0x3f);
 	if (xi[i] == 0 && i == hi) hi = DNEXT(hi), idig--;
-      }
+	i = DNEXT(i);
+      } while (i != lo);
       while (cy) {
 	if (hi == lo) { xi[DPREV(lo)] |= 1; break; }
 	xi[lo] = (cy >> 6); lo = DNEXT(lo);

From 54826563b2f5e1f41c234bd021b3144efedcdc6f Mon Sep 17 00:00:00 2001
From: Mike Pall <mike>
Date: Sat, 27 Dec 2014 05:59:16 +0100
Subject: [PATCH 2/6] ARM: Fix excess stack growth in interpreter.

---
 src/vm_arm.dasc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/vm_arm.dasc b/src/vm_arm.dasc
index 82cba909..0865d016 100644
--- a/src/vm_arm.dasc
+++ b/src/vm_arm.dasc
@@ -335,7 +335,7 @@ static void build_subroutines(BuildCtx *ctx)
   |  // - The GC shrinks the stack in between.
   |  // - A return back from a lua_call() with (high) nresults adjustment.
   |  str BASE, L->top			// Save current top held in BASE (yes).
-  |  mov CARG2, KBASE
+  |  lsr CARG2, KBASE, #3
   |  mov CARG1, L
   |  bl extern lj_state_growstack	// (lua_State *L, int n)
   |  ldr BASE, L->top			// Need the (realloced) L->top in BASE.
@@ -389,7 +389,7 @@ static void build_subroutines(BuildCtx *ctx)
   |  str BASE, L->base
   |   add PC, PC, #4			// Must point after first instruction.
   |  str RC, L->top
-  |   lsr CARG3, RA, #3
+  |   lsr CARG2, RA, #3
   |2:
   |  // L->base = new base, L->top = top
   |  str PC, SAVE_PC

From 16f910b4a8144d7a0b9aa5b6bf3cd0226e8e764e Mon Sep 17 00:00:00 2001
From: Mike Pall <mike>
Date: Sat, 27 Dec 2014 06:03:06 +0100
Subject: [PATCH 3/6] ARM: Fix write barrier check in BC_USETS.

---
 src/vm_arm.dasc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/vm_arm.dasc b/src/vm_arm.dasc
index 0865d016..2d600d22 100644
--- a/src/vm_arm.dasc
+++ b/src/vm_arm.dasc
@@ -3241,10 +3241,10 @@ static void build_ins(BuildCtx *ctx, BCOp op, int defop)
     |    mvn RC, RC
     |  ldr UPVAL:CARG2, [LFUNC:CARG2, RA]
     |    ldr STR:CARG3, [KBASE, RC, lsl #2]
-    |    mvn CARG4, #~LJ_TSTR
     |  ldrb RB, UPVAL:CARG2->marked
-    |   ldr CARG2, UPVAL:CARG2->v
     |     ldrb RC, UPVAL:CARG2->closed
+    |   ldr CARG2, UPVAL:CARG2->v
+    |    mvn CARG4, #~LJ_TSTR
     |  tst RB, #LJ_GC_BLACK		// isblack(uv)
     |    ldrb RB, STR:CARG3->marked
     |   strd CARG34, [CARG2]

From 6319e0312dd77ff0f59399a26ef96bfccacdf302 Mon Sep 17 00:00:00 2001
From: Mike Pall <mike>
Date: Sat, 27 Dec 2014 06:05:50 +0100
Subject: [PATCH 4/6] PPC: Fix excess stack growth in interpreter.

---
 src/vm_ppc.dasc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/vm_ppc.dasc b/src/vm_ppc.dasc
index 7ae40ecd..30e4c663 100644
--- a/src/vm_ppc.dasc
+++ b/src/vm_ppc.dasc
@@ -586,7 +586,7 @@ static void build_subroutines(BuildCtx *ctx)
   |  // - A return back from a lua_call() with (high) nresults adjustment.
   |  stp BASE, L->top			// Save current top held in BASE (yes).
   |   mr SAVE0, RD
-  |  mr CARG2, TMP2
+  |  srwi CARG2, TMP2, 3
   |  mr CARG1, L
   |  bl extern lj_state_growstack	// (lua_State *L, int n)
   |    lwz TMP2, SAVE_NRES

From f45d11e2fea7a56dcf699e72dee40b475590128c Mon Sep 17 00:00:00 2001
From: Mike Pall <mike>
Date: Sat, 27 Dec 2014 06:06:07 +0100
Subject: [PATCH 5/6] MIPS: Fix excess stack growth in interpreter.

---
 src/vm_mips.dasc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/vm_mips.dasc b/src/vm_mips.dasc
index 0ec13e60..96f20659 100644
--- a/src/vm_mips.dasc
+++ b/src/vm_mips.dasc
@@ -398,7 +398,7 @@ static void build_subroutines(BuildCtx *ctx)
   |  // - A return back from a lua_call() with (high) nresults adjustment.
   |  load_got lj_state_growstack
   |   move MULTRES, RD
-  |  move CARG2, TMP2
+  |  srl CARG2, TMP2, 3
   |  call_intern lj_state_growstack	// (lua_State *L, int n)
   |.  move CARG1, L
   |    lw TMP2, SAVE_NRES

From db7cb5ab0ebf15f60e7b23e8edce95707fc451b1 Mon Sep 17 00:00:00 2001
From: Mike Pall <mike>
Date: Sat, 27 Dec 2014 06:08:36 +0100
Subject: [PATCH 6/6] DynASM/ARM: Fix rollback for variant templates.

---
 dynasm/dasm_arm.lua | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/dynasm/dasm_arm.lua b/dynasm/dasm_arm.lua
index 3aa8dead..d5078f7e 100644
--- a/dynasm/dasm_arm.lua
+++ b/dynasm/dasm_arm.lua
@@ -929,13 +929,16 @@ map_op[".template__"] = function(params, template, nparams)
   -- A single opcode needs a maximum of 3 positions.
   if secpos+3 > maxsecpos then wflush() end
   local pos = wpos()
-  local apos, spos = #actargs, secpos
+  local lpos, apos, spos = #actlist, #actargs, secpos
 
   local ok, err
   for t in gmatch(template, "[^|]+") do
     ok, err = pcall(parse_template, params, t, nparams, pos)
     if ok then return end
     secpos = spos
+    actlist[lpos+1] = nil
+    actlist[lpos+2] = nil
+    actlist[lpos+3] = nil
     actargs[apos+1] = nil
     actargs[apos+2] = nil
     actargs[apos+3] = nil