From 8dd09d5041545f95cd946ebc1e94b397fd2f4811 Mon Sep 17 00:00:00 2001
From: Mike Pall <mike>
Date: Wed, 1 Jun 2011 00:49:29 +0200
Subject: [PATCH] DUALNUM: Fix missing type check for loop index slot.

---
 src/lj_record.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/lj_record.c b/src/lj_record.c
index b712ec56..689d7b80 100644
--- a/src/lj_record.c
+++ b/src/lj_record.c
@@ -388,7 +388,8 @@ static void rec_for_loop(jit_State *J, const BCIns *fori, ScEvEntry *scev,
     rec_for_check(J, t, dir, stop, step);
   scev->start = tref_ref(find_kinit(J, fori, ra+FORL_IDX, IRT_INT));
   tc = (LJ_DUALNUM &&
-	!(scev->start && irref_isk(scev->stop) && irref_isk(scev->step))) ?
+	!(scev->start && irref_isk(scev->stop) && irref_isk(scev->step) &&
+	  tvisint(&tv[FORL_IDX]) == (t == IRT_INT))) ?
 	IRSLOAD_TYPECHECK : 0;
   if (tc) {
     J->base[ra+FORL_STOP] = stop;