From a01cba9d2d74efc57376822aa43db2d5043af5a4 Mon Sep 17 00:00:00 2001
From: Mike Pall <mike>
Date: Sun, 9 Jul 2023 21:08:12 +0200
Subject: [PATCH] Fix maxslots when recording BC_VARG, part 2.

Analyzed by Sergey Kaplun. #1024
---
 src/lj_record.c | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/src/lj_record.c b/src/lj_record.c
index c9933968..6361b424 100644
--- a/src/lj_record.c
+++ b/src/lj_record.c
@@ -1518,12 +1518,8 @@ static void rec_varg(jit_State *J, BCReg dst, ptrdiff_t nresults)
   if (J->framedepth > 0) {  /* Simple case: varargs defined on-trace. */
     ptrdiff_t i;
     if (nvararg < 0) nvararg = 0;
-    if (nresults == -1) {
-      nresults = nvararg;
-      J->maxslot = dst + (BCReg)nvararg;
-    } else if (dst + nresults > J->maxslot) {
-      J->maxslot = dst + (BCReg)nresults;
-    }
+    if (nresults == -1) nresults = nvararg;
+    J->maxslot = dst + (BCReg)nresults;
     if (J->baseslot + J->maxslot >= LJ_MAX_JSLOTS)
       lj_trace_err(J, LJ_TRERR_STACKOV);
     for (i = 0; i < nresults; i++)