From db944b2b56c86fcf133745976763604d96110285 Mon Sep 17 00:00:00 2001 From: Mike Pall Date: Sat, 21 Oct 2023 13:11:50 +0200 Subject: [PATCH] FFI: Fix dangling reference to CType in carith_checkarg(). Reported by Sergey Kaplun. #1108 --- src/lj_carith.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/lj_carith.c b/src/lj_carith.c index 96384e87..bad5fe66 100644 --- a/src/lj_carith.c +++ b/src/lj_carith.c @@ -42,9 +42,13 @@ static int carith_checkarg(lua_State *L, CTState *cts, CDArith *ca) p = (uint8_t *)cdata_getptr(p, ct->size); if (ctype_isref(ct->info)) ct = ctype_rawchild(cts, ct); } else if (ctype_isfunc(ct->info)) { + CTypeID id0 = i ? ctype_typeid(cts, ca->ct[0]) : 0; p = (uint8_t *)*(void **)p; ct = ctype_get(cts, lj_ctype_intern(cts, CTINFO(CT_PTR, CTALIGN_PTR|id), CTSIZE_PTR)); + if (i) { /* cts->tab may have been reallocated. */ + ca->ct[0] = ctype_get(cts, id0); + } } if (ctype_isenum(ct->info)) ct = ctype_child(cts, ct); ca->ct[i] = ct;