From caf7cbc57c945f7b68871ad72abafb2b6e6fb7f5 Mon Sep 17 00:00:00 2001 From: Mike Pall Date: Sat, 12 Aug 2023 16:21:41 +0200 Subject: [PATCH 1/2] Fix predict_next() in parser. Reported by Sergey Kaplun. #1033 --- src/lj_parse.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/lj_parse.c b/src/lj_parse.c index 57eb11cc..493a3e24 100644 --- a/src/lj_parse.c +++ b/src/lj_parse.c @@ -2532,6 +2532,7 @@ static int predict_next(LexState *ls, FuncState *fs, BCPos pc) cTValue *o; switch (bc_op(ins)) { case BC_MOV: + if (bc_d(ins) >= fs->nactvar) return 0; name = gco2str(gcref(var_get(ls, fs, bc_d(ins)).name)); break; case BC_UGET: From abb27c7771947e082c9d919d184ad5f5f03e2e32 Mon Sep 17 00:00:00 2001 From: Mike Pall Date: Sat, 12 Aug 2023 20:16:56 +0200 Subject: [PATCH 2/2] Fix maxslots when recording BC_VARG, part 3. Thanks to Peter Cawley. #1046 --- src/lj_record.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/lj_record.c b/src/lj_record.c index 6361b424..751d9eb7 100644 --- a/src/lj_record.c +++ b/src/lj_record.c @@ -1518,8 +1518,12 @@ static void rec_varg(jit_State *J, BCReg dst, ptrdiff_t nresults) if (J->framedepth > 0) { /* Simple case: varargs defined on-trace. */ ptrdiff_t i; if (nvararg < 0) nvararg = 0; - if (nresults == -1) nresults = nvararg; - J->maxslot = dst + (BCReg)nresults; + if (nresults != 1) { + if (nresults == -1) nresults = nvararg; + J->maxslot = dst + (BCReg)nresults; + } else if (dst >= J->maxslot) { + J->maxslot = dst + 1; + } if (J->baseslot + J->maxslot >= LJ_MAX_JSLOTS) lj_trace_err(J, LJ_TRERR_STACKOV); for (i = 0; i < nresults; i++) @@ -1552,7 +1556,9 @@ static void rec_varg(jit_State *J, BCReg dst, ptrdiff_t nresults) } for (i = nvararg; i < nresults; i++) J->base[dst+i] = TREF_NIL; - J->maxslot = dst + (BCReg)nresults; + if (nresults != 1 || dst >= J->maxslot) { + J->maxslot = dst + (BCReg)nresults; + } } else if (select_detect(J)) { /* y = select(x, ...) */ TRef tridx = J->base[dst-1]; TRef tr = TREF_NIL;