From e02cb19b570d79133a7581e0163e86b69cc792be Mon Sep 17 00:00:00 2001
From: Mike Pall <mike>
Date: Sun, 10 Dec 2023 15:33:47 +0100
Subject: [PATCH] Fix anchoring for string buffer set() method.

Thanks to Peter Cawley. #1125
---
 src/lj_ffrecord.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/lj_ffrecord.c b/src/lj_ffrecord.c
index 151c4c8c..c70793a4 100644
--- a/src/lj_ffrecord.c
+++ b/src/lj_ffrecord.c
@@ -1204,6 +1204,15 @@ static void LJ_FASTCALL recff_buffer_method_set(jit_State *J, RecordFFData *rd)
   if (tref_isstr(tr)) {
     TRef trp = emitir(IRT(IR_STRREF, IRT_PGC), tr, lj_ir_kint(J, 0));
     TRef len = emitir(IRTI(IR_FLOAD), tr, IRFL_STR_LEN);
+    IRIns *irp = IR(tref_ref(trp));
+    /* Anchor (potentially different) obj into which trp points after fold. */
+    if (irp->o == IR_STRREF) {
+      tr = irp->op1;
+    } else if (irp->o == IR_KKPTR && !tref_isk(tr)) {
+      GCstr *str = strV(&rd->argv[1]);  /* Constify the argument. */
+      tr = lj_ir_kstr(J, str);
+      trp = lj_ir_kkptr(J, (char *)strdata(str));
+    }
     lj_ir_call(J, IRCALL_lj_bufx_set, trbuf, trp, len, tr);
 #if LJ_HASFFI
   } else if (tref_iscdata(tr)) {