[Tarantool-patches] [PATCH luajit 15/19] Fix LJ_MAX_JSLOTS assertion in rec_check_slots().
Sergey Kaplun
skaplun at tarantool.org
Wed Aug 9 18:36:04 MSK 2023
From: Mike Pall <mike>
Thanks to Yichun Zhang.
(cherry-picked from commit 1c89933f129dde76944336c6bfd05297b8d67730)
This patch is predecessor for the commit
944d32afd6ddd9dbac1cddf64bf81333efeb9e30 ("Add missing LJ_MAX_JSLOTS
check.") It tries to fix the issue, when `J->baseslot == LJ_MAX_JSLOTS`,
that leading to the assertion failure. Since the predecessor patch,
there are no places, that can lead to the condition failure, since we
always check that new baseslot + framesize (+ vargframe) >=
`LJ_MAX_JSLOTS`. As far as minimum framesize is 1 (see <src/lj_parse.c>
for details), we can't obtain this assertion failure. This patch is
added for the consistency with the upstream.
Since the predecessor patch fixes the issue, there is no new test case
to add.
Sergey Kaplun:
* added the description for the problem
Part of tarantool/tarantool#8825
---
src/lj_record.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/lj_record.c b/src/lj_record.c
index 02d9db9e..6030f77c 100644
--- a/src/lj_record.c
+++ b/src/lj_record.c
@@ -87,9 +87,9 @@ static void rec_check_slots(jit_State *J)
BCReg s, nslots = J->baseslot + J->maxslot;
int32_t depth = 0;
cTValue *base = J->L->base - J->baseslot;
- lua_assert(J->baseslot >= 1+LJ_FR2 && J->baseslot < LJ_MAX_JSLOTS);
+ lua_assert(J->baseslot >= 1+LJ_FR2);
lua_assert(J->baseslot == 1+LJ_FR2 || (J->slot[J->baseslot-1] & TREF_FRAME));
- lua_assert(nslots < LJ_MAX_JSLOTS);
+ lua_assert(nslots <= LJ_MAX_JSLOTS);
for (s = 0; s < nslots; s++) {
TRef tr = J->slot[s];
if (tr) {
--
2.41.0
More information about the Tarantool-patches
mailing list