Don't access dangling reference to reallocated IR.

author: Mike Pall <mike> 2014-03-06 00:39:37 +0100
committer: Mike Pall <mike> 2014-03-06 00:39:37 +0100
commit: 416abff90dae9c66e17efe9d6a01efce63eefba8 (patch)
tree: 01ca49cf5edd5fbe2afd848a92cdd74b213fec25
parent: e94150877da95140db47a4e58e14cc9000be273c (diff)
download: luajit2-416abff90dae9c66e17efe9d6a01efce63eefba8.tar.gz
1 files changed, 11 insertions, 9 deletions
diff --git a/src/lj_asm.c b/src/lj_asm.c
index 3f472d28..264649ae 100644
--- a/src/lj_asm.c
+++ b/src/lj_asm.c
@@ -1246,16 +1246,18 @@ static void asm_phi_fixup(ASMState *as)
     Reg r = rset_picktop(work);
     IRRef lref = as->phireg[r];
     IRIns *ir = IR(lref);
-    /* Left PHI gained a spill slot before the loop? */
-    if (irt_ismarked(ir->t) && ra_hasspill(ir->s)) {
-      IRRef ren;
-      lj_ir_set(as->J, IRT(IR_RENAME, IRT_NIL), lref, as->loopsnapno);
-      ren = tref_ref(lj_ir_emit(as->J));
-      as->ir = as->T->ir;  /* The IR may have been reallocated. */
-      IR(ren)->r = (uint8_t)r;
-      IR(ren)->s = SPS_NONE;
+    if (irt_ismarked(ir->t)) {
+      irt_clearmark(ir->t);
+      /* Left PHI gained a spill slot before the loop? */
+      if (ra_hasspill(ir->s)) {
+	IRRef ren;
+	lj_ir_set(as->J, IRT(IR_RENAME, IRT_NIL), lref, as->loopsnapno);
+	ren = tref_ref(lj_ir_emit(as->J));
+	as->ir = as->T->ir;  /* The IR may have been reallocated. */
+	IR(ren)->r = (uint8_t)r;
+	IR(ren)->s = SPS_NONE;
+      }
     }
-    irt_clearmark(ir->t);  /* Always clear marker. */
     rset_clear(work, r);
   }
 }
author	Mike Pall <mike>	2014-03-06 00:39:37 +0100
committer	Mike Pall <mike>	2014-03-06 00:39:37 +0100
commit	416abff90dae9c66e17efe9d6a01efce63eefba8 (patch)
tree	01ca49cf5edd5fbe2afd848a92cdd74b213fec25
parent	e94150877da95140db47a4e58e14cc9000be273c (diff)
download	luajit2-416abff90dae9c66e17efe9d6a01efce63eefba8.tar.gz