From 0e66fc96377853d898390f1a02723c54ec3a42f7 Mon Sep 17 00:00:00 2001
From: Mike Pall <mike>
Date: Fri, 23 Jul 2021 21:33:59 +0200
Subject: Prevent loop in snap_usedef().

Reported by XmiliaH.
---
 src/lj_snap.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/lj_snap.c b/src/lj_snap.c
index eb14058e..91880fcf 100644
--- a/src/lj_snap.c
+++ b/src/lj_snap.c
@@ -214,7 +214,12 @@ static BCReg snap_usedef(jit_State *J, uint8_t *udf,
       BCReg minslot = bc_a(ins);
       if (op >= BC_FORI && op <= BC_JFORL) minslot += FORL_EXT;
       else if (op >= BC_ITERL && op <= BC_JITERL) minslot += bc_b(pc[-2])-1;
-      else if (op == BC_UCLO) { pc += bc_j(ins); break; }
+      else if (op == BC_UCLO) {
+	ptrdiff_t delta = bc_j(ins);
+	if (delta < 0) return maxslot;  /* Prevent loop. */
+	pc += delta;
+	break;
+      }
       for (s = minslot; s < maxslot; s++) DEF_SLOT(s);
       return minslot < maxslot ? minslot : maxslot;
       }
-- 
cgit v1.2.1