Don't access dangling reference to reallocated IR.

author Mike Pall <mike>

Wed, 5 Mar 2014 23:39:37 +0000 (00:39 +0100)

committer Mike Pall <mike>

Wed, 5 Mar 2014 23:39:37 +0000 (00:39 +0100)
author Mike Pall <mike>
Wed, 5 Mar 2014 23:39:37 +0000 (00:39 +0100)
committer Mike Pall <mike>
Wed, 5 Mar 2014 23:39:37 +0000 (00:39 +0100)
diff --git a/src/lj_asm.c b/src/lj_asm.c

index 3f472d2817770c0892b65fffcaa94cb9cbca553a..264649aeb1cf42b2e5a4f5abce1d538a4944ed47 100644 (file)
--- a/src/lj_asm.c
+++ b/src/lj_asm.c
@@ -1246,16 +1246,18 @@ static void asm_phi_fixup(ASMState *as)
      Reg r = rset_picktop(work);
      IRRef lref = as->phireg[r];
      IRIns *ir = IR(lref);
-    /* Left PHI gained a spill slot before the loop? */
-    if (irt_ismarked(ir->t) && ra_hasspill(ir->s)) {
-      IRRef ren;
-      lj_ir_set(as->J, IRT(IR_RENAME, IRT_NIL), lref, as->loopsnapno);
-      ren = tref_ref(lj_ir_emit(as->J));
-      as->ir = as->T->ir;  /* The IR may have been reallocated. */
-      IR(ren)->r = (uint8_t)r;
-      IR(ren)->s = SPS_NONE;
+    if (irt_ismarked(ir->t)) {
+      irt_clearmark(ir->t);
+      /* Left PHI gained a spill slot before the loop? */
+      if (ra_hasspill(ir->s)) {
+       IRRef ren;
+       lj_ir_set(as->J, IRT(IR_RENAME, IRT_NIL), lref, as->loopsnapno);
+       ren = tref_ref(lj_ir_emit(as->J));
+       as->ir = as->T->ir;  /* The IR may have been reallocated. */
+       IR(ren)->r = (uint8_t)r;
+       IR(ren)->s = SPS_NONE;
+      }
      }
-    irt_clearmark(ir->t);  /* Always clear marker. */
      rset_clear(work, r);
    }
  }