Prevent recording of loops with -0 step or NaN values.

Thanks to Sergey Kaplun. #1432 #1433

diff --git a/src/lj_record.c b/src/lj_record.c
index 1919ab03bc1f7a1a0fcaa07ed7656bf1884e56d4..6c64c645024cf6d1790755e12b52efc048ca664e 100644 (file)
--- a/src/lj_record.c
+++ b/src/lj_record.c
@@ -526,6 +526,12 @@ static LoopEvent rec_for(jit_State *J, const BCIns *fori, int isforl)
   LoopEvent ev;
   TRef stop;
   IRType t;
+  /* Avoid semantic mismatches and always failing guards. */
+  if (tvisnan(&tv[FORL_IDX]) ||
+      tvisnan(&tv[FORL_STOP]) ||
+      tvisnan(&tv[FORL_STEP]) ||
+      tvismzero(&tv[FORL_STEP]))
+    lj_trace_err(J, LJ_TRERR_GFAIL);
   if (isforl) {  /* Handle FORL/JFORL opcodes. */
     TRef idx = tr[FORL_IDX];
     if (mref(J->scev.pc, const BCIns) == fori && tref_ref(idx) == J->scev.idx) {