Fix maxslots when recording BC_VARG, part 2.

Analyzed by Sergey Kaplun. #1024

diff --git a/src/lj_record.c b/src/lj_record.c
index c9933968f908bed3a7aedac1924084ecb40d9359..6361b42489ba687dc0051809efe8ad8a6357ac8c 100644 (file)
--- a/src/lj_record.c
+++ b/src/lj_record.c
@@ -1518,12 +1518,8 @@ static void rec_varg(jit_State *J, BCReg dst, ptrdiff_t nresults)
   if (J->framedepth > 0) {  /* Simple case: varargs defined on-trace. */
     ptrdiff_t i;
     if (nvararg < 0) nvararg = 0;
-    if (nresults == -1) {
-      nresults = nvararg;
-      J->maxslot = dst + (BCReg)nvararg;
-    } else if (dst + nresults > J->maxslot) {
-      J->maxslot = dst + (BCReg)nresults;
-    }
+    if (nresults == -1) nresults = nvararg;
+    J->maxslot = dst + (BCReg)nresults;
     if (J->baseslot + J->maxslot >= LJ_MAX_JSLOTS)
       lj_trace_err(J, LJ_TRERR_STACKOV);
     for (i = 0; i < nresults; i++)