FFI: Fix dangling reference to CType in carith_checkarg().

author Mike Pall <mike>

Sat, 21 Oct 2023 11:11:50 +0000 (13:11 +0200)

committer Mike Pall <mike>

Sat, 21 Oct 2023 11:11:50 +0000 (13:11 +0200)
author Mike Pall <mike>
Sat, 21 Oct 2023 11:11:50 +0000 (13:11 +0200)
committer Mike Pall <mike>
Sat, 21 Oct 2023 11:11:50 +0000 (13:11 +0200)
diff --git a/src/lj_carith.c b/src/lj_carith.c

index 96384e871368541bb1e2cbc8891e190e61ea0a8b..bad5fe66b0d01e6431c7e6b9bfc405b63828f06a 100644 (file)
--- a/src/lj_carith.c
+++ b/src/lj_carith.c
@@ -42,9 +42,13 @@ static int carith_checkarg(lua_State *L, CTState *cts, CDArith *ca)
         p = (uint8_t *)cdata_getptr(p, ct->size);
         if (ctype_isref(ct->info)) ct = ctype_rawchild(cts, ct);
        } else if (ctype_isfunc(ct->info)) {
+       CTypeID id0 = i ? ctype_typeid(cts, ca->ct[0]) : 0;
         p = (uint8_t *)*(void **)p;
         ct = ctype_get(cts,
           lj_ctype_intern(cts, CTINFO(CT_PTR, CTALIGN_PTR|id), CTSIZE_PTR));
+       if (i) {  /* cts->tab may have been reallocated. */
+         ca->ct[0] = ctype_get(cts, id0);
+       }
        }
        if (ctype_isenum(ct->info)) ct = ctype_child(cts, ct);
        ca->ct[i] = ct;