From: Mike Pall <mike>
Date: Wed, 11 Feb 2026 22:14:13 +0000 (+0100)
Subject: Prevent recording of loops with -0 step or NaN values.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=54cce2e1719a15fc33e40c57dbc3d62e9c104b03;p=thirdparty%2FLuaJIT.git

Prevent recording of loops with -0 step or NaN values.

Thanks to Sergey Kaplun. #1432 #1433
---

diff --git a/src/lj_record.c b/src/lj_record.c
index 1919ab03..6c64c645 100644
--- a/src/lj_record.c
+++ b/src/lj_record.c
@@ -526,6 +526,12 @@ static LoopEvent rec_for(jit_State *J, const BCIns *fori, int isforl)
   LoopEvent ev;
   TRef stop;
   IRType t;
+  /* Avoid semantic mismatches and always failing guards. */
+  if (tvisnan(&tv[FORL_IDX]) ||
+      tvisnan(&tv[FORL_STOP]) ||
+      tvisnan(&tv[FORL_STEP]) ||
+      tvismzero(&tv[FORL_STEP]))
+    lj_trace_err(J, LJ_TRERR_GFAIL);
   if (isforl) {  /* Handle FORL/JFORL opcodes. */
     TRef idx = tr[FORL_IDX];
     if (mref(J->scev.pc, const BCIns) == fori && tref_ref(idx) == J->scev.idx) {