From: Mike Pall <mike>
Date: Sat, 21 Oct 2023 11:11:50 +0000 (+0200)
Subject: FFI: Fix dangling reference to CType in carith_checkarg().
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=db944b2b56c86fcf133745976763604d96110285;p=thirdparty%2FLuaJIT.git

FFI: Fix dangling reference to CType in carith_checkarg().

Reported by Sergey Kaplun. #1108
---

diff --git a/src/lj_carith.c b/src/lj_carith.c
index 96384e87..bad5fe66 100644
--- a/src/lj_carith.c
+++ b/src/lj_carith.c
@@ -42,9 +42,13 @@ static int carith_checkarg(lua_State *L, CTState *cts, CDArith *ca)
 	p = (uint8_t *)cdata_getptr(p, ct->size);
 	if (ctype_isref(ct->info)) ct = ctype_rawchild(cts, ct);
       } else if (ctype_isfunc(ct->info)) {
+	CTypeID id0 = i ? ctype_typeid(cts, ca->ct[0]) : 0;
 	p = (uint8_t *)*(void **)p;
 	ct = ctype_get(cts,
 	  lj_ctype_intern(cts, CTINFO(CT_PTR, CTALIGN_PTR|id), CTSIZE_PTR));
+	if (i) {  /* cts->tab may have been reallocated. */
+	  ca->ct[0] = ctype_get(cts, id0);
+	}
       }
       if (ctype_isenum(ct->info)) ct = ctype_child(cts, ct);
       ca->ct[i] = ct;