Handle partial snapshot restore due to stack overflow.

Reported by pwnhacker0x18. Fixed by Peter Cawley. #1196
2024-07-03 21:42:21 +02:00
parent 4a22050df9
commit 811c5322c8
2 changed files with 9 additions and 4 deletions
--- a/src/lj_trace.c
+++ b/src/lj_trace.c
@@ -788,8 +788,10 @@ int LJ_FASTCALL lj_trace_exit(jit_State *J, void *exptr)
  exd.J = J;
  exd.exptr = exptr;
  errcode = lj_vm_cpcall(L, NULL, &exd, trace_exit_cp);
-  if (errcode)
+  if (errcode) {
+    setcframe_pc(cframe_raw(L->cframe), L);  /* Point to any valid memory. */
    return -errcode;  /* Return negated error code. */
+  }

  lj_vmevent_send(L, TEXIT,
    lj_state_checkstack(L, 4+RID_NUM_GPR+RID_NUM_FPR+LUA_MINSTACK);