From 47822655d478d0b07e6508ba0e966d346751f9fe Mon Sep 17 00:00:00 2001
From: Luke Gorrie <luke@snabb.co>
Date: Thu, 9 Aug 2018 08:30:58 +0000
Subject: [PATCH 1/3] Fix allocation/deallocation of T->szirmcode

This array was allocated too large (padded to REF_BASE) and was not
freed.
---
 src/lj_asm.c   | 5 +++--
 src/lj_trace.c | 1 +
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/lj_asm.c b/src/lj_asm.c
index b51cf229cc..3fa9a2e498 100644
--- a/src/lj_asm.c
+++ b/src/lj_asm.c
@@ -2003,8 +2003,9 @@ void lj_asm_trace(jit_State *J, GCtrace *T)
   as->parent = J->parent ? traceref(J, J->parent) : NULL;
 
   /* Initialize mcode size of IR instructions array. */
-  T->szirmcode = lj_mem_new(J->L, (T->nins + 1) * sizeof(*T->szirmcode));
-  memset(T->szirmcode, 0, (T->nins + 1) * sizeof(*T->szirmcode));
+  /* +2 extra spaces for the last instruction and the trace header at [0]. */
+  T->szirmcode = lj_mem_new(J->L, (T->nins + 2 - REF_BIAS) * sizeof(*T->szirmcode));
+  memset(T->szirmcode, 0, (T->nins + 2 - REF_BIAS) * sizeof(*T->szirmcode));
 
   /* Reserve MCode memory. */
   as->mctop = origtop = lj_mcode_reserve(J, &as->mcbot);
diff --git a/src/lj_trace.c b/src/lj_trace.c
index d9809c7845..316dc40772 100644
--- a/src/lj_trace.c
+++ b/src/lj_trace.c
@@ -136,6 +136,7 @@ void lj_trace_free(global_State *g, GCtrace *T)
     lj_gdbjit_deltrace(J, T);
     setgcrefnull(J->trace[T->traceno]);
   }
+  lj_mem_free(g, T->szirmcode, (T->nins + 2 - REF_BIAS) * sizeof(*T->szirmcode));
   lj_mem_free(g, T,
     ((sizeof(GCtrace)+7)&~7) + (T->nins-T->nk)*sizeof(IRIns) +
     T->nsnap*sizeof(SnapShot) + T->nsnapmap*sizeof(SnapEntry));

From 66f9234b6d88b86f81a3e9a5d2f88f077015cb91 Mon Sep 17 00:00:00 2001
From: Luke Gorrie <luke@snabb.co>
Date: Thu, 9 Aug 2018 08:52:37 +0000
Subject: [PATCH 2/3] lj_trace_alloc: Copy T->szirmcode to new trace

---
 src/lj_trace.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/lj_trace.c b/src/lj_trace.c
index 316dc40772..f4857e11ac 100644
--- a/src/lj_trace.c
+++ b/src/lj_trace.c
@@ -99,6 +99,7 @@ GCtrace * lj_trace_alloc(lua_State *L, GCtrace *T)
   T2->nk = T->nk;
   T2->nsnap = T->nsnap;
   T2->nsnapmap = T->nsnapmap;
+  T2->szirmcode = T->szirmcode;
   memcpy(p, T->ir + T->nk, szins);
   return T2;
 }

From 9959cb1ab3e95f9775464054678647a322f24d10 Mon Sep 17 00:00:00 2001
From: Luke Gorrie <luke@snabb.co>
Date: Thu, 9 Aug 2018 09:08:55 +0000
Subject: [PATCH 3/3] lj_asm.c: Added comment about szirmcode moving to final
 GCtrace

---
 src/lj_asm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lj_asm.c b/src/lj_asm.c
index 3fa9a2e498..aa4a715f14 100644
--- a/src/lj_asm.c
+++ b/src/lj_asm.c
@@ -1995,7 +1995,7 @@ void lj_asm_trace(jit_State *J, GCtrace *T)
   /* Setup initial state. Copy some fields to reduce indirections. */
   as->J = J;
   as->T = T;
-  J->curfinal = lj_trace_alloc(J->L, T);  /* This copies the IR, too. */
+  J->curfinal = lj_trace_alloc(J->L, T);  /* Copies IR and moves szirmcode. */
   as->flags = J->flags;
   as->loopref = J->loopref;
   as->realign = NULL;