From ddb77dd11e5030b9d7dbf1f3e93e5e4cad1268b3 Mon Sep 17 00:00:00 2001
From: Takashi Kokubun <takashikkbn@gmail.com>
Date: Sat, 25 Mar 2023 22:13:35 -0700
Subject: RJIT: Put a guard for splat w/ var-arg cfunc

---
 lib/ruby_vm/rjit/insn_compiler.rb | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'lib/ruby_vm/rjit')

diff --git a/lib/ruby_vm/rjit/insn_compiler.rb b/lib/ruby_vm/rjit/insn_compiler.rb
index 163395ecf4..2dfe52713b 100644
--- a/lib/ruby_vm/rjit/insn_compiler.rb
+++ b/lib/ruby_vm/rjit/insn_compiler.rb
@@ -4152,7 +4152,7 @@ module RubyVM::RJIT
     def jit_call_cfunc_with_frame(jit, ctx, asm, cme, flags, argc, block_handler, known_recv_class, send_shift:)
       cfunc = cme.def.body.cfunc
 
-      if argc + 1 > 6
+      if argc + 1 > C_ARGS.size
         asm.incr_counter(:send_cfunc_too_many_args)
         return CantCompile
       end
@@ -4191,6 +4191,12 @@ module RubyVM::RJIT
 
       # Push splat args, which was skipped in jit_caller_setup_arg.
       if flags & C::VM_CALL_ARGS_SPLAT != 0
+        # We aren't handling a vararg cfuncs with splat currently.
+        if cfunc.argc == -1
+          asm.incr_counter(:send_args_splat_cfunc_var_args)
+          return CantCompile
+        end
+
         required_args = cfunc.argc - (argc - 1)
         # + 1 for self
         if required_args + 1 >= C_ARGS.size
-- 
cgit v1.2.3