From e0cc61d5af00579962728934c81b21ee07e5baa4 Mon Sep 17 00:00:00 2001
From: Matthew Flatt <mflatt@racket-lang.org>
Date: Sun, 17 Jan 2016 16:05:53 -0700
Subject: [PATCH] fix broken info use after JIT buffer overflow

After the JIT buffer becomes too full, some paths
don't bail out fast enough, so guard against
broken info in some relatively new uses of the info.

Merge to v6.4
---
 racket/src/racket/src/jit.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/racket/src/racket/src/jit.c b/racket/src/racket/src/jit.c
index 17297d3bd4..0f505a3ceb 100644
--- a/racket/src/racket/src/jit.c
+++ b/racket/src/racket/src/jit.c
@@ -455,6 +455,8 @@ Scheme_Object *scheme_extract_global(Scheme_Object *o, Scheme_Native_Closure *nc
 
 static Scheme_Object *extract_closure_local(int pos, mz_jit_state *jitter, int get_constant)
 {
+  if (PAST_LIMIT()) return NULL;
+
   if (pos >= jitter->self_pos - jitter->self_to_closure_delta) {
     pos -= (jitter->self_pos - jitter->self_to_closure_delta);
     if (pos < jitter->nc->code->u2.orig_code->closure_size) {
@@ -490,6 +492,8 @@ Scheme_Object *scheme_specialize_to_constant(Scheme_Object *obj, mz_jit_state *j
 {
   Scheme_Object *c;
 
+  if (PAST_LIMIT()) return obj;
+
   if (SCHEME_NATIVE_CLOSURE_DATA_FLAGS(jitter->nc->code) & NATIVE_SPECIALIZED) {
     if (SAME_TYPE(SCHEME_TYPE(obj), scheme_local_type)) {
       c = scheme_extract_closure_local(obj, jitter, extra_push, 1);