tcg: Fix info_in_idx increment in layout_arg_by_ref

Off by one error, failing to take into account that layout_arg_1 already incremented info_in_idx for the first piece. We only need care for the n-1 TCG_CALL_ARG_BY_REF_N pieces here. Cc: qemu-stable@nongnu.org Fixes: 313bdea ("tcg: Add TCG_CALL_{RET,ARG}_BY_REF") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1751 Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Peter Maydell <peter.maydell@linaro.org> (cherry picked from commit e18ed26) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
qemu · Jul 31, 2023 · fa72d8b · fa72d8b
1 parent 7b336dc
commit fa72d8b
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/tcg/tcg.c b/tcg/tcg.c
@@ -732,7 +732,7 @@ static void layout_arg_by_ref(TCGCumulativeArgs *cum, TCGHelperInfo *info)
             .ref_slot = cum->ref_slot + i,
         };
     }
-    cum->info_in_idx += n;
+    cum->info_in_idx += n - 1;  /* i=0 accounted for in layout_arg_1 */
     cum->ref_slot += n;
 }