From 141f8e7a153c820ab6d7e50c507ea11ca2e49ea8 Mon Sep 17 00:00:00 2001
From: "John F. Carr" <jfc@mit.edu>
Date: Thu, 19 Feb 2026 08:55:02 -0700
Subject: [PATCH] Use index [4] instead of [3] to save MXCSR in case
 cf-protection is enabled

---
 runtime/jmpbuf.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/runtime/jmpbuf.h b/runtime/jmpbuf.h
index 0a16a3c7..92515cb4 100644
--- a/runtime/jmpbuf.h
+++ b/runtime/jmpbuf.h
@@ -27,7 +27,9 @@ typedef void *jmpbuf[JMPBUF_SIZE];
 
 #if defined __i386__ || defined __x86_64__
 // We use an otherwise unused entry in the jmpbuf to store MXCSR
-#define JMPBUF_MXCSR(ctx) (ctx)[3]
+// [0], [1], [2] hold fp, pc, sp.
+// When cf-protection is enabled, [3] holds the shadow stack.
+#define JMPBUF_MXCSR(ctx) (ctx)[4]
 /**
  * @brief Get MXCSR from jump buffer in__cilkrts_stack_frame.  X86 and X86_64
  * only.