Incorrect returned address by the internal allocator with disabled JIT

[Buristan]

If one builds LuaJIT with disabled JIT and without GC64:

make -j CCDEBUG=" -g -ggdb3" CFLAGS=" -O0" XCFLAGS=" -DLUAJIT_DISABLE_JIT=ON -DLUAJIT_DISABLE_GC64=ON -DLUA_USE_APICHECK -DLUA_USE_ASSERT "

The following snippet leads to the assertion fail:

src/luajit -e '
local POOL_SZ = 8
local pools = {}
for i = 1, POOL_SZ do
  pools[i] = {}
end

local v = 1
for j = 1, POOL_SZ do
  for i = 1, 0x2000000 do
        pools[j][i] = v
  end
end
'
LuaJIT ASSERT lj_gc.c:871: lj_mem_realloc: allocated memory address 0x92b29010 outside required range

Without the corresponding fix for the assertion with checkgcptr() check (471f893), the script will crash due to an incorrect arithmetic in the x86 VM.
The addition with 32-bit wide address may overflow in TSETV, TGETV, etc:

LuaJIT/src/vm_x86.dasc

Lines 4568 to 4570 in 707c12b

	| shl RC, 3
	| add RC, TAB:RB->array
	| cmp dword [RC+4], LJ_TNIL

The one possible way to fix this is to limit the memory range to the 2Gb for disabled JIT too:

diff --git a/src/lj_alloc.c b/src/lj_alloc.c
index cb704f7b..9cfab066 100644
--- a/src/lj_alloc.c
+++ b/src/lj_alloc.c
@@ -100,8 +100,8 @@
 
 #if LJ_GC64
 #define LJ_ALLOC_MBITS		47	/* 128 TB in LJ_GC64 mode. */
-#elif LJ_TARGET_X64 && LJ_HASJIT
-/* Due to limitations in the x64 compiler backend. */
+#elif LJ_TARGET_X64
+/* Due to limitations in the x64 VM backend. */
 #define LJ_ALLOC_MBITS		31	/* 2 GB on x64 with !LJ_GC64. */
 #else
 #define LJ_ALLOC_MBITS		32	/* 4 GB on other archs with !LJ_GC64. */

The other possible way is to set the missed bit for X64 target (with setc-shl-or, for example) and use RCa instead of RC for all these places (but it looks a little bit overkill, since the x86 without JIT is a rather specific case).