lua/lua-5.3.5-CVE-2020-24370.patch
Petr Šabata ac515e8d0a RHEL 9.0.0 Alpha bootstrap
The content of this branch was automatically imported from Fedora ELN
with the following as its source:
https://src.fedoraproject.org/rpms/lua#3e03dd9b69dff7f2f87fff9e2f8cc2403fea046a
2020-10-15 18:42:25 +02:00

27 lines
1.0 KiB
Diff

diff -up lua-5.3.5/src/ldebug.c.CVE-2020-24370 lua-5.3.5/src/ldebug.c
--- lua-5.3.5/src/ldebug.c.CVE-2020-24370 2020-08-19 13:37:17.075859557 -0400
+++ lua-5.3.5/src/ldebug.c 2020-08-19 13:38:53.117779244 -0400
@@ -133,10 +133,11 @@ static const char *upvalname (Proto *p,
static const char *findvararg (CallInfo *ci, int n, StkId *pos) {
int nparams = clLvalue(ci->func)->p->numparams;
- if (n >= cast_int(ci->u.l.base - ci->func) - nparams)
+ int nvararg = cast_int(ci->u.l.base - ci->func) - nparams;
+ if (n <= -nvararg)
return NULL; /* no such vararg */
else {
- *pos = ci->func + nparams + n;
+ *pos = ci->func + nparams - n;
return "(*vararg)"; /* generic name for any vararg */
}
}
@@ -148,7 +149,7 @@ static const char *findlocal (lua_State
StkId base;
if (isLua(ci)) {
if (n < 0) /* access to vararg values? */
- return findvararg(ci, -n, pos);
+ return findvararg(ci, n, pos);
else {
base = ci->u.l.base;
name = luaF_getlocalname(ci_func(ci)->p, n, currentpc(ci));