diff options
Diffstat (limited to 'package/utils/lua5.3/patches-host')
| -rw-r--r-- | package/utils/lua5.3/patches-host/001-include-version-number.patch | 1 | ||||
| -rw-r--r-- | package/utils/lua5.3/patches-host/200-CVE-2019-6706.patch | 51 |
2 files changed, 51 insertions, 1 deletions
diff --git a/package/utils/lua5.3/patches-host/001-include-version-number.patch b/package/utils/lua5.3/patches-host/001-include-version-number.patch index 78f00549607..1c9fdb250b5 100644 --- a/package/utils/lua5.3/patches-host/001-include-version-number.patch +++ b/package/utils/lua5.3/patches-host/001-include-version-number.patch @@ -8,7 +8,6 @@ Including it allows multiple lua versions to coexist. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> --- -diff --git a/Makefile b/Makefile --- a/Makefile +++ b/Makefile @@ -12,7 +12,7 @@ PLAT= none diff --git a/package/utils/lua5.3/patches-host/200-CVE-2019-6706.patch b/package/utils/lua5.3/patches-host/200-CVE-2019-6706.patch new file mode 100644 index 00000000000..8024d414cc8 --- /dev/null +++ b/package/utils/lua5.3/patches-host/200-CVE-2019-6706.patch @@ -0,0 +1,51 @@ +From 89aee84cbc9224f638f3b7951b306d2ee8ecb71e Mon Sep 17 00:00:00 2001 +From: Roberto Ierusalimschy <roberto@inf.puc-rio.br> +Date: Wed, 27 Mar 2019 14:30:12 -0300 +Subject: [PATCH] Fixed bug in 'lua_upvaluejoin' + +Bug-fix: joining an upvalue with itself could cause a use-after-free +crash. +--- + src/lapi.c | 12 +++++------ + 1 file changed, 41 insertions(+), 39 deletions(-) + +--- a/src/lapi.c ++++ b/src/lapi.c +@@ -1254,13 +1254,12 @@ LUA_API const char *lua_setupvalue (lua_ + } + + +-static UpVal **getupvalref (lua_State *L, int fidx, int n, LClosure **pf) { ++static UpVal **getupvalref (lua_State *L, int fidx, int n) { + LClosure *f; + StkId fi = index2addr(L, fidx); + api_check(L, ttisLclosure(fi), "Lua function expected"); + f = clLvalue(fi); + api_check(L, (1 <= n && n <= f->p->sizeupvalues), "invalid upvalue index"); +- if (pf) *pf = f; + return &f->upvals[n - 1]; /* get its upvalue pointer */ + } + +@@ -1269,7 +1268,7 @@ LUA_API void *lua_upvalueid (lua_State * + StkId fi = index2addr(L, fidx); + switch (ttype(fi)) { + case LUA_TLCL: { /* lua closure */ +- return *getupvalref(L, fidx, n, NULL); ++ return *getupvalref(L, fidx, n); + } + case LUA_TCCL: { /* C closure */ + CClosure *f = clCvalue(fi); +@@ -1286,9 +1285,10 @@ LUA_API void *lua_upvalueid (lua_State * + + LUA_API void lua_upvaluejoin (lua_State *L, int fidx1, int n1, + int fidx2, int n2) { +- LClosure *f1; +- UpVal **up1 = getupvalref(L, fidx1, n1, &f1); +- UpVal **up2 = getupvalref(L, fidx2, n2, NULL); ++ UpVal **up1 = getupvalref(L, fidx1, n1); ++ UpVal **up2 = getupvalref(L, fidx2, n2); ++ if (*up1 == *up2) ++ return; + luaC_upvdeccount(L, *up1); + *up1 = *up2; + (*up1)->refcount++; |