|
| 1 | +From 1bab87b86d590c50057a5c3b48a00caf1cff807e Mon Sep 17 00:00:00 2001 |
| 2 | +From: Kanishk Bansal < [email protected]> |
| 3 | +Date: Wed, 5 Feb 2025 09:27:34 +0000 |
| 4 | +Subject: [PATCH] Address CVE-2021-43519 |
| 5 | + |
| 6 | +--- |
| 7 | + vendor/lua/src/ldo.c | 6 ++++-- |
| 8 | + 1 file changed, 4 insertions(+), 2 deletions(-) |
| 9 | + |
| 10 | +diff --git a/vendor/lua/src/ldo.c b/vendor/lua/src/ldo.c |
| 11 | +index 7135079..ca558fd 100644 |
| 12 | +--- a/vendor/lua/src/ldo.c |
| 13 | ++++ b/vendor/lua/src/ldo.c |
| 14 | +@@ -728,11 +728,10 @@ static void resume (lua_State *L, void *ud) { |
| 15 | + StkId firstArg = L->top - n; /* first argument */ |
| 16 | + CallInfo *ci = L->ci; |
| 17 | + if (L->status == LUA_OK) /* starting a coroutine? */ |
| 18 | +- ccall(L, firstArg - 1, LUA_MULTRET, 1); /* just call its body */ |
| 19 | ++ ccall(L, firstArg - 1, LUA_MULTRET, 0); /* just call its body */ |
| 20 | + else { /* resuming from previous yield */ |
| 21 | + lua_assert(L->status == LUA_YIELD); |
| 22 | + L->status = LUA_OK; /* mark that it is running (again) */ |
| 23 | +- luaE_incCstack(L); /* control the C stack */ |
| 24 | + if (isLua(ci)) { /* yielded inside a hook? */ |
| 25 | + L->top = firstArg; /* discard arguments */ |
| 26 | + luaV_execute(L, ci); /* just continue running Lua code */ |
| 27 | +@@ -783,6 +782,9 @@ LUA_API int lua_resume (lua_State *L, lua_State *from, int nargs, |
| 28 | + else if (L->status != LUA_YIELD) /* ended with errors? */ |
| 29 | + return resume_error(L, "cannot resume dead coroutine", nargs); |
| 30 | + L->nCcalls = (from) ? getCcalls(from) : 0; |
| 31 | ++ if (getCcalls(L) >= LUAI_MAXCCALLS) |
| 32 | ++ return resume_error(L, "C stack overflow", nargs); |
| 33 | ++ L->nCcalls++; |
| 34 | + luai_userstateresume(L, nargs); |
| 35 | + api_checknelems(L, (L->status == LUA_OK) ? nargs + 1 : nargs); |
| 36 | + status = luaD_rawrunprotected(L, resume, &nargs); |
| 37 | +-- |
| 38 | +2.43.0 |
| 39 | + |
0 commit comments