summaryrefslogtreecommitdiffstats
path: root/external/meta-openembedded/meta-oe/recipes-devtools/lua/lua/CVE-2019-6706.patch
diff options
context:
space:
mode:
Diffstat (limited to 'external/meta-openembedded/meta-oe/recipes-devtools/lua/lua/CVE-2019-6706.patch')
-rw-r--r--external/meta-openembedded/meta-oe/recipes-devtools/lua/lua/CVE-2019-6706.patch32
1 files changed, 32 insertions, 0 deletions
diff --git a/external/meta-openembedded/meta-oe/recipes-devtools/lua/lua/CVE-2019-6706.patch b/external/meta-openembedded/meta-oe/recipes-devtools/lua/lua/CVE-2019-6706.patch
new file mode 100644
index 00000000..cfe48af5
--- /dev/null
+++ b/external/meta-openembedded/meta-oe/recipes-devtools/lua/lua/CVE-2019-6706.patch
@@ -0,0 +1,32 @@
+CVE-2019-6706: use-after-free in lua_upvaluejoin function
+
+Upstream-Status: Backport
+http://lua.2524044.n2.nabble.com/CVE-2019-6706-use-after-free-in-lua-upvaluejoin-function-tc7685575.html
+CVE: CVE-2019-6706
+Affects < 5.3.5
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+Index: lua-5.3.4/src/lapi.c
+===================================================================
+--- lua-5.3.4.orig/src/lapi.c
++++ lua-5.3.4/src/lapi.c
+@@ -1285,14 +1285,14 @@ LUA_API void *lua_upvalueid (lua_State *
+
+ LUA_API void lua_upvaluejoin (lua_State *L, int fidx1, int n1,
+ int fidx2, int n2) {
+- LClosure *f1;
+- UpVal **up1 = getupvalref(L, fidx1, n1, &f1);
++ UpVal **up1 = getupvalref(L, fidx1, n1, NULL); /* the last parameter not needed */
+ UpVal **up2 = getupvalref(L, fidx2, n2, NULL);
++ if (*up1 == *up2) return; /* Already joined */
++ (*up2)->refcount++;
++ if (upisopen(*up2)) (*up2)->u.open.touched = 1;
++ luaC_upvalbarrier(L, *up2);
+ luaC_upvdeccount(L, *up1);
+ *up1 = *up2;
+- (*up1)->refcount++;
+- if (upisopen(*up1)) (*up1)->u.open.touched = 1;
+- luaC_upvalbarrier(L, *up1);
+ }
+
+