diff options
Diffstat (limited to 'external/meta-openembedded/meta-oe/recipes-devtools/lua/lua')
-rw-r--r-- | external/meta-openembedded/meta-oe/recipes-devtools/lua/lua/CVE-2019-6706.patch | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/external/meta-openembedded/meta-oe/recipes-devtools/lua/lua/CVE-2019-6706.patch b/external/meta-openembedded/meta-oe/recipes-devtools/lua/lua/CVE-2019-6706.patch new file mode 100644 index 00000000..cfe48af5 --- /dev/null +++ b/external/meta-openembedded/meta-oe/recipes-devtools/lua/lua/CVE-2019-6706.patch @@ -0,0 +1,32 @@ +CVE-2019-6706: use-after-free in lua_upvaluejoin function + +Upstream-Status: Backport +http://lua.2524044.n2.nabble.com/CVE-2019-6706-use-after-free-in-lua-upvaluejoin-function-tc7685575.html +CVE: CVE-2019-6706 +Affects < 5.3.5 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +Index: lua-5.3.4/src/lapi.c +=================================================================== +--- lua-5.3.4.orig/src/lapi.c ++++ lua-5.3.4/src/lapi.c +@@ -1285,14 +1285,14 @@ LUA_API void *lua_upvalueid (lua_State * + + LUA_API void lua_upvaluejoin (lua_State *L, int fidx1, int n1, + int fidx2, int n2) { +- LClosure *f1; +- UpVal **up1 = getupvalref(L, fidx1, n1, &f1); ++ UpVal **up1 = getupvalref(L, fidx1, n1, NULL); /* the last parameter not needed */ + UpVal **up2 = getupvalref(L, fidx2, n2, NULL); ++ if (*up1 == *up2) return; /* Already joined */ ++ (*up2)->refcount++; ++ if (upisopen(*up2)) (*up2)->u.open.touched = 1; ++ luaC_upvalbarrier(L, *up2); + luaC_upvdeccount(L, *up1); + *up1 = *up2; +- (*up1)->refcount++; +- if (upisopen(*up1)) (*up1)->u.open.touched = 1; +- luaC_upvalbarrier(L, *up1); + } + + |