mirror of
https://github.com/gentoo-mirror/gentoo.git
synced 2025-12-19 00:07:26 +03:00
4fb0d3e7e9
This commit fixes CVE-2022-28805 (patch from upstream, slightly modified due to changed file paths in gentoo). Closes: https://github.com/gentoo/gentoo/pull/27423 Bug: https://bugs.gentoo.org/837521 Signed-off-by: Federico Denkena <federico.denkena@posteo.de> Signed-off-by: David Seifert <soap@gentoo.org>
35 lines
1.1 KiB
Diff
35 lines
1.1 KiB
Diff
From https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa Mon Sep 17 00:00:00 2001
|
|
From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
|
|
Date: Tue, 15 Feb 2022 12:28:46 -0300
|
|
Subject: [PATCH] Bug: Lua can generate wrong code when _ENV is <const>
|
|
|
|
--- a/src/lparser.c
|
|
+++ b/src/lparser.c
|
|
@@ -468,6 +468,7 @@ static void singlevar (LexState *ls, expdesc *var) {
|
|
expdesc key;
|
|
singlevaraux(fs, ls->envn, var, 1); /* get environment variable */
|
|
lua_assert(var->k != VVOID); /* this one must exist */
|
|
+ luaK_exp2anyregup(fs, var); /* but could be a constant */
|
|
codestring(&key, varname); /* key is variable name */
|
|
luaK_indexed(fs, var, &key); /* env[varname] */
|
|
}
|
|
--- a/tests/attrib.lua
|
|
+++ b/tests/attrib.lua
|
|
@@ -434,6 +434,16 @@ a.aVeryLongName012345678901234567890123456789012345678901234567890123456789 ==
|
|
10)
|
|
|
|
|
|
+do
|
|
+ -- _ENV constant
|
|
+ local function foo ()
|
|
+ local _ENV <const> = 11
|
|
+ X = "hi"
|
|
+ end
|
|
+ local st, msg = pcall(foo)
|
|
+ assert(not st and string.find(msg, "number"))
|
|
+end
|
|
+
|
|
|
|
-- test of large float/integer indices
|
|
|