aboutsummaryrefslogtreecommitdiffstats
path: root/main/lua5.3/CVE-2019-6706-use-after-free-lua_upvaluejoin.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/lua5.3/CVE-2019-6706-use-after-free-lua_upvaluejoin.patch')
-rw-r--r--main/lua5.3/CVE-2019-6706-use-after-free-lua_upvaluejoin.patch48
1 files changed, 24 insertions, 24 deletions
diff --git a/main/lua5.3/CVE-2019-6706-use-after-free-lua_upvaluejoin.patch b/main/lua5.3/CVE-2019-6706-use-after-free-lua_upvaluejoin.patch
index 74ceb6eac8..ea26696fda 100644
--- a/main/lua5.3/CVE-2019-6706-use-after-free-lua_upvaluejoin.patch
+++ b/main/lua5.3/CVE-2019-6706-use-after-free-lua_upvaluejoin.patch
@@ -1,24 +1,24 @@
-http://lua.2524044.n2.nabble.com/CVE-2019-6706-use-after-free-in-lua-upvaluejoin-function-tc7685575.html
-
---- a/src/lapi.c
-+++ b/src/lapi.c
-@@ -1285,14 +1285,14 @@ LUA_API void *lua_upvalueid (lua_State *
-
- LUA_API void lua_upvaluejoin (lua_State *L, int fidx1, int n1,
- int fidx2, int n2) {
-- LClosure *f1;
-- UpVal **up1 = getupvalref(L, fidx1, n1, &f1);
-+ UpVal **up1 = getupvalref(L, fidx1, n1, NULL); /* the last parameter not needed */
- UpVal **up2 = getupvalref(L, fidx2, n2, NULL);
-+ if (*up1 == *up2) return; /* Already joined */
-+ (*up2)->refcount++;
-+ if (upisopen(*up2)) (*up2)->u.open.touched = 1;
-+ luaC_upvalbarrier(L, *up2);
- luaC_upvdeccount(L, *up1);
- *up1 = *up2;
-- (*up1)->refcount++;
-- if (upisopen(*up1)) (*up1)->u.open.touched = 1;
-- luaC_upvalbarrier(L, *up1);
- }
-
-
+http://lua.2524044.n2.nabble.com/CVE-2019-6706-use-after-free-in-lua-upvaluejoin-function-tc7685575.html
+
+--- a/src/lapi.c
++++ b/src/lapi.c
+@@ -1285,14 +1285,14 @@ LUA_API void *lua_upvalueid (lua_State *
+
+ LUA_API void lua_upvaluejoin (lua_State *L, int fidx1, int n1,
+ int fidx2, int n2) {
+- LClosure *f1;
+- UpVal **up1 = getupvalref(L, fidx1, n1, &f1);
++ UpVal **up1 = getupvalref(L, fidx1, n1, NULL); /* the last parameter not needed */
+ UpVal **up2 = getupvalref(L, fidx2, n2, NULL);
++ if (*up1 == *up2) return; /* Already joined */
++ (*up2)->refcount++;
++ if (upisopen(*up2)) (*up2)->u.open.touched = 1;
++ luaC_upvalbarrier(L, *up2);
+ luaC_upvdeccount(L, *up1);
+ *up1 = *up2;
+- (*up1)->refcount++;
+- if (upisopen(*up1)) (*up1)->u.open.touched = 1;
+- luaC_upvalbarrier(L, *up1);
+ }
+
+
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-06 06:59:18 +0000