From f2ab7ac5d7b819ad5b296815e30f4db57a43984b Mon Sep 17 00:00:00 2001 From: Yossi Gottlieb Date: Mon, 31 Aug 2020 20:42:46 +0300 Subject: [PATCH] Backport Lua 5.2.2 stack overflow fix. (#7733) This fixes the issue described in CVE-2014-5461. At this time we cannot confirm that the original issue has a real impact on Redis, but it is included as an extra safety measure. (cherry picked from commit 374270d3a04e8b224a12655518c815497aeb497d) --- deps/lua/src/ldo.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deps/lua/src/ldo.c b/deps/lua/src/ldo.c index 514f7a2a3..939940a4c 100644 --- a/deps/lua/src/ldo.c +++ b/deps/lua/src/ldo.c @@ -274,7 +274,7 @@ int luaD_precall (lua_State *L, StkId func, int nresults) { CallInfo *ci; StkId st, base; Proto *p = cl->p; - luaD_checkstack(L, p->maxstacksize); + luaD_checkstack(L, p->maxstacksize + p->numparams); func = restorestack(L, funcr); if (!p->is_vararg) { /* no varargs? */ base = func + 1;