summaryrefslogtreecommitdiff
path: root/user/lua5.3/CVE-2019-6706.patch
blob: c35f81a4a846fb73f3d902409c12385ae743f793 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
Lifted from Ubuntu:

https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/lua5.3/5.3.3-1.1ubuntu1/lua5.3_5.3.3-1.1ubuntu1.debian.tar.xz
0c7d89b1413cc55f3aff5bbd40e5726b7d69b856befbbf32f00f58588dc4ce81

--- a/src/lapi.c
+++ b/src/lapi.c
@@ -1285,14 +1285,14 @@ LUA_API void *lua_upvalueid (lua_State *
 
 LUA_API void lua_upvaluejoin (lua_State *L, int fidx1, int n1,
                                             int fidx2, int n2) {
-  LClosure *f1;
-  UpVal **up1 = getupvalref(L, fidx1, n1, &f1);
+  UpVal **up1 = getupvalref(L, fidx1, n1, NULL); /* the last parameter not needed */
   UpVal **up2 = getupvalref(L, fidx2, n2, NULL);
+  if (*up1 == *up2) return; /* Already joined */
+  (*up2)->refcount++;
+  if (upisopen(*up2)) (*up2)->u.open.touched = 1;
+  luaC_upvalbarrier(L, *up2);
   luaC_upvdeccount(L, *up1);
   *up1 = *up2;
-  (*up1)->refcount++;
-  if (upisopen(*up1)) (*up1)->u.open.touched = 1;
-  luaC_upvalbarrier(L, *up1);
 }