From c1520c9e11995c44a7d9ff7b1a90899dc2461f17 Mon Sep 17 00:00:00 2001 From: sfan5 Date: Mon, 24 Jun 2024 17:30:47 +0200 Subject: [PATCH] lua: apply patch for "Stack overflow in vararg functions with many fixed parameters called with few arguments" known as CVE-2014-5461 --- lib/lua/src/ldo.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/lua/src/ldo.c b/lib/lua/src/ldo.c index 7eeea636c..37a7660fd 100644 --- a/lib/lua/src/ldo.c +++ b/lib/lua/src/ldo.c @@ -274,7 +274,7 @@ int luaD_precall (lua_State *L, StkId func, int nresults) { CallInfo *ci; StkId st, base; Proto *p = cl->p; - luaD_checkstack(L, p->maxstacksize); + luaD_checkstack(L, p->maxstacksize + p->numparams); func = restorestack(L, funcr); if (!p->is_vararg) { /* no varargs? */ base = func + 1;