mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-01 13:40:04 +00:00
Code Issues Projects Releases Wiki Activity

lua: Security Advisory - lua - CVE-2020-15888

Browse Source 
Backport fix from https://github.com/lua/lua.git.

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This commit is contained in:
Yue Tao
2020-07-28 10:31:07 -07:00
committed by Khem Raj
parent 21bc66202e
commit 698748c153
2 changed files with 46 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-devtools/lua/lua/CVE-2020-15888.patch
+45
View File
@@ -0,0 +1,45 @@
From 6298903e35217ab69c279056f925fb72900ce0b7 Mon Sep 17 00:00:00 2001
From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
Date: Mon, 6 Jul 2020 12:11:54 -0300
Subject: [PATCH] Keep minimum size when shrinking a stack
When shrinking a stack (during GC), do not make it smaller than the
initial stack size.
---
ldo.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
==== end of original header ====
CVE: CVE-2020-15888
Upstream-Status: backport [https://github.com/lua/lua.git]
Signed-off-by: Joe Slater <joe.slater@windriver.com>
====
diff --git a/ldo.c b/ldo.c
index c563b1d9..a89ac010 100644
--- a/src/ldo.c
+++ b/src/ldo.c
@@ -220,7 +220,7 @@ static int stackinuse (lua_State *L) {
void luaD_shrinkstack (lua_State *L) {
int inuse = stackinuse(L);
- int goodsize = inuse + (inuse / 8) + 2*EXTRA_STACK;
+ int goodsize = inuse + BASIC_STACK_SIZE;
if (goodsize > LUAI_MAXSTACK)
goodsize = LUAI_MAXSTACK; /* respect stack limit */
if (L->stacksize > LUAI_MAXSTACK) /* had been handling stack overflow? */
@@ -229,8 +229,7 @@ void luaD_shrinkstack (lua_State *L) {
luaE_shrinkCI(L); /* shrink list */
/* if thread is currently not handling a stack overflow and its
good size is smaller than current size, shrink its stack */
- if (inuse <= (LUAI_MAXSTACK - EXTRA_STACK) &&
- goodsize < L->stacksize)
+ if (inuse <= (LUAI_MAXSTACK - EXTRA_STACK) && goodsize < L->stacksize)
luaD_reallocstack(L, goodsize);
else /* don't change stack */
condmovestack(L,{},{}); /* (change only for debugging) */
--
2.17.1
meta-oe/recipes-devtools/lua/lua_5.3.5.bb
+1
View File
@@ -7,6 +7,7 @@ HOMEPAGE = "http://www.lua.org/"
SRC_URI = "http://www.lua.org/ftp/lua-${PV}.tar.gz;name=tarballsrc \ SRC_URI = "http://www.lua.org/ftp/lua-${PV}.tar.gz;name=tarballsrc \
file://lua.pc.in \ file://lua.pc.in \
file://0001-Allow-building-lua-without-readline-on-Linux.patch \ file://0001-Allow-building-lua-without-readline-on-Linux.patch \
file://CVE-2020-15888.patch \
" "
# if no test suite matches PV release of Lua exactly, download the suite for the closest Lua release. # if no test suite matches PV release of Lua exactly, download the suite for the closest Lua release.