lua: Security Advisory - lua - CVE-2020-15888

Backport fix from https://github.com/lua/lua.git. Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 698748c153) Signed-off-by: Armin Kuster <akuster808@gmail.com>
2026-01-01 13:58:06 +00:00 · 2020-07-28 10:31:07 -07:00 · 2020-07-28 10:31:07 -07:00 · fae2b90261
commit fae2b90261
parent 40f4f3ed5f
2 changed files with 46 additions and 0 deletions
--- a/meta-oe/recipes-devtools/lua/lua/CVE-2020-15888.patch
+++ b/meta-oe/recipes-devtools/lua/lua/CVE-2020-15888.patch
@ -0,0 +1,45 @@
+From 6298903e35217ab69c279056f925fb72900ce0b7 Mon Sep 17 00:00:00 2001
+From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
+Date: Mon, 6 Jul 2020 12:11:54 -0300
+Subject: [PATCH] Keep minimum size when shrinking a stack
+
+When shrinking a stack (during GC), do not make it smaller than the
+initial stack size.
+---
+ ldo.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+==== end of original header ====
+
+CVE: CVE-2020-15888
+
+Upstream-Status: backport [https://github.com/lua/lua.git]
+
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+
+====
+diff --git a/ldo.c b/ldo.c
+index c563b1d9..a89ac010 100644
+--- a/src/ldo.c
+++ b/src/ldo.c
+@@ -220,7 +220,7 @@ static int stackinuse (lua_State *L) {
+ 
+ void luaD_shrinkstack (lua_State *L) {
+   int inuse = stackinuse(L);
+-  int goodsize = inuse + (inuse / 8) + 2*EXTRA_STACK;
+  int goodsize = inuse + BASIC_STACK_SIZE;
+   if (goodsize > LUAI_MAXSTACK)
+     goodsize = LUAI_MAXSTACK;  /* respect stack limit */
+   if (L->stacksize > LUAI_MAXSTACK)  /* had been handling stack overflow? */
+@@ -229,8 +229,7 @@ void luaD_shrinkstack (lua_State *L) {
+     luaE_shrinkCI(L);  /* shrink list */
+   /* if thread is currently not handling a stack overflow and its
+      good size is smaller than current size, shrink its stack */
+-  if (inuse <= (LUAI_MAXSTACK - EXTRA_STACK) &&
+-      goodsize < L->stacksize)
+  if (inuse <= (LUAI_MAXSTACK - EXTRA_STACK) && goodsize < L->stacksize)
+     luaD_reallocstack(L, goodsize);
+   else  /* don't change stack */
+     condmovestack(L,{},{});  /* (change only for debugging) */
+-- 
+2.17.1
+
--- a/meta-oe/recipes-devtools/lua/lua_5.3.5.bb
+++ b/meta-oe/recipes-devtools/lua/lua_5.3.5.bb
@ -7,6 +7,7 @@ HOMEPAGE = "http://www.lua.org/"
 SRC_URI = "http://www.lua.org/ftp/lua-${PV}.tar.gz;name=tarballsrc \
           file://lua.pc.in \
           file://0001-Allow-building-lua-without-readline-on-Linux.patch \
+           file://CVE-2020-15888.patch \
           "

 # if no test suite matches PV release of Lua exactly, download the suite for the closest Lua release.