nixpkgs/pkgs/development/interpreters/lua-5/CVE-2022-28805.patch
2022-05-30 21:04:16 +02:00

10 lines
393 B
Diff

--- a/src/lparser.c
+++ b/src/lparser.c
@@ -301,6 +301,7 @@
expdesc key;
singlevaraux(fs, ls->envn, var, 1); /* get environment variable */
lua_assert(var->k == VLOCAL || var->k == VUPVAL);
+ luaK_exp2anyregup(fs, var); /* but could be a constant */
codestring(ls, &key, varname); /* key is variable name */
luaK_indexed(fs, var, &key); /* env[varname] */
}