From fdaf5ed72f213fcb752f88ac0180a40543432acd Mon Sep 17 00:00:00 2001 From: Yan Naing Tun Date: Wed, 5 Mar 2025 15:28:47 +0800 Subject: [PATCH] Fix Lua stack overflow vulnerability (#1054) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Turánszki János --- WickedEngine/LUA/ldebug.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/WickedEngine/LUA/ldebug.c b/WickedEngine/LUA/ldebug.c index e499ee362..ebc997707 100644 --- a/WickedEngine/LUA/ldebug.c +++ b/WickedEngine/LUA/ldebug.c @@ -634,11 +634,15 @@ l_noret luaG_runerror (lua_State *L, const char *fmt, ...) { CallInfo *ci = L->ci; const char *msg; va_list argp; + luaC_checkGC(L); /* error message uses memory */ va_start(argp, fmt); msg = luaO_pushvfstring(L, fmt, argp); /* format message */ va_end(argp); - if (isLua(ci)) /* if Lua function, add source:line information */ + if (isLua(ci)) { /* if Lua function, add source:line information */ luaG_addinfo(L, msg, ci_func(ci)->p->source, currentline(ci)); + setobjs2s(L, L->top - 2, L->top - 1); /* remove 'msg' from the stack */ + L->top--; + } luaG_errormsg(L); }