mirror of
https://abf.rosa.ru/djam/redis.git
synced 2025-02-24 06:52:50 +00:00
22 lines
664 B
Diff
22 lines
664 B
Diff
From: Chris Lamb <lamby@debian.org>
|
|
Date: Sat, 21 Nov 2015 16:15:23 +0200
|
|
Subject: CVE-2015-8080: Integer wraparound in lua_struct.c causing
|
|
stack-based buffer overflow
|
|
|
|
---
|
|
deps/lua/src/lua_struct.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/deps/lua/src/lua_struct.c b/deps/lua/src/lua_struct.c
|
|
index ec78bcb..b5f8647 100644
|
|
--- a/deps/lua/src/lua_struct.c
|
|
+++ b/deps/lua/src/lua_struct.c
|
|
@@ -96,7 +96,7 @@ static int getnum (const char **fmt, int df) {
|
|
int a = 0;
|
|
do {
|
|
a = a*10 + *((*fmt)++) - '0';
|
|
- } while (isdigit(**fmt));
|
|
+ } while (isdigit(**fmt) && a <= ((int)MAXINTSIZE - 9)/10);
|
|
return a;
|
|
}
|
|
}
|