Fix Lua Integer Overflow (CVE-2025-46817)

author KIMDONGYEON00 <dongyeonkim2000@gmail.com>

Mon, 20 Oct 2025 11:08:47 +0000 (20:08 +0900)

committer GitHub <noreply@github.com>

Mon, 20 Oct 2025 11:08:47 +0000 (20:08 +0900)
author KIMDONGYEON00 <dongyeonkim2000@gmail.com>
Mon, 20 Oct 2025 11:08:47 +0000 (20:08 +0900)
committer GitHub <noreply@github.com>
Mon, 20 Oct 2025 11:08:47 +0000 (20:08 +0900)
diff --git a/app/redis-6.2.6/deps/lua/src/ltable.c b/app/redis-6.2.6/deps/lua/src/ltable.c

index ec84f4fabc513b7c765e46bda0432b571c13fb1a..210eadf86e3c9d78f19efece0bc73d50ae5fdb26 100644 (file)
--- a/app/redis-6.2.6/deps/lua/src/ltable.c
+++ b/app/redis-6.2.6/deps/lua/src/ltable.c
@@ -434,7 +434,7 @@ static TValue *newkey (lua_State *L, Table *t, const TValue *key) {
  */
  const TValue *luaH_getnum (Table *t, int key) {
    /* (1 <= key && key <= t->sizearray) */
-  if (cast(unsigned int, key-1) < cast(unsigned int, t->sizearray))
+  if (1 <= key && key <= t->sizearray)
      return &t->array[key-1];
    else {
      lua_Number nk = cast_num(key);
author	KIMDONGYEON00 <dongyeonkim2000@gmail.com>
	Mon, 20 Oct 2025 11:08:47 +0000 (20:08 +0900)
committer	GitHub <noreply@github.com>
	Mon, 20 Oct 2025 11:08:47 +0000 (20:08 +0900)