Fix lua UAF (CVE-2025-49844)

Fix lua UAF bug (CVE-2025-49844 - Redishell)

diff --git a/app/redis-6.2.6/deps/lua/src/lparser.c b/app/redis-6.2.6/deps/lua/src/lparser.c
index dda7488dcad90abab8910b5e33803a8b0c8f74e9..ee7d90c90d72e1d2237e848ce3e2f1115990a64d 100644 (file)
--- a/app/redis-6.2.6/deps/lua/src/lparser.c
+++ b/app/redis-6.2.6/deps/lua/src/lparser.c
@@ -384,13 +384,17 @@ Proto *luaY_parser (lua_State *L, ZIO *z, Mbuffer *buff, const char *name) {
   struct LexState lexstate;
   struct FuncState funcstate;
   lexstate.buff = buff;
-  luaX_setinput(L, &lexstate, z, luaS_new(L, name));
+  TString *tname = luaS_new(L, name);
+  setsvalue2s(L, L->top, tname);
+  incr_top(L);
+  luaX_setinput(L, &lexstate, z, tname);
   open_func(&lexstate, &funcstate);
   funcstate.f->is_vararg = VARARG_ISVARARG;  /* main func. is always vararg */
   luaX_next(&lexstate);  /* read first token */
   chunk(&lexstate);
   check(&lexstate, TK_EOS);
   close_func(&lexstate);
+  --L->top;
   lua_assert(funcstate.prev == NULL);
   lua_assert(funcstate.f->nups == 0);
   lua_assert(lexstate.fs == NULL);