From a47f5e426702675c361eb7124b2c6434d0c65ea6 Mon Sep 17 00:00:00 2001
From: KIMDONGYEON00 <dongyeonkim2000@gmail.com>
Date: Tue, 14 Oct 2025 13:43:18 +0900
Subject: [PATCH] Fix lua UAF (CVE-2025-49844)

Fix lua UAF bug (CVE-2025-49844 - Redishell)
---
 app/redis-6.2.6/deps/lua/src/lparser.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/app/redis-6.2.6/deps/lua/src/lparser.c b/app/redis-6.2.6/deps/lua/src/lparser.c
index dda7488dc..ee7d90c90 100644
--- a/app/redis-6.2.6/deps/lua/src/lparser.c
+++ b/app/redis-6.2.6/deps/lua/src/lparser.c
@@ -384,13 +384,17 @@ Proto *luaY_parser (lua_State *L, ZIO *z, Mbuffer *buff, const char *name) {
   struct LexState lexstate;
   struct FuncState funcstate;
   lexstate.buff = buff;
-  luaX_setinput(L, &lexstate, z, luaS_new(L, name));
+  TString *tname = luaS_new(L, name);
+  setsvalue2s(L, L->top, tname);
+  incr_top(L);
+  luaX_setinput(L, &lexstate, z, tname);
   open_func(&lexstate, &funcstate);
   funcstate.f->is_vararg = VARARG_ISVARARG;  /* main func. is always vararg */
   luaX_next(&lexstate);  /* read first token */
   chunk(&lexstate);
   check(&lexstate, TK_EOS);
   close_func(&lexstate);
+  --L->top;
   lua_assert(funcstate.prev == NULL);
   lua_assert(funcstate.f->nups == 0);
   lua_assert(lexstate.fs == NULL);
-- 
2.43.0