Fix LUA garbage collector (CVE-2024-46981) (#1513)

Reset GC state before closing the lua VM to prevent user data to be
wrongly freed while still might be used on destructor callbacks.

Created and publish by Redis in their OSS branch.

Pulled from Valkey for Redict.

Signed-off-by: Madelyn Olson <madelyneolson@gmail.com>
Signed-off-by: Drew DeVault <sir@cmpwn.com>
Co-authored-by: YaacovHazan <yaacov.hazan@redis.com>
This commit is contained in:
Madelyn Olson 2025-01-06 14:02:22 -08:00 committed by Drew DeVault
parent 6535d03f25
commit 0c8caf3427

View File

@ -273,6 +273,7 @@ void scriptingInit(int setup) {
void freeLuaScriptsSync(dict *lua_scripts, list *lua_scripts_lru_list, lua_State *lua) { void freeLuaScriptsSync(dict *lua_scripts, list *lua_scripts_lru_list, lua_State *lua) {
dictRelease(lua_scripts); dictRelease(lua_scripts);
listRelease(lua_scripts_lru_list); listRelease(lua_scripts_lru_list);
lua_gc(lctx.lua, LUA_GCCOLLECT, 0);
lua_close(lua); lua_close(lua);
#if !defined(USE_LIBC) #if !defined(USE_LIBC)