Fix LUA garbage collector (CVE-2024-46981) (#1513)

Reset GC state before closing the lua VM to prevent user data to be
wrongly freed while still might be used on destructor callbacks.

Created and publish by Redis in their OSS branch.

Pulled from Valkey for Redict.

Signed-off-by: Madelyn Olson <madelyneolson@gmail.com>
Signed-off-by: Drew DeVault <sir@cmpwn.com>
Co-authored-by: YaacovHazan <yaacov.hazan@redis.com>
This commit is contained in:
Madelyn Olson 2025-01-06 14:02:22 -08:00 committed by Drew DeVault
parent ba5dcb3b16
commit d12b0cf438

View File

@ -273,6 +273,7 @@ void scriptingInit(int setup) {
void freeLuaScriptsSync(dict *lua_scripts, list *lua_scripts_lru_list, lua_State *lua) { void freeLuaScriptsSync(dict *lua_scripts, list *lua_scripts_lru_list, lua_State *lua) {
dictRelease(lua_scripts); dictRelease(lua_scripts);
listRelease(lua_scripts_lru_list); listRelease(lua_scripts_lru_list);
lua_gc(lctx.lua, LUA_GCCOLLECT, 0);
lua_close(lua); lua_close(lua);
#if !defined(USE_LIBC) #if !defined(USE_LIBC)