1From 1f3c6f4534c6411313361697d98d1145a1f030fa Mon Sep 17 00:00:00 2001 2From: Roberto Ierusalimschy <roberto@inf.puc-rio.br> 3Date: Tue, 15 Feb 2022 12:28:46 -0300 4Subject: [PATCH] Bug: Lua can generate wrong code when _ENV is <const> 5 6CVE: CVE-2022-28805 7 8Upstream-Status: Backport [https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa] 9 10Signed-off-by: Steve Sakoman <steve@sakoman.com> 11--- 12 src/lparser.c | 1 + 13 1 files changed, 1 insertions(+) 14 15diff --git a/src/lparser.c b/src/lparser.c 16index 3abe3d751..a5cd55257 100644 17--- a/src/lparser.c 18+++ b/src/lparser.c 19@@ -468,6 +468,7 @@ static void singlevar (LexState *ls, expdesc *var) { 20 expdesc key; 21 singlevaraux(fs, ls->envn, var, 1); /* get environment variable */ 22 lua_assert(var->k != VVOID); /* this one must exist */ 23+ luaK_exp2anyregup(fs, var); /* but could be a constant */ 24 codestring(&key, varname); /* key is variable name */ 25 luaK_indexed(fs, var, &key); /* env[varname] */ 26 } 27