Overview

File luajit-CVE-2024-25176.patch of Package lua51-luajit.40271

From 343ce0edaf3906a62022936175b2f5410024cbfc Mon Sep 17 00:00:00 2001
From: Mike Pall <mike>
Date: Thu, 25 Jan 2024 13:23:48 +0100
Subject: [PATCH] Fix zero stripping in %g number formatting.

Reported by pwnhacker0x18. #1149
---
 src/lj_strfmt_num.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/lj_strfmt_num.c b/src/lj_strfmt_num.c
index 79ec0263..c6e776aa 100644
--- a/src/lj_strfmt_num.c
+++ b/src/lj_strfmt_num.c
@@ -454,7 +454,8 @@ static char *lj_strfmt_wfnum(SBuf *sb, SFormat sf, lua_Number n, char *p)
 	    prec--;
 	    if (!i) {
 	      if (ndlo == ndhi) { prec = 0; break; }
-	      lj_strfmt_wuint9(tail, nd[++ndlo]);
+	      ndlo = (ndlo + 1) & 0x3f;
+	      lj_strfmt_wuint9(tail, nd[ndlo]);
 	      i = 9;
 	    }
 	  }
-- 
2.50.1
openSUSE Build Service is sponsored by
Places