Overview

File luajit-CVE-2024-25177.patch of Package lua51-luajit.40271

diff -urp LuaJIT-2.1.0-beta3.orig/src/lj_snap.c LuaJIT-2.1.0-beta3/src/lj_snap.c
--- LuaJIT-2.1.0-beta3.orig/src/lj_snap.c	2017-05-01 14:05:00.000000000 -0500
+++ LuaJIT-2.1.0-beta3/src/lj_snap.c	2025-08-05 17:41:40.085224102 -0500
@@ -403,6 +403,7 @@ static TRef snap_replay_const(jit_State
   case IR_KNUM: case IR_KINT64:
     return lj_ir_k64(J, (IROp)ir->o, ir_k64(ir)->u64);
   case IR_KPTR: return lj_ir_kptr(J, ir_kptr(ir));  /* Continuation. */
+  case IR_KNULL: return lj_ir_knull(J, irt_type(ir->t));
   default: lua_assert(0); return TREF_NIL; break;
   }
 }
@@ -803,9 +804,13 @@ static void snap_unsink(jit_State *J, GC
 		   irs->o == IR_FSTORE);
 	if (irk->o == IR_FREF) {
 	  lua_assert(irk->op2 == IRFL_TAB_META);
-	  snap_restoreval(J, T, ex, snapno, rfilt, irs->op2, &tmp);
-	  /* NOBARRIER: The table is new (marked white). */
-	  setgcref(t->metatable, obj2gco(tabV(&tmp)));
+	  if (T->ir[irs->op2].o == IR_KNULL) {
+	    setgcrefnull(t->metatable);
+	  } else {
+	    snap_restoreval(J, T, ex, snapno, rfilt, irs->op2, &tmp);
+	    /* NOBARRIER: The table is new (marked white). */
+	    setgcref(t->metatable, obj2gco(tabV(&tmp)));
+	  }
 	} else {
 	  irk = &T->ir[irk->op2];
 	  if (irk->o == IR_KSLOT) irk = &T->ir[irk->op1];
openSUSE Build Service is sponsored by
Places