File CVE-2025-49844.patch of Package redis.41031

From 5785f3e6e5aa13a9f0e5e1576b398eb4f7d3bb13 Mon Sep 17 00:00:00 2001
From: Mincho Paskalev <minchopaskal@gmail.com>
Date: Mon, 23 Jun 2025 11:41:37 +0300
Subject: [PATCH] Lua script may lead to remote code execution (CVE-2025-49844)

---
 deps/lua/src/lparser.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/deps/lua/src/lparser.c b/deps/lua/src/lparser.c
index dda7488dcad..ee7d90c90d7 100644
--- a/deps/lua/src/lparser.c
+++ b/deps/lua/src/lparser.c
@@ -384,13 +384,17 @@ Proto *luaY_parser (lua_State *L, ZIO *z, Mbuffer *buff, const char *name) {
   struct LexState lexstate;
   struct FuncState funcstate;
   lexstate.buff = buff;
-  luaX_setinput(L, &lexstate, z, luaS_new(L, name));
+  TString *tname = luaS_new(L, name);
+  setsvalue2s(L, L->top, tname);
+  incr_top(L);
+  luaX_setinput(L, &lexstate, z, tname);
   open_func(&lexstate, &funcstate);
   funcstate.f->is_vararg = VARARG_ISVARARG;  /* main func. is always vararg */
   luaX_next(&lexstate);  /* read first token */
   chunk(&lexstate);
   check(&lexstate, TK_EOS);
   close_func(&lexstate);
+  --L->top;
   lua_assert(funcstate.prev == NULL);
   lua_assert(funcstate.f->nups == 0);
   lua_assert(lexstate.fs == NULL);