Skip to content

Fix potential vulnerable cloned function #187

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
npt-1707 wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fix potential vulnerable cloned function #187

npt-1707 wants to merge 1 commit into from

Conversation

@npt-1707
Copy link

@npt-1707 npt-1707 commented Dec 19, 2025

Summary

Our tool detected a potential vulnerability in finderrfunc() in third-party/luajit/src/lj_err.c which was cloned from LuaJIT/LuaJIT@53f82e6 but did not receive the security patch. The original issue was reported and fixed under CVE-2020-15890.

Proposed Fix

Apply the same patch as the one in LuaJIT/LuaJIT to eliminate the vulnerability.

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-15890
LuaJIT/LuaJIT@53f82e6

@MatPoliquin MatPoliquin requested a review from Copilot December 25, 2025 15:29
Copilot AI reviewed Dec 25, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR applies a critical security patch to fix CVE-2020-15890 in the LuaJIT error handling code. The vulnerability existed in the finderrfunc() function where the cframe pointer (cf) was not being advanced in the FRAME_CP case, potentially causing pointer desynchronization during stack traversal.

  • Adds missing cf = cframe_prev(cf); call in the FRAME_CP case of finderrfunc()
  • Aligns the FRAME_CP case behavior with FRAME_C and FRAME_CONT cases
  • Directly applies the upstream LuaJIT security patch from commit 53f82e6e2e858a0a62fd1a2ff47e9866693382e6

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@MatPoliquin MatPoliquin requested a review from Copilot January 1, 2026 03:53
Copilot AI reviewed Jan 1, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@npt-1707