Fix LUA garbage collector (CVE-2024-46981) (#1513)

Reset GC state before closing the lua VM to prevent user data to be wrongly freed while still might be used on destructor callbacks. Created and publish by Redis in their OSS branch. Signed-off-by: Madelyn Olson <[email protected]> Co-authored-by: YaacovHazan <[email protected]>
valkey-io · Jan 6, 2025 · 4ffd3eb · 4ffd3eb
1 parent 7977c55
commit 4ffd3eb
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/src/eval.c b/src/eval.c
@@ -285,6 +285,7 @@ void scriptingInit(int setup) {
 void freeLuaScriptsSync(dict *lua_scripts, list *lua_scripts_lru_list, lua_State *lua) {
     dictRelease(lua_scripts);
     listRelease(lua_scripts_lru_list);
+    lua_gc(lctx.lua, LUA_GCCOLLECT, 0);
     lua_close(lua);
 
 #if !defined(USE_LIBC)