From 4ffd3ebdeb028d0b9e50cf5986e9f1b6a2e1c031 Mon Sep 17 00:00:00 2001
From: Madelyn Olson <madelyneolson@gmail.com>
Date: Mon, 6 Jan 2025 14:02:22 -0800
Subject: [PATCH] Fix LUA garbage collector (CVE-2024-46981) (#1513)

Reset GC state before closing the lua VM to prevent user data to be
wrongly freed while still might be used on destructor callbacks.

Created and publish by Redis in their OSS branch.

Signed-off-by: Madelyn Olson <madelyneolson@gmail.com>
Co-authored-by: YaacovHazan <yaacov.hazan@redis.com>
---
 src/eval.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/eval.c b/src/eval.c
index e9fac531f5..9aa185d77b 100644
--- a/src/eval.c
+++ b/src/eval.c
@@ -285,6 +285,7 @@ void scriptingInit(int setup) {
 void freeLuaScriptsSync(dict *lua_scripts, list *lua_scripts_lru_list, lua_State *lua) {
     dictRelease(lua_scripts);
     listRelease(lua_scripts_lru_list);
+    lua_gc(lctx.lua, LUA_GCCOLLECT, 0);
     lua_close(lua);
 
 #if !defined(USE_LIBC)