Patch Lua 5.1 using the build system

natecraddock · natecraddock · commit d9a158505912 · 2025-03-30T22:07:14.000-06:00
Adds a super simple executable to apply patches during build-time. It might fail for more complex patches but it works well enough for the patch needed for Lua 5.1. Closes #109
diff --git a/build/lua-5.1.patch b/build/lua-5.1.patch
@@ -0,0 +1,13 @@
+# Patch for CVE-2014-5461
+# See https://nvd.nist.gov/vuln/detail/CVE-2014-5461
+--- a/src/ldo.c
++++ b/src/ldo.c
+@@ -274,7 +274,7 @@ int luaD_precall (lua_State *L, StkId func, int nresults) {
+     CallInfo *ci;
+     StkId st, base;
+     Proto *p = cl->p;
+-    luaD_checkstack(L, p->maxstacksize);
++    luaD_checkstack(L, p->maxstacksize + p->numparams);
+     func = restorestack(L, funcr);
+     if (!p->is_vararg) {  /* no varargs? */
+       base = func + 1;
diff --git a/build/lua.zig b/build/lua.zig
@@ -71,6 +71,12 @@ pub fn configure(b: *Build, target: Build.ResolvedTarget, optimize: std.builtin.
         .flags = &flags,
     });
 
+    // Patch ldo.c for Lua 5.1
+    if (lang == .lua51) {
+        const patched = patchFile(b, target, lib, upstream.path("src/ldo.c"), b.path("build/lua-5.1.patch"));
+        lib.addCSourceFile(.{ .file = patched, .flags = &flags });
+    }
+
     lib.linkLibC();
 
     lib.installHeader(upstream.path("src/lua.h"), "lua.h");
@@ -81,11 +87,33 @@ pub fn configure(b: *Build, target: Build.ResolvedTarget, optimize: std.builtin.
     return lib;
 }
 
+fn patchFile(
+    b: *Build,
+    target: Build.ResolvedTarget,
+    lib: *Step.Compile,
+    file: Build.LazyPath,
+    patch_file: Build.LazyPath,
+) Build.LazyPath {
+    const patch = b.addExecutable(.{
+        .name = "patch",
+        .root_source_file = b.path("build/patch.zig"),
+        .target = target,
+    });
+
+    const patch_run = b.addRunArtifact(patch);
+    patch_run.addFileArg(file);
+    patch_run.addFileArg(patch_file);
+    const out = patch_run.addOutputFileArg("ldo.c");
+
+    lib.step.dependOn(&patch_run.step);
+
+    return out;
+}
+
 const lua_base_source_files = [_][]const u8{
     "src/lapi.c",
     "src/lcode.c",
     "src/ldebug.c",
-    "src/ldo.c",
     "src/ldump.c",
     "src/lfunc.c",
     "src/lgc.c",
@@ -114,19 +142,22 @@ const lua_base_source_files = [_][]const u8{
 };
 
 const lua_52_source_files = lua_base_source_files ++ [_][]const u8{
+    "src/ldo.c",
     "src/lctype.c",
     "src/lbitlib.c",
     "src/lcorolib.c",
 };
 
 const lua_53_source_files = lua_base_source_files ++ [_][]const u8{
+    "src/ldo.c",
     "src/lctype.c",
     "src/lbitlib.c",
     "src/lcorolib.c",
     "src/lutf8lib.c",
 };
 
 const lua_54_source_files = lua_base_source_files ++ [_][]const u8{
+    "src/ldo.c",
     "src/lctype.c",
     "src/lcorolib.c",
     "src/lutf8lib.c",
diff --git a/build/patch.zig b/build/patch.zig
@@ -0,0 +1,128 @@
+//! A simple script to apply a patch to a file
+//! Does minimal validation and is just enough for patching Lua 5.1
+
+pub fn main() !void {
+    var arena = std.heap.ArenaAllocator.init(std.heap.page_allocator);
+    defer arena.deinit();
+
+    const allocator = arena.allocator();
+
+    const args = try std.process.argsAlloc(allocator);
+    if (args.len != 4) @panic("Wrong number of arguments");
+
+    const file_path = args[1];
+    const patch_file_path = args[2];
+    const output_path = args[3];
+
+    const patch_file = try std.fs.openFileAbsolute(patch_file_path, .{ .mode = .read_only });
+    defer patch_file.close();
+    const chunk_details = Chunk.next(allocator, patch_file) orelse @panic("No chunk data found");
+
+    const file = try std.fs.openFileAbsolute(file_path, .{ .mode = .read_only });
+    defer file.close();
+
+    const output = try std.fs.createFileAbsolute(output_path, .{});
+    defer output.close();
+
+    var state: State = .copy;
+
+    var line_number: usize = 1;
+    while (true) : (line_number += 1) {
+        if (line_number == chunk_details.src) state = .chunk;
+
+        switch (state) {
+            .copy => {
+                const line = getLine(allocator, file) orelse return;
+                _ = try output.write(line);
+                _ = try output.write("\n");
+            },
+            .chunk => {
+                const chunk = chunk_details.lines[line_number - chunk_details.src];
+                switch (chunk.action) {
+                    .remove => {
+                        const line = getLine(allocator, file) orelse return;
+                        if (!std.mem.eql(u8, chunk.buf, line)) @panic("Failed to apply patch");
+                    },
+                    .keep => {
+                        const line = getLine(allocator, file) orelse return;
+                        if (!std.mem.eql(u8, chunk.buf, line)) @panic("Failed to apply patch");
+                        _ = try output.write(line);
+                        _ = try output.write("\n");
+                    },
+                    .add => {
+                        _ = try output.write(chunk.buf);
+                        _ = try output.write("\n");
+                    },
+                }
+
+                if (line_number - chunk_details.src == chunk_details.lines.len - 1) state = .copy;
+            },
+        }
+    }
+}
+
+fn getLine(allocator: Allocator, file: File) ?[]u8 {
+    return file.reader().readUntilDelimiterAlloc(allocator, '\n', std.math.maxInt(usize)) catch |err| switch (err) {
+        error.EndOfStream => return null,
+        else => @panic("Error"),
+    };
+}
+
+const State = enum { copy, chunk };
+
+const Chunk = struct {
+    lines: []Line,
+    src: usize,
+    dst: usize,
+
+    const Line = struct {
+        const Action = enum { remove, keep, add };
+
+        action: Action,
+        buf: []const u8,
+    };
+
+    fn next(allocator: Allocator, file: File) ?Chunk {
+        while (true) {
+            const line = getLine(allocator, file) orelse return null;
+            if (std.mem.startsWith(u8, line, "@@")) {
+                const end = std.mem.indexOfPosLinear(u8, line, 3, "@@").?;
+                const details = line[4 .. end - 2];
+
+                const space_index = std.mem.indexOfScalar(u8, details, ' ').?;
+                const src = getLineNumber(details[0..space_index]);
+                const dst = getLineNumber(details[space_index + 1 ..]);
+
+                var lines: std.ArrayListUnmanaged(Line) = .empty;
+                while (true) {
+                    const diff_line = getLine(allocator, file) orelse break;
+                    if (std.mem.startsWith(u8, diff_line, "@@")) break;
+
+                    const action: Line.Action = switch (diff_line[0]) {
+                        '-' => .remove,
+                        ' ' => .keep,
+                        '+' => .add,
+                        else => @panic("Bad patch file"),
+                    };
+
+                    lines.append(allocator, .{ .action = action, .buf = diff_line[1..] }) catch unreachable;
+                }
+
+                return .{
+                    .lines = lines.toOwnedSlice(allocator) catch unreachable,
+                    .src = src,
+                    .dst = dst,
+                };
+            }
+        }
+    }
+
+    fn getLineNumber(buf: []const u8) usize {
+        const comma = std.mem.indexOfScalar(u8, buf, ',').?;
+        return std.fmt.parseInt(usize, buf[0..comma], 10) catch unreachable;
+    }
+};
+
+const std = @import("std");
+const Allocator = std.mem.Allocator;
+const File = std.fs.File;
