From 09cac0f2e739f9f9ab3163dbb6c025b19e4f88b2 Mon Sep 17 00:00:00 2001
From: the-Chain-Warden-thresh <18302010006@fudan.edu.cn>
Date: Sat, 3 Feb 2024 01:50:15 +0800
Subject: [PATCH] Backport CVE-2020-24370's patch

---
 src/wsh/lua/src/ldebug.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/wsh/lua/src/ldebug.c b/src/wsh/lua/src/ldebug.c
index 9bd86d0..47a2d4b 100644
--- a/src/wsh/lua/src/ldebug.c
+++ b/src/wsh/lua/src/ldebug.c
@@ -126,10 +126,11 @@ static const char *upvalname (Proto *p, int uv) {
 
 static const char *findvararg (CallInfo *ci, int n, StkId *pos) {
   int nparams = clLvalue(ci->func)->p->numparams;
-  if (n >= cast_int(ci->u.l.base - ci->func) - nparams)
+  int nvararg = cast_int(ci->u.l.base - ci->func) - nparams;
+  if (n <= -nvararg)
     return NULL;  /* no such vararg */
   else {
-    *pos = ci->func + nparams + n;
+    *pos = ci->func + nparams - n;
     return "(*vararg)";  /* generic name for any vararg */
   }
 }
@@ -141,7 +142,7 @@ static const char *findlocal (lua_State *L, CallInfo *ci, int n,
   StkId base;
   if (isLua(ci)) {
     if (n < 0)  /* access to vararg values? */
-      return findvararg(ci, -n, pos);
+      return findvararg(ci, n, pos);
     else {
       base = ci->u.l.base;
       name = luaF_getlocalname(ci_func(ci)->p, n, currentpc(ci));