From 845e4f4acbc0dc5691bd3512675af2aee0ac66b9 Mon Sep 17 00:00:00 2001
From: Yiheng Cao <65160922+Crispy-fried-chicken@users.noreply.github.com>
Date: Sat, 3 Feb 2024 21:29:27 +0800
Subject: [PATCH] Backport CVE-2020-24370's patch

---
 liblua/ldebug.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/liblua/ldebug.c b/liblua/ldebug.c
index 7e04f9d0..6b99865f 100644
--- a/liblua/ldebug.c
+++ b/liblua/ldebug.c
@@ -106,10 +106,11 @@ static const char *upvalname (Proto *p, int uv) {
 
 static const char *findvararg (CallInfo *ci, int n, StkId *pos) {
   int nparams = clLvalue(ci->func)->p->numparams;
-  if (n >= ci->u.l.base - ci->func - nparams)
+  int nvararg = cast_int(ci->u.l.base - ci->func) - nparams;
+  if (n <= -nvararg)
     return NULL;  /* no such vararg */
   else {
-    *pos = ci->func + nparams + n;
+    *pos = ci->func + nparams - n;
     return "(*vararg)";  /* generic name for any vararg */
   }
 }
@@ -121,7 +122,7 @@ static const char *findlocal (lua_State *L, CallInfo *ci, int n,
   StkId base;
   if (isLua(ci)) {
     if (n < 0)  /* access to vararg values? */
-      return findvararg(ci, -n, pos);
+      return findvararg(ci, n, pos);
     else {
       base = ci->u.l.base;
       name = luaF_getlocalname(ci_func(ci)->p, n, currentpc(ci));