It fixes a security problem with Lua. A more detailed explanation is here: http://www.lua.org/bugs.html#5.2.2-1
As far as security goes, using a stack overflow when poke() is right there would seem to be making things hard on oneself
That said, it sounds like it could crash in other legitimate code, so probably worth applying. Thanks for pointing it out.
edit:
I've checked this in on the trunk (r5979), as well as
https://www.lua.org/bugs.html#5.1.5-2 (r5980). The latter makes CHDK Lua effectively 5.1.5
I'll merge them back to the stable branch a bit later after I've had time to test a few more scripts.
For both, I verified the existing CHDK code showed the error in the test case, and the patch resolved it.