We found luaL_unref() does not do validations when called, so when it is called twice or more with the same id, the specific id will add to free list for twice or more. This will cause the succeeding luaL_ref() to allocate duplicated ids.
eg.
int fid = luaL_ref(L, LUA_REGISTRYINDEX); // suppose got: fid=2
... ...
luaL_unref(L, LUA_REGISTRYINDEX, fid); // ok, fid=2 add to free list
luaL_unref(L, LUA_REGISTRYINDEX, fid); // if twice, ok again, fid=2 add to free list
... ...
int id1 = luaL_ref(L, LUA_REGISTRYINDEX); // got: id1=2
... ...
int id2 = luaL_ref(L, LUA_REGISTRYINDEX); // got: id2=2, duplicated
... ...
We found luaL_unref() does not do validations when called, so when it is called twice or more with the same id, the specific id will add to free list for twice or more. This will cause the succeeding luaL_ref() to allocate duplicated ids.
eg.
int fid = luaL_ref(L, LUA_REGISTRYINDEX); // suppose got: fid=2 ... ... luaL_unref(L, LUA_REGISTRYINDEX, fid); // ok, fid=2 add to free list luaL_unref(L, LUA_REGISTRYINDEX, fid); // if twice, ok again, fid=2 add to free list ... ... int id1 = luaL_ref(L, LUA_REGISTRYINDEX); // got: id1=2 ... ... int id2 = luaL_ref(L, LUA_REGISTRYINDEX); // got: id2=2, duplicated ... ...