Closed tomaka closed 7 years ago
One solution would be to never push a T
alone, but always a (TypeId, T)
instead.
Hlua's API would transparently add or remove the TypeId
whenever you push or load a userdata.
Since reading a userdata expects a TypeId
, this idea can only work if the user has no way of writing a userdata without that TypeId
.
Right now hlua checks type safety by writing the TypeId of the userdata in the index
__typeid
of its metatable. However this could be easily modified by the library user or even maybe by a Lua script.Of course it would be very stupid for a user to modify the value in
__typeid
. If all actors cooperate, then there's no unsafety. But safety is all or nothing. If for example you write a Lua REPL with hlua and take user input, then there is a security leak here.