tomaka
commented
7 years ago One solution would be to never push a T alone, but always a (TypeId, T) instead.
Hlua's API would transparently add or remove the TypeId whenever you push or load a userdata.
Since reading a userdata expects a TypeId, this idea can only work if the user has no way of writing a userdata without that TypeId.
Right now hlua checks type safety by writing the TypeId of the userdata in the index
__typeidof its metatable. However this could be easily modified by the library user or even maybe by a Lua script.Of course it would be very stupid for a user to modify the value in
__typeid. If all actors cooperate, then there's no unsafety. But safety is all or nothing. If for example you write a Lua REPL with hlua and take user input, then there is a security leak here.