From 4188c2164dd51f619736eca06bb1123277bd9644 Mon Sep 17 00:00:00 2001 From: Bruce Hill Date: Sat, 10 Feb 2018 16:48:58 -0800 Subject: [PATCH] Added slightly more error checking. --- limmutable.c | 28 ++++++++++++++++++++++------ test.lua | 8 ++++++++ 2 files changed, 30 insertions(+), 6 deletions(-) diff --git a/limmutable.c b/limmutable.c index 1bb7f42..1a85788 100644 --- a/limmutable.c +++ b/limmutable.c @@ -107,7 +107,7 @@ static int Lcreate_instance(lua_State *L) // Stack: [inst, buckets] lua_createtable(L, 1, 0); // Stack: [inst, buckets, bucket] - lua_pushlightuserdata(L, (void*)Lcreate_instance); + lua_pushlightuserdata(L, (void*)Lcreate_instance); // Shared bucket metatable lua_gettable(L, LUA_REGISTRYINDEX); // Stack: [inst, buckets, bucket, {'__mode'='k'}] lua_setmetatable(L, -2); @@ -223,13 +223,17 @@ static int Lindex(lua_State *L) // Stack: [mt, indices] lua_pushvalue(L, 2); // Stack: [mt, indices, k] - lua_rawget(L, -2); + lua_gettable(L, -2); // Stack: [mt, indices, i] if (! lua_isnil(L, -1)) { // Stack: [mt, indices, i] lua_getfield(L, -3, "__instances"); // Stack: [mt, indices, i, buckets] - lua_rawgeti(L, -1, *((lua_Integer*)lua_touserdata(L, 1))); + lua_Integer* hash_address = (lua_Integer*)lua_touserdata(L, 1); + if (! hash_address) { + luaL_error(L, "invalid type"); + } + lua_rawgeti(L, -1, *hash_address); // Stack: [mt, indices, i, buckets, bucket] lua_pushvalue(L, 1); // Stack: [mt, indices, i, buckets, bucket, inst_udata] @@ -268,7 +272,11 @@ static int Ltostring(lua_State *L) lua_getfield(L, -1, "__instances"); // Stack: [mt, buckets] - lua_rawgeti(L, -1, *((lua_Integer*)lua_touserdata(L, 1))); + lua_Integer* hash_address = (lua_Integer*)lua_touserdata(L, 1); + if (! hash_address) { + luaL_error(L, "invalid type"); + } + lua_rawgeti(L, -1, *hash_address); // Stack: [mt, buckets, bucket] lua_pushvalue(L, 1); // Stack: [mt, buckets, bucket, inst_udata] @@ -317,7 +325,11 @@ static int Lnexti(lua_State *L) // Stack: [mt] lua_getfield(L, -1, "__instances"); // Stack: [mt, buckets] - lua_rawgeti(L, -1, *((lua_Integer*)lua_touserdata(L, 1))); + lua_Integer* hash_address = (lua_Integer*)lua_touserdata(L, 1); + if (! hash_address) { + luaL_error(L, "invalid type"); + } + lua_rawgeti(L, -1, *hash_address); // Stack: [mt, buckets, bucket] lua_pushvalue(L, 1); // Stack: [mt, buckets, bucket, inst_udata] @@ -357,7 +369,11 @@ static int Lnext(lua_State *L) // Stack: [mt] lua_getfield(L, -1, "__instances"); // Stack: [mt, buckets] - lua_rawgeti(L, -1, *((lua_Integer*)lua_touserdata(L, 1))); + lua_Integer* hash_address = (lua_Integer*)lua_touserdata(L, 1); + if (! hash_address) { + luaL_error(L, "invalid type"); + } + lua_rawgeti(L, -1, *hash_address); // Stack: [mt, buckets, bucket] lua_pushvalue(L, 1); // Stack: [mt, buckets, bucket, inst_udata] diff --git a/test.lua b/test.lua index c2c4f62..0b21c58 100644 --- a/test.lua +++ b/test.lua @@ -148,6 +148,14 @@ test("Testing similar class", function() assert(FooVec(1,1) ~= Vec(1,1)) end) +test("Testing spoofing", function() + local t = {99,100} + setmetatable(t, Vec) + assert(not pcall(function() return t.x end)) + assert(not pcall(function() return Vec(88) end)) + assert(not pcall(function() return Vec.__tostring(t) end)) +end) + if num_errors == 0 then print(green.."All tests passed!"..reset) else