[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: possible toLua typesafety bug
- From: "Eric Ries" <eries@...>
- Date: Fri, 11 May 2001 12:58:15 -0400
Let's take a bit of toLua generated code as follows:
/* set function: newGoalOri of class SuiGoalOrientationOutput */
static int toluaI_set_Sui_SuiGoalOrientationOutput_newGoalOri(lua_State*
tolua_S)
{
SuiGoalOrientationOutput* self = (SuiGoalOrientationOutput*)
tolua_getusertype(tolua_S,1,0);
if (!self) tolua_error(tolua_S,"invalid 'self' in accessing variable
'newGoalOri' in func toluaI_set_Sui_SuiGoalOrientationOutput_newGoalOri");
if (!tolua_istype(tolua_S,2,tolua_tag(tolua_S,"Ori"),0))
tolua_error(tolua_S,"#vinvalid type in variable assignment. in func
toluaI_set_Sui_SuiGoalOrientationOutput_newGoalOri");
self->newGoalOri = *((CartesianOri*) tolua_getusertype(tolua_S,2,0));
return 0;
}
Now, notice that the "self" parameter is cast to a SuiGoalOrientationOutput
pointer without any checking that the first parameter is of the right type.
So it seems to me that it would be possible to contrive some Lua code that
could cause this code to violate the type-safeness of toLua.
Am I right? Seems to me like a simple call to tolua_tag() before
tolua_getusertype() would do it...
Eric