Git Product home page Git Product logo

Comments (5)

jonas-schievink avatar jonas-schievink commented on August 19, 2024

One thing to keep in mind is that callbacks must currently outlive the 'static lifetime, so they can't really mutably borrow anything that would cause interesting UB (for example, mutable access to statics is already unsafe). Of course, this doesn't mean that there's no issue here, it's just not a particularly dangerous one.

from rlua.

kyren avatar kyren commented on August 19, 2024

I think they can move capture a value mutably, then get a reference to themselves via Lua and cause some pretty bad juju right? I can at least see how to mutate a value I currently hold a &mut reference to.

from rlua.

jonas-schievink avatar jonas-schievink commented on August 19, 2024

Ugh, of course. How could I miss that? Clearly I need to write more Rust.

Demonstration of UB:

extern crate rlua;

use rlua::*;

fn main() {
    let lua = Lua::new();

    let mut v = Some(Box::new(123));
    let f = lua.create_function::<_, (), _>(move |lua, mutate: bool| {
        if mutate {
            v = None;
        } else {
            let r = v.as_mut().unwrap();
            println!("BEFORE: first value at {:p}", r as *mut _);
            println!("BEFORE: first value is {}", r);
            lua.globals().get::<_, Function>("f").unwrap().call::<_, ()>(true).unwrap();
            println!("AFTER: first value at {:p}", r as *mut _);
            println!("AFTER: first value is {}", r);
        }

        Ok(())
    });
    lua.globals().set("f", f).unwrap();
    lua.globals().get::<_, Function>("f").unwrap().call::<_, ()>(false).unwrap();
}

Prints on my machine:

BEFORE: first value at 0x7f6feb021010
BEFORE: first value is 123
AFTER: first value at 0x7f6feb021010

...and then segfaults

from rlua.

kyren avatar kyren commented on August 19, 2024

Nice, thank you for the demonstration! Luckily, it should be a pretty easy fix.

from rlua.

kyren avatar kyren commented on August 19, 2024

I think this is fixed now with 4b7a340. I know that this causes a panic, and not an error, and that that is not ideal. It's actually not hard to make it an error, but it really should be another Error enum entry, and the panic.. kind of matches what happens with resurrected userdata? I don't know, I could have made it an Error, and I actually will... I plan on working on fixing #38 really soon, and doing all the API breakage at once.

from rlua.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.