From e51564d1bee5aa8b411328d7d3d75906dfc0a260 Mon Sep 17 00:00:00 2001 From: Roberto Ierusalimschy Date: Wed, 16 Sep 2020 14:57:51 -0300 Subject: [PATCH] Details in comments and documentation --- lstate.h | 11 +++++++++++ manual/manual.of | 10 ++++++++++ 2 files changed, 21 insertions(+) diff --git a/lstate.h b/lstate.h index 1b6bcdf8..c1c38204 100644 --- a/lstate.h +++ b/lstate.h @@ -334,6 +334,12 @@ struct lua_State { /* ** Union of all collectable objects (only for conversions) +** ISO C99, 6.5.2.3 p.5: +** "if a union contains several structures that share a common initial +** sequence [...], and if the union object currently contains one +** of these structures, it is permitted to inspect the common initial +** part of any of them anywhere that a declaration of the complete type +** of the union is visible." */ union GCUnion { GCObject gc; /* common header */ @@ -347,6 +353,11 @@ union GCUnion { }; +/* +** ISO C99, 6.7.2.1 p.14: +** "A pointer to a union object, suitably converted, points to each of +** its members [...], and vice versa." +*/ #define cast_u(o) cast(union GCUnion *, (o)) /* macros to convert a GCObject into a specific value */ diff --git a/manual/manual.of b/manual/manual.of index c37f3061..ff891399 100644 --- a/manual/manual.of +++ b/manual/manual.of @@ -6813,6 +6813,16 @@ As such, it is only available on some platforms (Windows, Linux, Mac OS X, Solaris, BSD, plus other Unix systems that support the @id{dlfcn} standard). +This function is inherently insecure, +as it allows Lua to call any function in any readable dynamic +library in the system. +(Lua calls any function assuming the function +has a proper prototype and respects a proper protocol +@see{lua_CFunction}. +Therefore, +calling an arbitrary function in an arbitrary dynamic library +more often than not results in an access violation.) + } @LibEntry{package.path|