Lua global "load" still accepts bytecode

[hce]

As I understand it, LuaContext's load function only accepts source code to ensure rust's safety semantics cannot be violated by a potentially unpredictable/(faulty behaving when presented with specially crafted input) C function.

• Looks like from Lua itself, the global "load" function still accepts bytecode.

• For a project of mine, I compile Lua scripts to bytecode, embed them in the project, and then load them back. Circumventing that limitation by tapping into globals() and retrieving the load function from there.

-> I think the ability to load bytecode should be removed from Lua globals, and maybe string.dump as well.
-> But, to compensate for that loss, I think both functions should be exposed to the rust API as unsafe {} calls?

Do you agree? If yes, I could submit a pull request.

[jugglerchris]

Hi,

I think we might accept that the Lua load function will accept bytecode (I'm going via @kyren 's comment
#172 (comment) point 5, talking about not trying to patch over every unsafe thing Lua can do), though the Lua constructor should be unsafe.

But I agree that a (probably still unsafe) function to load bytecode from the Rust API seems reasonable.

string.dump seems safe, though, and is fairly easy to call from Rust.

[jugglerchris]

This has been fixed as part of #236.

• The load etc. functions by default are wrapped to only load Lua source
• unsafe Chunk::into_function_allow_binary() allows loading compiled Lua functions.

[IoIxD]

The load etc. functions by default are wrapped to only load Lua source

The docs suggest otherwise, though. In fact, that part of the docs seems outdated in general.

How would one NOW go about turning Lua bytecode into a function?

[IoIxD]

My mistake, there was a different issue with my code; the bytecode wasn't properly getting loaded in the proc macro I made that embeds said Lua code. As it would turn out, the docs are correct on that front.

However the docs also suggest using eval without any generic parameters, which would suggest they are outdated.

[jugglerchris]

Hi. I think the examples are correct (at least the first couple I looked at), and would fail the doctests if they weren't.
Instead of passing the type parameter, it's being inferred from the type of the variable the result is being assigned to:

let add2: Function = lua_context.load(r#"
    function(a)
        return a + 2
    end
"#).eval()?;

Or I might not be looking at the same one as you!