Commit Graph

34 Commits

Author SHA1 Message Date
Thomas Watson dc4d1bacdd AP_Scripting: adjust string metatable setup to fix sandbox integrity
In Lua, strings are the only type that come with a default metatable.
The metatable must be shared by all string objects, and it is set to be
the `string` library table each time that library is opened. In
Ardupilot's scripting engine, the last script to load then has access to
the string metatable as the library is opened fresh for each script, as
its `string` library will have been set to the metatable.

Therefore, if two scripts are loaded, A first and B second, and script B
executes e.g. `string.byte = "haha"`, then `string.byte()` and
`s:byte()` for script B are broken. Because the metatable is shared,
this also breaks `s:byte()` for script A, which violates the integrity
of the sandbox.

Fix the issue by disabling the metatable setup functionality when the
string libary is opened, then manually opening an additional copy of the
library (which won't be given to any script) and setting it as the
string metatable during intialization.

This will break any script that modifies the string metatable for
constructive purposes, but such a script could have been broken if it
weren't the only script running anyway.
2024-07-30 10:54:00 +10:00
Thomas Watson 3a834e83c7 AP_Scripting: reference script environment directly
Referencing the original function to run is of questionable value and
the only user uses it to grab the script environent from the upvalues.

Instead, use a reference to the script environment table directly.
2024-07-30 10:33:56 +10:00
Andrew Tridgell 188df1312d AP_Scripting: fixed float register save/restore in setjmp/longjmp
the register save must happen before the setjmp() call, which means
outside of the LUAI_TRY() macro. We also should be saving all 32
floating point registers
2024-05-15 06:47:44 +10:00
Iampete1 b7dd432409 AP_Scripting: allow loading moduels from ROMFS 2024-02-27 10:17:43 +11:00
Andrew Tridgell f8097379cb AP_Scripting: prevent a code path to abort() in scripting
if scripting can't find an error handler it can call abort(). We don't
ever want to do that in ArduPilot
2024-02-21 12:09:48 +11:00
Andrew Tridgell b3240ac243 AP_Scripting: use gmtime_r() instead of gmtime()
using gmtime_r makes gmtime thread safe
2024-02-21 12:09:48 +11:00
bugobliterator a497c06e83 AP_Scripting: stash and restore FPU register context in LUAI_TRY
this fixes an issue where a lua library function triggers an exception
after it does a math operation which changes the floating point
registers on M7 MCUs (such as STM32H7). An example is math.random()
which calls math_random(), which pre-calculates a double value before
checking if the arguments to the call are valid. When it then checks
and finds invalid values the exception longjmp does not restore the
floating point registers.
2023-07-07 07:51:02 +10:00
bugobliterator 306b14d8dc AP_Scripting: add require with sandbox inheritence 2023-04-28 12:36:08 +10:00
Andrew Tridgell 615838a7d4 AP_Scripting: ensure new user data is zero
this prevents use of uninitialised data for user objects created in
lua, giving more predictable behaviour
2023-03-10 14:13:55 +11:00
Andrew Tridgell 2863f3954b AP_Scripting: remove support for loading binary luac
this saves about 2k of flash
2022-11-28 06:23:29 +11:00
Andrew Tridgell 65746de112 AP_Scripting: enable load() function in lua scripts
can be used to parse user supplied lua
2022-11-28 06:23:29 +11:00
Andrew Tridgell 7a03160590 AP_Scripting: capitalise the SCR_HEAP_SIZE parm 2022-10-31 15:14:27 +11:00
Andrew Tridgell b5b1aee954 AP_Scripting: fixed use of clock and time in lua
not available on stm32
2022-10-06 10:45:49 +11:00
Hwurzburg 72a927343a AP_Scripting: make LUA memory panic more helpful 2021-08-09 16:34:09 +10:00
Andrew Tridgell ba45d32c7e AP_Scripting: avoid a error in lua with gcc 10.2 on STM32 with -Werror 2021-08-04 15:48:23 +10:00
Andy Piper a592d76866 AP_Scripting: fix compile on clang 10 2020-11-25 09:28:06 +11:00
Andrew Tridgell c8e604a730 AP_Scripting: fixed gcc 9.x build 2020-11-13 14:30:11 +11:00
Michael du Breuil 1a1a5e69dd AP_Scripting: Add setmetatable back to the lua sandbox 2020-10-27 10:25:56 +11:00
Andy Piper 9fef5b1e94 AP_Scripting: remove compile errors and warnings 2020-09-22 09:37:02 +10:00
Andrew Tridgell e9a4a74e7b AP_Scripting: suppress cast-align warnings in Lua interpreter
this is externally maintained code that makes heavy use of casting
2020-07-10 13:31:27 +10:00
Andrew Tridgell 6222649e37 AP_Scripting: avoid build warnings 2020-04-28 10:32:23 +10:00
Michael du Breuil 75b133926f AP_Scripting: Cleanups to remove false posive warnings 2020-03-28 21:16:09 +11:00
bugobliterator edaf9fa086 AP_Scripting: remove unused user of realloc from lua 2020-03-24 10:32:14 +11:00
Michael du Breuil c1a599d0bd AP_Scripting: Reduce memory associated with the sandbox 2020-02-18 10:38:09 +11:00
Andrew Tridgell b577787f68 AP_Scripting: use AP_Filesystem API 2019-08-27 15:40:43 +10:00
Michael du Breuil 6e7367b86f AP_Scripting: Reduce lua stack usage 2019-07-19 09:34:05 +09:00
Michael du Breuil 17e258d347 AP_Scripting: Reenable file IO 2019-04-26 08:07:19 +10:00
Michael du Breuil f1d5269f9e AP_Scritping: remove more libraries from the sandbox 2019-04-11 23:03:20 -07:00
Michael du Breuil c3e11fd34d AP_Scripting: Reduce stack allocated buffer size to reduce warnings
about large frame size
2019-02-01 14:31:05 -07:00
Michael du Breuil d38dde82fe Lua: revert including lmem 2018-12-31 19:25:23 -07:00
Michael du Breuil 19a8c5a6ed AP_Scripting: Run multiple scripts at once 2018-11-14 01:41:35 +00:00
Michael du Breuil beaa069082 AP_Scripting: Disable lua coroutines 2018-10-30 16:17:03 -07:00
Michael du Breuil e421599e4f AP_Scripting: Hide lua IO for now 2018-10-09 10:08:52 +11:00
Michael du Breuil 513e5946bb AP_Scripting: Add Lua 5.3.5 source 2018-10-09 10:08:52 +11:00