In Lua, strings are the only type that come with a default metatable.
The metatable must be shared by all string objects, and it is set to be
the `string` library table each time that library is opened. In
Ardupilot's scripting engine, the last script to load then has access to
the string metatable as the library is opened fresh for each script, as
its `string` library will have been set to the metatable.
Therefore, if two scripts are loaded, A first and B second, and script B
executes e.g. `string.byte = "haha"`, then `string.byte()` and
`s:byte()` for script B are broken. Because the metatable is shared,
this also breaks `s:byte()` for script A, which violates the integrity
of the sandbox.
Fix the issue by disabling the metatable setup functionality when the
string libary is opened, then manually opening an additional copy of the
library (which won't be given to any script) and setting it as the
string metatable during intialization.
This will break any script that modifies the string metatable for
constructive purposes, but such a script could have been broken if it
weren't the only script running anyway.
Referencing the original function to run is of questionable value and
the only user uses it to grab the script environent from the upvalues.
Instead, use a reference to the script environment table directly.
Some bits of the code in the require machinery use the `lua_ref` to
access the script environment. However, this can change after the script
is rescheduled and it returns an arbitrary function to run next.
Resolve this by introducing `run_ref` which is specifically a reference
to the function to run next. `lua_ref` is preserved for the script
lifetime.
Move the string checks into the load functions to avoid duplicating it
for each binding.
Also sync up the return types to avoid an unnecessary conversion.
Saves ~1.5K.
The Lua stack is guaranteed to have at least LUA_MINSTACK (default 20)
slots upon entry to C. Check to see if we might need more than that
minimum and only in that case call the function to check and resize the
stack. In virtually all cases the check can then be optimized away.
Additionally remove the redundant "Out of stack" message. Lua already
says "stack overflow" and a null message is valid.
Saves ~330B.
Put documentation with each bitmask and use the object directly. Node ID
range checks can be removed as the bitmask itself checks and we don't
expect to trip them.
Substantially cleans up the code.
The StorageManager read_block/write_block methods only return failure if
an out of bounds access is performed. Assert statically that this does
not happen.
Also remove the now-impossible failed to add node state.