Time  Nick       Message
01:25 p_gimeno   ah here's my discussion about sandboxing: https://love2d.org/forums/viewtopic.php?p=221790#p221790
01:26 p_gimeno   it's not really love specific, the only love specific calls are love.filesystem.load (to load a file using PhysFS, but that's not necessary here) and love.event.quit to exit.
01:28 p_gimeno   love.filesystem.load works like Lua's loadfile
01:32 p_gimeno   it's probably a moot point, unless someone uses deserialize on user input as discussed (I doubt anyone does, but the possibility is scary).
07:34 p_gimeno   about #9369: setfenv(f, safe and {loadstring = function() end} or env) - don't create the table on the fly, that's a waste of resources
07:34 ShadowBot  https://github.com/minetest/minetest/issues/9369 -- Fix misleading documentation on minetest.deserialize(). by luk3yx
07:38 p_gimeno   oh maybe the table is necessary, but the function definitively isn't
07:52 p_gimeno   but either both tables are created on the fly, or none is. Does the function need an environment shared between calls?
07:52 p_gimeno   the function -> the code to deserialize
08:57 sfan5      p_gimeno: the environment does not need to be shared, but there's no reason to recreate it since it doesn't change
08:57 sfan5      however...
09:00 sfan5      > =deserialize("x = 12344")
09:00 sfan5      nil
09:00 sfan5      > =deserialize("return x")
09:00 sfan5      12344
09:00 sfan5      ..is what happens if you don't recreate the environment
09:00 p_gimeno   yes that was my thought too
09:02 p_gimeno   maybe: safe_env = setmetatable({loadstring = ...}, {__newindex = function() error("Deserialized functions can't create globals") end}
09:02 p_gimeno   )
09:04 sfan5      what if you modify the loadstring global? is there anything you can do using a function object?
09:05 p_gimeno   an empty one? not that I know
09:05 p_gimeno   you could destroy it for subsequent callers though (DoS)
09:06 sfan5      well this also goes for the non-safe env, can you modify a function without replacing the reference itself?
09:06 p_gimeno   functions are immutable if that's what you mean
09:08 sfan5      Hope that's 100% true and not just "true unless you do weird things with it"
09:09 sfan5      (the debug library can edit functions after they exist, but that's not available here of course)
09:10 p_gimeno   can it? I thought it could modify upvalues, not code
09:11 sfan5      that's what I was thinking of
09:12 p_gimeno   yeah, not without debug.setupvalue/setlocal
09:45 p_gimeno   I can't help wondering why deserialize needs access to loadstring
09:48 sfan5      it supports serializing functions
09:48 sfan5      but in practice that doesn't work anyway since mod security forbids you to load bytecode
09:55 p_gimeno   I'm curious about something. In the nested loadstring call, is loadstring treated as an upvalue or as a global? in the latter case, wouldn't it reference the current environment, infinitely recursing on loadstring()?
09:56 p_gimeno   that would solved by localizing them: local loadstring, setfenv = loadstring, setfenv
10:03 p_gimeno   tested, it seems to work as expected by referencing the environment at definition time
10:08 rubenwardy Loadstring isn't called in the serialised string
10:08 rubenwardy The serialised string is a Lua function which returns the table
10:08 rubenwardy Without the function syntax
10:09 rubenwardy Nested tables are done using a companion table
10:09 sfan5      https://github.com/minetest/minetest/blob/master/builtin/common/serialize.lua#L121
10:10 rubenwardy That should not be supported
10:11 rubenwardy From the beginning
10:11 rubenwardy Why was that considered a good idea
20:11 Andrey01   hello, I`m currently playing around Irrlicht Engine and I have some issues: the animated node looks like very jerky and surprisingly the node disappears if it is at edge of the camera view range
20:12 Andrey01   does anybody know how to solve these issues? here is a code: https://ufile.io/n6kb0kt7
21:45 paramat    will merge trivial game#2588 in 2 hours
21:45 ShadowBot  https://github.com/minetest/minetest_game/issues/2588 -- Fix simple bed height, make player lay down just above it, not inside it by paramat
23:51 Wuzzy      any ideas on how to make an unit test for pathfinder?
23:52 Wuzzy      pathfinder relies on a real existing world with real nodes, so it seems a pathfinder unit test would first have to get access to a dummy world ... tricky. what do you think?