LuaJIT knows the C types it defines, and the lengths of the arrays, but it doesn't check the bounds:
ffi = require("ffi")
ten_ints = ffi.typeof("int [10]")
p1 = ten_ints()
print(ffi.sizeof(p1)) -- 40
var_ints = ffi.typeof("int [?]")
p2 = ffi.new(var_ints, 10)
print(ffi.sizeof(p2)) -- 40
p1[1000000] = 1 -- segfault
p2[1000000] = 1 -- segfault
Is there a way to make it do that, or is my only choice to write wrappers?
Short answer: There is no way, you'll have to write/find your own wrapper.
Here is the explanation from luajit.org
No Hand-holding!
[...] The FFI library provides no memory safety, unlike regular Lua code. It will happily allow you to dereference a NULL pointer, to access arrays out of bounds or to misdeclare C functions. If you make a mistake, your application might crash, just like equivalent C code would. This behavior is inevitable, since the goal is to provide full interoperability with C code. Adding extra safety measures, like bounds checks, would be futile. [...] Likewise there's no way to infer the valid range of indexes for a returned pointer. Again: the FFI library is a low-level library.