[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: disallow interaction with "outside world"
- From: Roberto Ierusalimschy <roberto@...>
- Date: Thu, 2 Jul 2015 10:33:59 -0300
> I'd be surprised if "while true do end" can break debug hooks, since
> it's not making any C calls. Any time you make a C function available
> though (such as string.rep) you have to watch out that the user can't
> abuse it to overwhelm your app, e.g. with string.rep("a", 99999999) or
> ("a"):rep(9999):rep(9999):rep(9999):rep(9999)...
You do not even need the string library for that. You can write
something like this:
s = "01234567890123456789012345678901234567890123456789"
s = s .. s .. s .. s .. s .. s .. s .. s .. s .. s
s = s .. s .. s .. s .. s .. s .. s .. s .. s .. s
s = s .. s .. s .. s .. s .. s .. s .. s .. s .. s
s = s .. s .. s .. s .. s .. s .. s .. s .. s .. s
s = s .. s .. s .. s .. s .. s .. s .. s .. s .. s
s = s .. s .. s .. s .. s .. s .. s .. s .. s .. s
s = s .. s .. s .. s .. s .. s .. s .. s .. s .. s
s = s .. s .. s .. s .. s .. s .. s .. s .. s .. s
s = s .. s .. s .. s .. s .. s .. s .. s .. s .. s
s = s .. s .. s .. s .. s .. s .. s .. s .. s .. s
No loops, no libraries, no large constants, few instructions...
(It is even portable; it should break many languages :-)
-- Roberto
