lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

For security issues, I'd blame the person generating code using malicious foreign input and then running it or passing it around. There are less elaborate ways to be exploited.

Let me bikeshed. I can't picture a normal file that needs more than say, 100. Someone that wants 10,000 should think of new solutions, and I would advocate a shorter limit. Then again, I've only ever written lua for humans.

On Fri, Dec 14, 2018 at 3:33 PM Andrew Gierth <> wrote:
>>>>> "dyngeccetor8" == dyngeccetor8  <> writes:


 dyngeccetor8> Sadly, link now points to current version.

I don't think this is quite right for the case where the string starts
with \r not followed by \n.

According to the docs, long strings don't preserve the exact bytes of
newline sequences, but they recognize any of \r, \n, \r\n, \n\r as being
newlines. So if the string starts with \r alone, your code does not
insert a \n, and the \r will be eaten when reading the string back in.
If on the other hand you added a \n, then the \n\r would still be
treated as a single newline, and it would still be eaten.

I think what you need to do is: if the first character of the string is
either \r or \n, then duplicate it.