Corsix.org

1) Causing the currently running function to be garbage collected
By using bytecode manipulation, a function's upvalues can point to all instances of that function (i.e. the local in which it is stored, and the stack slot it is placed in while being called), and thus cause them all to become nil. If the function then forces a GC cycle, then it will be collected while still running, leading to a segfault:
See full post for code sample

2) Accessing other function's locals
The VM call instruction is traditionally done at the top of the stack. However, through bytecode manipulation, it can be done in the middle of the stack, and then after the call is complete, any locals used by the called function will be left at the top of the stack. If a C function was called, then its locals could be used to cause a segfault:
See full post for code sample

3) Upvalue name array is assumed to be either complete, or absent
Through bytecode manipulation, an incomplete upvalue name array can be present, which can then lead to a segfault when the interpreter tries to access an element of the array which is not present:
See full post for code sample

4) LoadString()'s return value is not always checked for NULL
When loading a string in a binary chunk, LoadString returns NULL for zero-length strings (all string constants contain a null-terminator, and are therefore at least length 1), which in one case is not checked for and leads to a segfault:
See full post for code sample

A month or two ago, I got an array of new PC parts, shown above.

So, after a massive onslaught of spam recently, it's time for some different anti-spam measures:

1. Disable new comments (to prevent more spam while the problem is addressed)
2. Do some code hacking so that spam can be deleted alot quicker
3. Go through every blog entry and determine which comments are spam
4. Disable the reCAPATCHA module
5. Install a new anti-spam module like Mollom
6. Re-enable comments

To conclude GHOP (the Google Highly Open Participation Contest) 2007/8, I have enjoyed the company of the other GHOP grand prize winners, and related parents and mentors (including Adam "aclight" Light, the mentor representing Drupal), here in sunny California for the last few days. They have been a brilliant few days which I wll not forget for a very long time. More details (and photos) after the jump.

Having never been to North America before, it now seems I'm going twice in the space of a month;

• June 2008 - Relic Open House in Vancouver, BC, Canada
• July 2008 - Google Highly Open Participation Contest Prizegiving in Mountain View, California

The latter I've posted on before, but the former is new. It seems I won Relic's Biggest Fan Contest 2008 (for those of you who don't know, Relic is a video game developer). Apparently I wrote ~50,000 lines of C++ for this program called Mod Studio for modding Relic games. I'm not totally sure; the details are a bit fuzzy ;)

Anyway, in a few weeks time I'll be flying off to Vancouver for 4 days and enjoying the company of some Relic people and RelicNews people. Should be fun.

Relic games store their entity/building/squad/etc. attributes in Lua files. They have alot of Lua files, all of which look something like this:

If you want to create an editor like their official Lua Attribute Editor, then you need to build an inheritance tree out of all those Inherit calls in all those files. The official editor is known for being slow, but I believe I've found a nice fast way to build it.

I've been playing around with Lua (my current favourite dynamic language) in two areas of late: Quines (programs who print their own source code when run), and mod_wombat - a Lua module for Apache2.

First off, a quine:

That one is a port of a classic C quine from Wikipedia over to Lua:

I'm currently trying the Drupal-6-dev branch of the Askimet module to try and block the comment spam which has been building up lately. If you have any problems posting legitimate comments, drop me an email (myname@myname.org, myname=corsix).

---

Edit 1: Nope, had to disable askimet as it was generating fatal errors when trying to post a comment (although the comments do get posted).

---

Edit 2: Changed to reCAPTCHA to help fight spam and digitise books. This seems to be working, although I'll test askimet again once the Drupal 6 branch is stable, as I would prefer not to force users into completing a CAPTCHA in order to post.

The following line of code, entered into a Lua 5.1.x (<= 5.1.3) interpreter, can cause the interpreter to crash/segfault:

loadstring(string.dump(function()return;end):gsub("\30%z\128",'"\0\0',1))()

Note that this only works on standard builds of Lua where virtual machine instructions are expressed in 32 bit little endian integers. So, for example, you can make Company of Heroes crash by entering equivalent code into its console. Read on for a description of why this causes a crash.

---

Edit: Another related, albeit different crash-causing line: (Which makes it two bugs I've found)

loadstring(string.dump(function(...)a,b,c,d=...;a=1;end):gsub("e%z\128\2.....",'\2@\128\0"\0\128\0$'))()