HoratioGamer
HoratioGamer
>> JVM converts the byte to an int int to a byte maybe? byte = int & 0xFF ? Ok, I guess that works, if one never uses =, signs...
The reason I cannot see an exploit is, the List remains true even if nothing over 256 can be accessed, it is what is executed after 256 strings that is...
Got a general strategy for an exploit of a String Array Overflow flaw in starscript to write a script that executes as a different script because of the flaw. The...
Thought of and eliminated a fix using constant.add("") so the first constant is an unused empty string, unless there is a string counter overflow, and then have all strings over...
I determined that I did not explain this well enough, edits above.
Oddly enough, this flaw was not exploitable when Jump instructions could not jump more than 256 characters of code.... https://github.com/MeteorDevelopment/starscript/issues/15#issue-1886408123 because the main ternary that allows the exploit would code...