en5
|
  |
| Joined: 24 Jul 2012 |
| Total Posts: 50 |
|
|
| 25 Jul 2012 08:59 PM |
I've just found out a new way to crash the game with the recently-discovered ypcall function:
ypcall(coroutine.yield)
Because the wait function itself also yields, it will also work with it:
ypcall(wait)
Now, we don't need to worry anymore about them patching the ManualSurfaceJointInstance thing or anything else. :D
I also know there are many ways to crash the game with bytecode and I remember seeing a bug somewhere about a way to crash the Lua VM by messing in some way with metatables, though I don't know if that'd work on ROBLOX, but probably. |
|
|
| Report Abuse |
|
|
FPGA
|
  |
| Joined: 05 May 2012 |
| Total Posts: 372 |
|
|
| 25 Jul 2012 09:02 PM |
http://www.lua.org/bugs.html
crashes galore |
|
|
| Report Abuse |
|
|
| |
|
aboy5643
|
  |
| Joined: 08 Oct 2010 |
| Total Posts: 5458 |
|
|
| 25 Jul 2012 09:08 PM |
Why? Only we know about it
inb4hackersfindthisanddistributetoskids |
|
|
| Report Abuse |
|
|
| |
|
agent767
|
  |
| Joined: 03 Nov 2008 |
| Total Posts: 4181 |
|
| |
|
agent767
|
  |
| Joined: 03 Nov 2008 |
| Total Posts: 4181 |
|
|
| 25 Jul 2012 09:43 PM |
"I remember seeing a bug somewhere about a way to crash the Lua VM by messing in some way with metatables"
Have fun.
local t = {} t.__newindex = function(s,_,_) print(s) end local lol = {} lol.__newindex = lol setmetatable(lol, t) local crash = setmetatable({}, lol) crash.foo = _ |
|
|
| Report Abuse |
|
|
|
| 25 Jul 2012 09:52 PM |
@agent
inb4youarecoveringup |
|
|
| Report Abuse |
|
|
frenzii
|
  |
| Joined: 24 Jul 2012 |
| Total Posts: 4 |
|
|
| 27 Jul 2012 06:30 PM |
| inb4robloxlockedequalsfalse |
|
|
| Report Abuse |
|
|
|
| 27 Jul 2012 06:53 PM |
So many inb4...
☜▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬☜☆☞▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬☞ - Candymaniac, a highly reactive substance. |
|
|
| Report Abuse |
|
|
oxcool1
|
  |
| Joined: 05 Nov 2009 |
| Total Posts: 15444 |
|
| |
|
| |
|
Joalmo
|
  |
| Joined: 28 Jun 2009 |
| Total Posts: 1160 |
|
| |
|
agent767
|
  |
| Joined: 03 Nov 2008 |
| Total Posts: 4181 |
|
|
| 28 Jul 2012 01:33 AM |
| ^This is soooooo yesterday. |
|
|
| Report Abuse |
|
|
aboy5643
|
  |
| Joined: 08 Oct 2010 |
| Total Posts: 5458 |
|
| |
|
|
| 28 Jul 2012 11:27 AM |
| ^it's the future i can see |
|
|
| Report Abuse |
|
|
Maradar
|
  |
| Joined: 06 Mar 2012 |
| Total Posts: 4478 |
|
|
| 28 Jul 2012 11:33 AM |
| inb4inb4inb4anotherinb4inb4mygodmoreinb4s |
|
|
| Report Abuse |
|
|
stravant
|
  |
 |
| Joined: 22 Oct 2007 |
| Total Posts: 2893 |
|
|
| 28 Jul 2012 12:09 PM |
That is... odd.
I have no idea why calling wait directly would crash it but function(...) return wait(...) end wouldn't. It must have to do with it being a C function, but calling something like ypcall(print) is fine.
|
|
|
| Report Abuse |
|
|
NB3
|
  |
| Joined: 27 Dec 2009 |
| Total Posts: 537 |
|
|
| 28 Jul 2012 01:50 PM |
| Another way to crash a game, this should be a bug, typing in /sc/sc in chat. |
|
|
| Report Abuse |
|
|
|
| 28 Jul 2012 01:53 PM |
| @NB3: Why would you want to crash your own client? |
|
|
| Report Abuse |
|
|
NB3
|
  |
| Joined: 27 Dec 2009 |
| Total Posts: 537 |
|
|
| 28 Jul 2012 02:00 PM |
@TheCapacitor Maybe for ragequit services. This does work in servers. Try going to a public game on roblox, and chat in /sc/sc. |
|
|
| Report Abuse |
|
|
frenzii
|
  |
| Joined: 24 Jul 2012 |
| Total Posts: 4 |
|
|
| 28 Jul 2012 05:07 PM |
| inb4unlockrobloxlocked trolololo |
|
|
| Report Abuse |
|
|
|
| 28 Jul 2012 07:22 PM |
@Stravant
It's because the wait function yields. This is why it also works with coroutine.yield. |
|
|
| Report Abuse |
|
|
stravant
|
  |
 |
| Joined: 22 Oct 2007 |
| Total Posts: 2893 |
|
|
| 28 Jul 2012 07:44 PM |
@Julien. Yup, I know that... what I'm puzzled on is why it would crash in the first place. I can't think of any mechanism that would make that specific thing crash, but no other things that I've tried. |
|
|
| Report Abuse |
|
|
|
| 28 Jul 2012 08:03 PM |
Well, the particularity of ypcall is precisely that it can yield. Yet, it can't directly yield.
If you give it a proxy function to a C function that yields (a function that calls a C function that yields and does nothing else), it doesn't do that. Yet, it should logically do the same thing. The only difference is in the function itself.
It doesn't crash for other C functions either, so this is indeed confusing for me too.
I don't understand why it couldn't call a function that directly yields. |
|
|
| Report Abuse |
|
|