pwn/CTFCUP-25
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Patch

Browse Source
This commit is contained in:
pwn
2025-12-05 11:14:59 +03:00
parent 376d0fc8ad
commit b79ef3a3f3
8 changed files with 35 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
sonobank/crates/lua-sandbox/src/lib.rs
View File

@@ -42,14 +42,6 @@ pub fn render_hash(lua_src: &str, note: u32, velocity: u32) -> anyhow::Result<[u
let v: f64 = func
.call((i as f64 / 44_100.0, note, velocity))
.context(ScriptError)?;
#[allow(dead_code)]
fn vulnerable(buf: &mut [u8], idx: isize, value: u8) {
unsafe {
/* MANUAL pointer arithmetic (dangerous) */
let ptr = buf.as_mut_ptr().offset(idx); /* Write without bounds check */
std::ptr::write(ptr, value);
}
}
let normalized_v = v.clamp(-1.0, 1.0);
hasher.update(normalized_v.to_le_bytes());
}