Table.freeze vulnerability

Bug Reports Engine Bugs
,
#1

I was just playing with the ‘table’ library, and then realized that i can unfreeze a frozen table.


local t = table.freeze({
	Var1 = "foo",
	Var2 = "bar"
})

function unfreeze(Table: {any})
	local unfrozen = {}
	local function deepCopy(tb: {any})
		local copied = {}
		for i,v in tb do
                        local val = v
			if type(val) == "table" then
				val = deepCopy(val)
			end
			copied[i] = val
		end
		return copied
	end
	
	for i,v in deepCopy(Table) do
		unfrozen[i] = v
	end
	
	return unfrozen
end

local success, result = pcall(function()
	t.Var1 = "bar"
	t.Var2 = "foo"
end)

print(success, result)


local success1, result1 = pcall(function()
	local tableUnfrozen = unfreeze(t)
	tableUnfrozen.Var1 = "bar"
	tableUnfrozen.Var2 = "foo"
	print(tableUnfrozen)
end)

print(success1, result1)

Expected behavior

the error says, that the frozen table is ‘read-only’, however, i can do a for i,v in frozenTable do loop.

#2

Oh yea, i also forgot to provide a proof:
image

#3

What you did is you read table and created new one. It was always possible…

2 Likes
#4

Oh, i just didn’t realized that for i,v in t loop just reads the table.

1 Like
#5

All you did was copy a table. The original one is still frozen.

1 Like
#6

Yeah. I just realized that. Thanks!

1 Like
#7