U+2009 (Thin Space) causes chat filter to yield forever

I was testing different character codes to see if spammers can abuse them, and some of them seemed to cause FilterStringAsync/GetChatForUserAsync to yield forever, which likely leaks memory on the server.
20210217_200428_232_RobloxPlayerBeta

The default chat script doesn’t let you input this character, and after reading through some of the code it’s not obvious how.

It only happens with just one character, otherwise it successfully fails the chat filter. You can get this character using print(">\226\128\137<")

6 Likes

If I understand this correctly and you’re able to cause a memory leak on any ROBLOX server then this is a pretty big vulnerability and thus should be reported more privately such as on hackerone.

I don’t really think it’s a great idea to post this publicly and have exploiters develop scripts that take advantage of this bug.

2 Likes

Was about to say the same. This isn’t the type of thing I would post publicly. It can easily be abused to crash game servers.

1 Like

The scope of what a hacker can do is pretty limited. The leak is likely a very small fixed amount of memory for each message (depending on the chat script implementation), and server side flood checks should prevent it from getting serious. It could be worse depending on what’s happening on the C++ side.

You can’t easily crash a server with this. Maybe it would cause a crash you spammed on multiple accounts for days.

I haven’t properly tested it. I just noticed that one string consistently failing to load without an error.

5 Likes

This might be a similar case to how if enough blank space messages are sent, the chat filter breaks for a short while on whatever server it’s done on (I’ve seen this in action a few times, at least 2-3 people spam messages full of regular spacebar spaces until they get timed out by the game, by which time the chat filter will be stuck for a good 15-30 seconds. It’s more noticable/lasts longer on games with faster chats like busy flex your account age servers, where the filter has to keep up with all the regular chats coming in too)

1 Like

Thanks for the report! We’ve filed a ticket to our internal database and we’ll follow up when we have an update for you.

5 Likes

This issue is still not resolved.
It also happens with ideographic space (U+3000). You can get it using print(">" .. utf8.char(0x3000) .. "<").

1 Like