jaytea commented on a Page, DnD Roller  -  Dec 07, 2010

The boring part is that the so called reasons are left unexplained.

haha alright. as much as i love 'the sound of my own voice', i just tend to feel a bit silly typing long and technical explanations that people often overlook let alone try to understand. but for you Jethro, i'd be happy to elaborate :P

the space before $1 is actually insignificant, it's the space before $2 that makes the difference. look what $str() produces here:

//tokenize 32 3 3 | echo -a $str(+$r(1, $2), $1)

as you can see, a string of +$r(1, <value of $2>) is generated. in the overall construction $calc( [ $str( ... ) ] ), the evaluation brackets force $str() to evaluate early, and the result is passed to $calc(). it is as if we used the following:

//echo -a $calc( +$r(1, 3)+$r(1, 3)+$r(1, 3) )

which, of course, works properly. but since we're interested in the general case, in which $2 could presumably take on any value, consider what happens if $2 is a larger number, say 1000. +$r(1, 1000) is 12 characters; the length limit imposed on the return value of any identifier is 4,150; thus the maximum value for $1 if we're rolling a 1000 sided dice is floor(4150 / 12) = 345.

in the alternative form, where the space before $2 is eliminated, look what $str() produces instead:

//tokenize 32 3 3 | echo -a $str(+$r(1,$2), $1)

$2 is left unevaluated. +$r(1,$2) is 9 characters, and so $1 can now be up to floor(4150 / 9) = 461 for $1 = 1000.

the increase in the permissible value of $1 is really a side issue (how often do you expect to roll over 300 dice?) - the main disadvantage that including the space has is that it allows code in $2 to be evaluated. for example:

//tokenize 32 3 $!finDfile(.,*,1,$+(echo,$chr(32),oops!)) | echo -a $!1- is $1- | echo -a $calc( [ $str(+$r(1, $2), $1) ] )

this happens because now, as before, it is as if this were used:

//echo -a $calc( +$r(1, $finDfile(.,*,1,$+(echo,$chr(32),oops!)))+$r(1, $finDfile(.,*,1,$+(echo,$chr(32),oops!)))+$r(1, $finDfile(.,*,1,$+(echo,$chr(32),oops!))) )

which makes it easier to see what actually happened. that's why i suggested removing the space - i'm quite conscious about providing code that i know to be exploitable :P

 Respond  
Are you sure you want to unfollow this person?
Are you sure you want to delete this?
Click "Unsubscribe" to stop receiving notices pertaining to this post.
Click "Subscribe" to resume notices pertaining to this post.