ZeroBrane Studio Bug Bounty

23 Jul 2013 [Update 10/18/2013] The bounty was for a specific issue with ZeroBrane Studio IDE (as documented below) and not for any problem related to this website.

[Update 10/04/2013] The bounty has been withdrawn as the issue appears to be fixed. If you can still reproduce it with the current master, please leave a comment.

Bug bounty programs are nothing new; Google, Mozilla, Microsoft and many others use them to find security vulnerabilities and bugs (and these program are reported to be cost effective). There has been an issue in ZeroBrane Studio that have been bugging me for almost two months, so I decided to offer a bounty for it.

I offer $250 dollars to the first person who can figure out what's causing the bug and I'll add $150 if you can provide a fix for it (so $400 USD total for a fix), payable via PayPal or as an Amazon giftcard. All the source code for ZeroBrane Studio is available on github and the code for wxwidgets and wxlua is available as well.

The details of the crash as well as associated stack traces are available in this ticket. Please use the ticket for discussion.

The bug only happens under Windows 7 64bit. I have received several reports of the same crash happening on different computers, all running Windows 7 64bit. I also have several users who use the same system, but have never experienced this crash. The crash most likely happens when typing text and is likely to be related to auto-complete, but I have so far been unable to reproduce it.

There are some strange things showing up on the stack trace that I've discussed with John Labenski (the author of wxlua). I can provide wx.dll built with debug information (it's rather large, 186M) or you can build one yourself using this build script (run it as bash build-win32.sh wxwidgets lua wxlua debug). Note that you don't need to build anything else and can run ZeroBrane Studio from a cloned repository.

The fix has to include code that can be applied to ZeroBrane Studio or upstream (wxlua or wxwidgets) to eliminate the issue. The bounty will not be awarded if it is illegal to do so.

You should get a copy of my slick ZeroBrane Studio IDE. Posted by Paul Kulchenko on Tuesday, July 23, 2013 at 7:01 PM

Filed in zerobrane | Tagged lua, zerobrane

Related Entries

• Jan 14 2016Torch debugging with ZeroBrane Studio17
• Jan 5 2016Redis Lua debugging with ZeroBrane Studio0
• Dec 22 2015Debugging Mashape Kong plugins with ZeroBrane Studio0
• Jul 9 2014ZeroBrane Studio in black0
• Jun 21 2014Moonscript debugging with ZeroBrane Studio0
• Jun 17 2014Lapis debugging with ZeroBrane Studio0
• May 12 2014Debugging OpenResty and Nginx Lua scripts with ZeroBrane Studio12
• Apr 6 2014Debugging Adobe Lightroom plugins with ZeroBrane Studio17
• Mar 19 2014Corona on-device debugging with ZeroBrane Studio0
• Feb 28 2014Gideros on-device debugging with ZeroBrane Studio0
• Dec 7 2013Saving debugging output to a file0
• Dec 3 2013Lua package managers and integration with ZeroBrane Studio2
• Nov 29 2013Remote file editing while debugging0
• Nov 27 2013Debugging on Vera devices with ZeroBrane Studio2
• Sep 26 2013Real-time watches with ZeroBrane Studio1
• Sep 10 2013ZeroBrane Studio LuaJIT, Lua5.2 and luasocket changes0
• Sep 8 2013Clone view plugin for ZeroBrane Studio0
• Jul 25 2013Cocos2d-x simulator and on-device debugging with ZeroBrane Studio10
• Jul 22 2013ZeroBrane Studio in seven languages0
• Jun 22 2013Scope aware variable indicators4
• Jun 14 2013Debugging embedded code fragments1
• Feb 11 2013Marmalade Quick debugging with ZeroBrane Studio8
• Feb 10 2013Debugging and live coding with Corona SDK14
• Jan 14 2013Fixing malformed UTF-8 in Lua0
• Dec 27 2012Getting started and FAQ for ZeroBrane Studio0
• Dec 27 2012Gideros live coding: a simple example1
• Dec 10 2012ZeroBrane Studio is one year old7
• Dec 10 2012GSL-shell script debugging1
• Nov 20 2012Live coding with Moai16
• Nov 20 2012ZeroBrane Studio in Zenburn and Tomorrow colors13
• Nov 7 2012ZeroBrane Studio in your language0
• Nov 5 2012Debugging Wireshark Lua scripts2
• Oct 30 2012Tragedy of the Commons and open source projects14
• Oct 23 2012Amazon Payments doesn't support "pay-what-you-want" models1
• Oct 11 2012Gideros live coding with ZeroBrane Studio10
• Oct 8 2012Gideros debugging with ZeroBrane Studio13
• Oct 2 2012500 downloads in 30 days4
• Sep 19 2012Packaging ZeroBrane Studio as OSX app0
• Sep 6 2012Moai debugging with ZeroBrane Studio26
• Aug 21 2012Live coding with Löve0
• Jun 28 2012Löve debugging with ZeroBrane Studio13
• Jun 12 2012Alphanum sorting for humans in Lua0
• Jun 2 2012Serpent: Lua serializer and pretty printer4
• May 31 2012Live coding in Lua with ZeroBrane Studio4
• May 28 2012The 'Flame' malware using Lua?0
• Apr 22 2012Working with Gist API from Lua0
• Apr 10 2012HTTPS/SSL calls with Lua and LuaSec11
• Mar 31 2012Dynamic execution of embedded gists0
• Mar 25 2012Lua: Good, bad, and ugly parts27
• Mar 20 2012Can Lua be faster than JavaScript in a browser?0
• Mar 16 2012Drawing on browser canvas with Lua2
• Jan 20 2012Drawing outside of OnPaint with wxWidgets0
• Jan 18 2012Drawing trees with turtles0
• Dec 18 2011Lua beautifier in 55 lines of Perl4

2 Comments

Hint: the auto-complete-crash also occurs in Max-OSX 10.8.4

Helmut | September 1, 2013 10:00 AM @Helmut, do you have a way to reproduce it or a stack trace? Is it on the latest master? There were several defects that could lead to a hang during auto-complete, but no known crash defects and I could not reproduce this on OSX even once. If you have more details, please email them to me (the address is at the very bottom of this page).

Paul Kulchenko replied to comment from Helmut | September 1, 2013 8:32 PM