John M McIntosh wrote:
> Ah, I'll note that the squeak VM really hasn't been hardened against 
> attack, it's much less paranoid than the VW VM.
> In many places we might pass a ByteArray and a length, where the length 
> is calculated from the ByteArray in Smalltalk however
> nothing prevents someone from making that VM call with a bogus ByteArray 
> and length and see if something interesting will happen.

Which places are that?

Cheers,
   - Andreas