i just started to analysis this function, interesting....https://twitter.com/pwn_expoit/status/1237404487469260801 …
-
-
Replying to @raycp2
The purpose of this commit is to prevent elimination of NumberLessThan nodes, which is a way to circumvent aborting bound checks. I discussed an example on the
@doar_e blog : https://doar-e.github.io/blog/2019/05/09/circumventing-chromes-hardening-of-typer-bugs/ …3 replies 0 retweets 8 likes
They started with this commit last year :
https://chromium-review.googlesource.com/c/v8/v8/+/1460461 …
It's interesting to see that now there are changes in BuildElementAccess and ReduceJSCreateArray (as @pwn_expoit tweeted about)
5:18 AM - 11 Mar 2020
0 replies
0 retweets
3 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.