Does it know that the initial pointer probe succeeded (which depends heavily on the body of the except block)?
-
-
That's what I'm suspicious about. If it does, than it's WAI and I'm impressed :) but otherwise I can imagine invalid ...
1 reply 0 retweets 1 like -
... ptrs being accessed due to this opt, even if initial sanitization failed. Probably only READs though, so no big deal
1 reply 0 retweets 1 like -
It knows st != STATUS_SUCCESS if lpInput == NULL, so on all other paths lpInput != NULL. I'll ask VC team to confirm :)
1 reply 1 retweet 1 like -
Replying to @epakskape @gynvael
Sure, but != NULL doesn't mean "valid user-mode". Does it know that if lpInput is in the kernel, then !NT_SUCCESS(st)?
1 reply 0 retweets 1 like -
If no, I guess it could potentially allow reading invalid r0 ptrs (=>DoS even with try/except), with the right construct
1 reply 0 retweets 1 like -
Compiler doesn't know about UM/KM semantics, just knows lpInput is valid. Probe rules guarantee st != SUCCESS if it fails.
2 replies 0 retweets 1 like -
Btw, this was the best resource I was able to dig up about VC instruction scheduling: https://msdn.microsoft.com/en-us/magazine/dn973015.aspx …
2 replies 4 retweets 8 likes -
Replying to @epakskape @gynvael
thanks, I'll check it out and experiment some more when I find some spare time. :)
1 reply 0 retweets 1 like -
Turns out this was related to inlining. Not obvious from the bin. Either way, compiler doesn't know about probe semantics.
1 reply 1 retweet 2 likes
I see. Thanks for following up.
-
-
I also think some optimization are removed on try/except blocsk specifically because of compiler bugs on kernel
0 replies 0 retweets 1 likeThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.