If you can already subvert the flow of execution enough to jump somewhere you shouldn't be, you probably have better targets elsewhere in the binary than a conditional branch.
Certainly true if you control the entire value; but if you can only flip a bit or two then this does provide a trampoline to increase the exploits range.
Probably more of a "stick it in the toolbox for automatic use" rather than building an exploit around it type of situation however.
A common exploit technique is to use what’s called “Return Oriented Programming” to jump to different locations throughout the file to trigger little “ROP gadget” instruction combos to accomplish what you need to do.
If you can already subvert the flow of execution enough to jump somewhere you shouldn't be, you probably have better targets elsewhere in the binary than a conditional branch.
Certainly true if you control the entire value; but if you can only flip a bit or two then this does provide a trampoline to increase the exploits range.
Probably more of a "stick it in the toolbox for automatic use" rather than building an exploit around it type of situation however.
A common exploit technique is to use what’s called “Return Oriented Programming” to jump to different locations throughout the file to trigger little “ROP gadget” instruction combos to accomplish what you need to do.
You have almost, with that statement, figured out what this really is and why it is there.
* https://news.ycombinator.com/item?id=44970832