Comment by Dylan16807

2 days ago

> It's not exploitable.

The article doesn't say it is.

> It's an exploit mitigation, in fact.

The article made that clear.

> It's not a bug; it's intentional that it works this way.

What is "this way"? Trap or jump? If you're saying a jump is supposed to count as a trap, it's a pretty bad one. It still allows a lot of jumps to the padding to continue and execute valuable code.

3 comments

Dylan16807

Reply
JdeBP  2 days ago

[flagged]

  • Dylan16807  2 days ago

    It says why it jumps over nops in the middle of a function. No explanation for jumping backwards at the end of a function.

    And it replaces the nops with int3. Not another jump. This code keeps stacking d4.

  • MayeulC  2 days ago

    Putting instructions that halt execution in unreachable parts of the code would make sense, but this is just a jump with a fixed offset, which may technically still be exploitable.

    If trap instructions are not possible, I would at least try to make it an unconditional jump to create an infinite loop.