q3k 
I would like to thank Jia Tan for authoring the best CTF challenge of the past decade.
| GitHub | https://github.com/qua3k |
| hotel | trivago |
duck
- 92 Followers
- 271 Following
- 39 Posts
unwinding your stack
@matthew_d_green hmm, breaks cpa. the iv doesn’t affect any block but the first
@idkrn @GrapheneOS PartitionAlloc is deeply integrated into the browser and is responsible for type sequestering between different objects types in the browser; I don’t see a path where this can be done without losing a lot of the protection against type confusion with DOM objects
Been working on the Rust allocator recently; ended up delving into the aliasing model with stacked/tree borrows. It’s difficult to write sound multithreaded code with references in the presence of raw pointers, and the lack of view types make for unergonomic code under the strict stacked borrows
The per-location tracking of tree borrows is necessary to be able to use references in a sane way at all without prolific, infectious use of raw pointers that eliminate the utility of the borrow checker. I’d really like to see tree borrows model see wider adoption, especially for allocator authors.
xposted from https://bsky.app/profile/quack.bsky.social/post/3kiein3pftf2h
duck (@quack.bsky.social)
Been working on the Rust allocator recently; ended up delving into the aliasing model with stacked/tree borrows. It’s difficult to write sound multithreaded code with references in the presence of raw pointers, and the lack of view types make for unergonomic code under the strict stacked borrows…
@fay59 @PeterLudemann @madcoder @saagar @regehr
You might be referring to https://s3.us.cloud-object-storage.appdomain.cloud/res-files/3842-lattner.pdf, which cites Hertz and Berger’s doi:10.1145/1103845.1094836
Alex BradburyI wrote a little blog post on storing data in pointers - initially motivated by documenting the impact of >48-bit virtual addresses on such tricks and the various available hardware pointer masking schemes https://muxup.com/2023q4/storing-data-in-pointers Any corrections or additional notes, do let me know!
yomnaIf you're interested in learning how to secure your phone against IMSI-catcher type attacks, here's a blog post covering my team and I's work on Android cellular security features over the last ~3 years https://security.googleblog.com/2023/08/android-14-introduces-first-of-its-kind.html
@whitequark tbf I don’t think the last point is true; the source code is at https://github.com/chromium/chromium/tree/main/chrome/browser/resources/hangout_services
@saagar “what if we deferred deletions”
FélixIt’s been years in the making and we’re finally ready to show the world: don’t miss Yeoul’s EuroLLVM keynote, “-fbounds-safety: enforcing bounds safety for production C code”! https://discourse.llvm.org/t/the-2023-eurollvm-program/69514
The 2023 EuroLLVM Program
The LLVM Foundation is pleased to announce the 2023 EuroLLVM Program! As a reminder, Early Bird Registration ends on April 10th. Keynote Speaker Order out of Chaos, The LLVM Release Process. Tobias Hieta “-fbounds-safety”: Enforcing bounds safety for production C code Yeoul Na Technical Talk Speaker An example of data flow analysis in MLIR Tom Eccles MLIR-based offline memory planning and other graph-level optimizations for xcore.ai Deepak Panickal A Rusty CHERI: Th...