Error sinks are a way of accumulating errors from API calls related or unrelated into 1 unified error handling pattern. The implementation of a sink requires 2 fundamental design constraints on the APIs supporting this pattern.
Pipelining of errors
Errors emitted over the course of several API calls are accumulated into a sink which save the error code and message of the first error encountered
| Complete stuff: | |
| https://xmonader.github.io/letsbuildacompiler-pretty/ | |
| Lexers + DFAs: | |
| https://gist.github.com/pervognsen/218ea17743e1442e59bb60d29b1aa725 | |
| Parsing: | |
| https://eli.thegreenplace.net/2012/08/02/parsing-expressions-by-precedence-climbing | |
| Backend: |
Official patch: https://chromium-review.googlesource.com/c/v8/v8/+/4584248
Patch come from KeyedStoreIC::StoreElementHandler(), it returns fast path code(Turbofan builtin) for keyed store depends on "receiver_map" and "store_mode". Based on the content of this function is all about element STORE, I personally believe that this is an OOB writes vulnerability.
If we divide the PoC exploration into two parts based on this func, they are:
| # Reverse-mode automatic differentiation | |
| import math | |
| # d(-x) = -dx | |
| def func_neg(x): | |
| return -x, [-1] | |
| # d(x + y) = dx + dy | |
| def func_add(x, y): |
