st4rk st4rk
eboda
/ exploit.js
Last active
September 14, 2021 13:20
Exploit for Chakrazy challenge from PlaidCTF 2017 - ChakraCore exploit
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //////////////////////////////////////////////////////////////////////////// | |
| // | |
| // The vulnerability was that the following line of code could change the type of the | |
| // underlying Array from JavascriptNativeIntArray to JavascriptArray: | |
| // | |
| // spreadableCheckedAndTrue = JavascriptOperators::IsConcatSpreadable(aItem) != FALSE; | |
| // | |
| // As can be seen in the provided .diff, the check for whether the type of the pDestArray has changed | |
| // was removed. If the aItem then is not a JavascriptArray, the following code path is taken: | |
| // else |
didito
/ Games_Threading
Created
December 20, 2016 21:59
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Parallelizing the Naughty Dog engine using fibers by Christian Gyrling | |
| http://www.swedishcoding.com/wp-content/uploads/2015/03/parallelizing_the_naughty_dog_engine_using_fibers.pdf | |
| id Tech 5 Challenges | |
| From Texture Virtualization to Massive Parallelization by J.M.P. van Waveren | |
| http://s09.idav.ucdavis.edu/talks/05-JP_id_Tech_5_Challenges.pdf | |
| Doom3 BFG Source Code Review: Multi-threading by Fabien Sanglard |