| Firstly thanks for sharing this with everyone. I've read over this paragraph a few times now and I'm really struggling to see how their protections don't defend against the described issues - "There are two problems that could occur; the base and result address may belong to two different regions, and the base address may not even exist in a valid region." "the base and result address may belong to two different regions" if addr >= region.guest_base && addr < region_end(region) Surely region_end(region) stops it belonging to two different regions, as you're using one region in the for loop? I'm probably being thick! "the base address may not even exist in a valid region." Again surely if the addr < region_end(region) this would ensure it's within a valid region? Is there any other info you can provide so that my simple brain can understand? |