|
|
|
|
|
|
by phire
699 days ago
|
|
|
Probably not. R8 is 0x9c in that example, which is somewhat typical for null+offset, but in the twitter thread it's 0xffff9c8e0000008a. So the actual bug is further back. It's not a null pointer dereference, but it somehow results in the mov r8, [rax+r11*8] instruction reading random data (could be anything) into r8, which then gets used as a pointer. Maybe this is a use-after-free? |
|
|