PaX Team · Mar 18, 2018 · 11:58 AM UTC

PaX Team · Mar 18, 2018 · 11:58 AM UTC

PaX Team

PaX Team @paxteam

18 Mar 2018

opal_error_to_human shows how subtle and deep Spectre v1 can go. this one is probably not useful but it shows the evolving power of our Spectre v1 static analysis tool. only 2600+ instances to go through ;).

Mar 18, 2018 · 11:58 AM UTC

Scott Bauer | sbauer@infosec.exchange · Mar 18, 2018 · 2:59 PM UTC

Scott Bauer | sbauer@infosec.exchange @ScottyBauer1

18 Mar 2018

Replying to @paxteam

That's code I maintain. Would you suggest hardening that function in anyway?

PaX Team · Mar 18, 2018 · 9:10 PM UTC

PaX Team @paxteam

18 Mar 2018

you can always use array_index_nospec yourself but honestly, doing all these changes by hand will never scale and it should be done by the compiler instead (which is where we're going).