https://bugs.exim.org/show_bug.cgi?id=2509
--- Comment #8 from Zoltan Herczeg <[email protected]> --- - I would not add a new function (sljit_emit_ijump_target_start) to emit ENDBR instructions, I would add a new constant to sljit_emit_op0: https://github.com/zherczeg/sljit/blob/master/sljit_src/sljitLir.h#L844 The other cpus should emit no instruction when this constant is passed. Furthermore, if we want to add this to the sljit project, we need to make its tests compatible with it as well. https://github.com/zherczeg/sljit/blob/master/test_src/sljitTest.c - If I understand correctly, we don't need the ebp specific changes anymore. - I would like to understand the shadow stack a bit more. Isn't it dangerous to update the return address all the time? For example, how should it prevent the following attack in theory: Somebody overwrites the callout function of a pattern in memory, and indirectly call this function using a custom pattern. Then he destroys the stack with random values, because he knows that if he jumps back the compiled pattern, it will restore the shadow stack for him. Can this be prevented at all? Normal functions generated by GCC has such cleanup code as well? How does CET affect fast calls? https://github.com/zherczeg/sljit/blob/master/sljit_src/sljitLir.h#L681 -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/pcre-dev
