A journey through everything I've published, organized over time.
A logic bug in V8's Inline Cache subsystem that leads to type confusion via incorrect element kind handling for JSArgumentsObject, enabling hole leak and arbitrary read/write.
Type to search for articles, tutorials, and ideas...